aboutsummaryrefslogtreecommitdiff
path: root/x509util
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-10 20:08:29 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-10 20:08:29 +0100
commit5cce667a8b4a63b3a01c606ca423e96e23afde6a (patch)
tree36296e84392b5066121792338d5a329182df9367 /x509util
parent998b68425f2c5e09ac37d864dfc3ead2b7163e09 (diff)
minor refactoring
Diffstat (limited to 'x509util')
-rw-r--r--x509util/x509util.go92
1 files changed, 40 insertions, 52 deletions
diff --git a/x509util/x509util.go b/x509util/x509util.go
index 37688ad..e67b7b5 100644
--- a/x509util/x509util.go
+++ b/x509util/x509util.go
@@ -9,15 +9,40 @@ import (
"io/ioutil"
)
+// LoadCertificates loads a PEM-encoded list of certificates from file
+func LoadCertificates(path string) ([]*x509.Certificate, error) {
+ pem, err := ioutil.ReadFile(path)
+ if err != nil {
+ return nil, fmt.Errorf("failed reading certificate chain: %v", err)
+ }
+ return NewCertificateList(pem)
+}
+
// LoadTrustAnchors loads a list of PEM-encoded certificates from file
func LoadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error) {
- rest, err := ioutil.ReadFile(path)
+ pem, err := ioutil.ReadFile(path)
if err != nil {
return nil, nil, fmt.Errorf("failed reading trust anchors: %v", err)
}
+ anchorList, err := NewCertificateList(pem)
+ if err != nil || len(anchorList) == 0 {
+ return nil, nil, fmt.Errorf("failed parsing trust anchors: %v", err)
+ }
+ return anchorList, NewCertPool(anchorList), nil
+}
- pool := x509.NewCertPool()
- var anchors []*x509.Certificate
+// LoadEd25519SigningKey loads an Ed25519 private key from a given path
+func LoadEd25519SigningKey(path string) (ed25519.PrivateKey, error) {
+ data, err := ioutil.ReadFile(path)
+ if err != nil {
+ return nil, fmt.Errorf("failed reading private key: %v", err)
+ }
+ return NewEd25519PrivateKey(data)
+}
+
+// NewCertificateList parses a block of PEM-encoded certificates
+func NewCertificateList(rest []byte) ([]*x509.Certificate, error) {
+ var certificates []*x509.Certificate
for len(rest) > 0 {
var block *pem.Block
block, rest = pem.Decode(rest)
@@ -25,35 +50,29 @@ func LoadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error)
break
}
if block.Type != "CERTIFICATE" {
- return nil, nil, fmt.Errorf("unexpected PEM block type: %s", block.Type)
+ return nil, fmt.Errorf("unexpected pem block type: %v", block.Type)
}
certificate, err := x509.ParseCertificate(block.Bytes)
if err != nil {
- return nil, nil, fmt.Errorf("invalid trust anchor before rest(%s): %v", rest, err)
+ return nil, fmt.Errorf("failed parsing x509 certificate: %v", err)
}
-
- anchors = append(anchors, certificate)
- pool.AddCert(certificate)
+ certificates = append(certificates, certificate)
}
-
- if len(anchors) == 0 {
- return nil, nil, fmt.Errorf("found no valid trust anchor in: %s", path)
- }
- return anchors, pool, nil
+ return certificates, nil
}
-// LoadEd25519SigningKey loads an Ed25519 private key from a given path
-func LoadEd25519SigningKey(path string) (ed25519.PrivateKey, error) {
- data, err := ioutil.ReadFile(path)
- if err != nil {
- return nil, fmt.Errorf("failed reading private key: %v", err)
+// NewCertPool returns a new cert pool from a list of certificates
+func NewCertPool(certificates []*x509.Certificate) *x509.CertPool {
+ pool := x509.NewCertPool()
+ for _, certificate := range certificates {
+ pool.AddCert(certificate)
}
- return ParseEd25519PrivateKey(data)
+ return pool
}
-// ParseEd25519PrivateKey parses a PEM-encoded private key block
-func ParseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
+// NewEd25519PrivateKey creates a new ed25519 private-key from a PEM block
+func NewEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
block, rest := pem.Decode(data)
if block == nil {
return nil, fmt.Errorf("pem block: is empty")
@@ -77,37 +96,6 @@ func ParseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
}
}
-// LoadChain loads a PEM-encoded certificate chain from a given path
-func LoadChain(path string) ([]*x509.Certificate, error) {
- blob, err := ioutil.ReadFile(path)
- if err != nil {
- return nil, fmt.Errorf("failed reading certificate chain: %v", err)
- }
- return ParseChain(blob)
-}
-
-// ParseChain parses a PEM-encoded certificate chain
-func ParseChain(rest []byte) ([]*x509.Certificate, error) {
- var chain []*x509.Certificate
- for len(rest) > 0 {
- var block *pem.Block
- block, rest = pem.Decode(rest)
- if block == nil {
- break
- }
- if block.Type != "CERTIFICATE" {
- return nil, fmt.Errorf("unexpected pem block type: %v", block.Type)
- }
-
- certificate, err := x509.ParseCertificate(block.Bytes)
- if err != nil {
- return nil, fmt.Errorf("failed parsing x509 certificate: %v", err)
- }
- chain = append(chain, certificate)
- }
- return chain, nil
-}
-
// ParseDerChain parses a list of DER-encoded X.509 certificates, such that the
// first (zero-index) string is interpretted as an end-entity certificate and
// the remaining ones as the an intermediate CertPool.