mirror of
https://github.com/sonr-io/common.git
synced 2026-01-12 04:09:13 +00:00
79 lines
2.2 KiB
Go
79 lines
2.2 KiB
Go
package revoke
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"errors"
|
|
"net/url"
|
|
)
|
|
|
|
// ParseCertificatePEM parses and returns a PEM-encoded certificate,
|
|
// can handle PEM encoded PKCS #7 structures.
|
|
func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error) {
|
|
certPEM = bytes.TrimSpace(certPEM)
|
|
cert, rest, err := ParseOneCertificateFromPEM(certPEM)
|
|
if err != nil {
|
|
// Log the actual parsing error but throw a default parse error message.
|
|
return nil, NewError(CertificateError, ParseFailed)
|
|
} else if cert == nil {
|
|
return nil, NewError(CertificateError, DecodeFailed)
|
|
} else if len(rest) > 0 {
|
|
return nil, WrapError(CertificateError, ParseFailed, errors.New("the PEM file should contain only one object"))
|
|
} else if len(cert) > 1 {
|
|
return nil, WrapError(CertificateError, ParseFailed, errors.New("the PKCS7 object in the PEM file should contain only one certificate"))
|
|
}
|
|
|
|
return cert[0], nil
|
|
}
|
|
|
|
// ParseOneCertificateFromPEM attempts to parse one PEM encoded certificate object,
|
|
// either a raw x509 certificate or a PKCS #7 structure possibly containing
|
|
// multiple certificates, from the top of certsPEM, which itself may
|
|
// contain multiple PEM encoded certificate objects.
|
|
func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error) {
|
|
block, rest := pem.Decode(certsPEM)
|
|
if block == nil {
|
|
return nil, rest, nil
|
|
}
|
|
|
|
cert, err := x509.ParseCertificate(block.Bytes)
|
|
if err != nil {
|
|
var pkcs7data *PKCS7
|
|
|
|
if pkcs7data, err = ParsePKCS7(block.Bytes); err != nil {
|
|
return nil, rest, err
|
|
}
|
|
|
|
if pkcs7data.ContentInfo != "SignedData" {
|
|
return nil, rest, errors.New(
|
|
"only PKCS #7 Signed Data Content Info supported for certificate parsing",
|
|
)
|
|
}
|
|
|
|
certs := pkcs7data.Content.SignedData.Certificates
|
|
if certs == nil {
|
|
return nil, rest, errors.New("PKCS #7 structure contains no certificates")
|
|
}
|
|
|
|
return certs, rest, nil
|
|
}
|
|
|
|
return []*x509.Certificate{cert}, rest, nil
|
|
}
|
|
|
|
// We can't handle LDAP certificates, so this checks to see if the
|
|
// URL string points to an LDAP resource so that we can ignore it.
|
|
func ldapURL(uri string) bool {
|
|
u, err := url.Parse(uri)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
if u.Scheme == "ldap" {
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|