Checkpoint
This commit is contained in:
@@ -18,7 +18,8 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.maze.io/maze/styx/internal/log"
|
||||
"git.maze.io/maze/styx/logger"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
// Supported key types.
|
||||
@@ -36,6 +37,62 @@ const (
|
||||
pemTypeAny = "PRIVATE KEY"
|
||||
)
|
||||
|
||||
// DecodeRoots loads all PEM encoded certificates from b.
|
||||
func DecodeRoots(b []byte) (*x509.CertPool, error) {
|
||||
var (
|
||||
pool = x509.NewCertPool()
|
||||
rest = b
|
||||
block *pem.Block
|
||||
)
|
||||
for {
|
||||
if block, rest = pem.Decode(rest); block == nil {
|
||||
break
|
||||
} else if block.Type == pemTypeCert {
|
||||
cert, err := x509.ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
} else if cert.IsCA {
|
||||
pool.AddCert(cert)
|
||||
}
|
||||
}
|
||||
}
|
||||
return pool, nil
|
||||
}
|
||||
|
||||
// LoadRoots loads a certificate authority bundle.
|
||||
func LoadRoots(roots string) (*x509.CertPool, error) {
|
||||
if strings.Contains(roots, "-----BEGIN CERTIFICATE") {
|
||||
logger.StandardLog.Trace("Parsing X.509 certificates")
|
||||
return DecodeRoots([]byte(roots))
|
||||
}
|
||||
var b []byte
|
||||
i, err := os.Stat(roots)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
} else if i.IsDir() {
|
||||
logger.StandardLog.Value("path", roots).Trace("Loading X.509 certificates from *.crt *.pem")
|
||||
for _, ext := range []string{"*.crt", "*.pem"} {
|
||||
var files []string
|
||||
if files, err = filepath.Glob(filepath.Join(roots, ext)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
for _, file := range files {
|
||||
var v []byte
|
||||
if v, err = os.ReadFile(file); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
b = append(b, v...)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
logger.StandardLog.Value("path", roots).Trace("Loading X.509 certificates")
|
||||
if b, err = os.ReadFile(roots); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return DecodeRoots(b)
|
||||
}
|
||||
|
||||
// LoadKeyPair loads a certificate and private key, certdata and keydata can be a PEM encoded block or a file.
|
||||
//
|
||||
// If [keydata] is empty, then the private key is assumed to be contained in [certdata].
|
||||
@@ -44,23 +101,23 @@ func LoadKeyPair(certdata, keydata string) (cert *x509.Certificate, key crypto.P
|
||||
keydata = certdata
|
||||
}
|
||||
if strings.Contains(certdata, "-----BEGIN "+pemTypeCert) {
|
||||
log.Trace().Msg("parsing X.509 certificate")
|
||||
logger.StandardLog.Trace("Parsing X.509 certificate")
|
||||
if cert, err = decodePEMBCertificate([]byte(certdata)); err != nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
log.Trace().Str("name", certdata).Msg("loading X.509 certificate")
|
||||
logger.StandardLog.Value("name", certdata).Trace("Loading X.509 certificate")
|
||||
if cert, err = LoadCertificate(certdata); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
if strings.Contains(keydata, pemTypeAny+"-----") {
|
||||
log.Trace().Msg("parsing private key")
|
||||
logger.StandardLog.Trace("Parsing private key")
|
||||
if key, err = decodePEMPrivateKey([]byte(keydata)); err != nil {
|
||||
return
|
||||
}
|
||||
} else if key, err = LoadPrivateKey(keydata); err != nil {
|
||||
log.Trace().Str("name", keydata).Msg("loading private key")
|
||||
logger.StandardLog.Value("name", keydata).Trace("Loading private key")
|
||||
return
|
||||
}
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user