From f23cfc9c46bf40f10f52c6a5f1898624bd3a808e Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 3 Nov 2020 10:45:32 +0100 Subject: moved x509 chain loading to stfe package --- .type.go.swp | Bin 16384 -> 0 bytes client/add-entry/main.go | 31 ++----------------------------- x509.go | 31 +++++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 29 deletions(-) delete mode 100644 .type.go.swp diff --git a/.type.go.swp b/.type.go.swp deleted file mode 100644 index 9599d98..0000000 Binary files a/.type.go.swp and /dev/null differ diff --git a/client/add-entry/main.go b/client/add-entry/main.go index 56e0ec4..9047529 100644 --- a/client/add-entry/main.go +++ b/client/add-entry/main.go @@ -5,10 +5,8 @@ import ( "flag" "fmt" - "crypto/x509" "encoding/base64" "encoding/json" - "encoding/pem" "io/ioutil" "net/http" @@ -62,11 +60,7 @@ func params() ([]byte, []byte, error) { } func setup() (*client.Client, error) { - blob, err := ioutil.ReadFile(*chain) - if err != nil { - return nil, fmt.Errorf("failed reading certificate chain: %v", err) - } - c, err := parseChain(blob) + c, err := stfe.LoadChain(*chain) if err != nil { return nil, fmt.Errorf("failed loading certificate chain: %v", err) } @@ -76,7 +70,7 @@ func setup() (*client.Client, error) { return nil, fmt.Errorf("failed loading key: %v", err) } - blob, err = ioutil.ReadFile(*operators) + blob, err := ioutil.ReadFile(*operators) if err != nil { return nil, fmt.Errorf("failed reading log operators: %v", err) } @@ -96,24 +90,3 @@ func setup() (*client.Client, error) { } return client.NewClient(log, &http.Client{}, c, &k), nil } - -func parseChain(rest []byte) ([]*x509.Certificate, error) { - var chain []*x509.Certificate - for len(rest) > 0 { - var block *pem.Block - block, rest = pem.Decode(rest) - if block == nil { - break - } - if block.Type != "CERTIFICATE" { - return nil, fmt.Errorf("unexpected pem block type: %v", block.Type) - } - - certificate, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, fmt.Errorf("failed parsing x509 certificate: %v", err) - } - chain = append(chain, certificate) - } - return chain, nil -} diff --git a/x509.go b/x509.go index 491c049..e7a45e6 100644 --- a/x509.go +++ b/x509.go @@ -104,6 +104,37 @@ func GenV1STH(ld *LogParameters, th *TreeHeadV1) (*StItem, error) { return NewSignedTreeHeadV1(th, ld.LogId, sig), nil } +// LoadChain loads a PEM-encoded certificate chain from a given path +func LoadChain(path string) ([]*x509.Certificate, error) { + blob, err := ioutil.ReadFile(path) + if err != nil { + return nil, fmt.Errorf("failed reading certificate chain: %v", err) + } + return ParseChain(blob) +} + +// ParseChain parses a PEM-encoded certificate chain +func ParseChain(rest []byte) ([]*x509.Certificate, error) { + var chain []*x509.Certificate + for len(rest) > 0 { + var block *pem.Block + block, rest = pem.Decode(rest) + if block == nil { + break + } + if block.Type != "CERTIFICATE" { + return nil, fmt.Errorf("unexpected pem block type: %v", block.Type) + } + + certificate, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, fmt.Errorf("failed parsing x509 certificate: %v", err) + } + chain = append(chain, certificate) + } + return chain, nil +} + // ParseB64Chain parses a list of base64 DER-encoded X.509 certificates, such // that the first (zero-index) string is interpretted as an end-entity // certificate and the remaining ones as the an intermediate CertPool. -- cgit v1.2.3