-
Notifications
You must be signed in to change notification settings - Fork 0
/
certificateManagerDefault.go
111 lines (102 loc) · 2.88 KB
/
certificateManagerDefault.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package talisman
import (
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/hex"
"encoding/pem"
"github.com/rs/zerolog/log"
"io/ioutil"
"os"
"regexp"
"strings"
)
type DefaultCertificateManager struct {
CertificateBasePath string
}
func (c DefaultCertificateManager) Inspect(request InspectRequest) (*InspectResponse, error) { // construct cert and private key paths
certBasePath := strings.TrimRight(c.CertificateBasePath, string(os.PathSeparator))
certPath := strings.Join([]string{certBasePath, request.CommonName + ".pem"}, string(os.PathSeparator))
keyPath := strings.Join([]string{certBasePath, request.CommonName + "-key.pem"}, string(os.PathSeparator))
// read cert and key
DebugVerbose("opening cert file")
certFile, err := os.Open(certPath)
if err != nil {
log.Error().Err(err).Msgf("could not load certificate:")
return nil, err
}
DebugVerbose("opening key file")
keFile, err := os.Open(keyPath)
if err != nil {
log.Error().Err(err).Msgf("could not load key:")
return nil, err
}
DebugVerbose("reading cert")
certBytes, err := ioutil.ReadAll(certFile)
if err != nil {
log.Error().Err(err).Msgf("could not read certificate:")
return nil, err
}
DebugVerbose("reading key")
keyBytes, err := ioutil.ReadAll(keFile)
if err != nil {
log.Error().Err(err).Msgf("could not read key:")
return nil, err
}
DebugVerbose("decoding PEM cert")
certBlock, rest := pem.Decode(certBytes)
if len(rest) > 0 {
log.Error().Err(err).Msgf("malformed certificate")
return nil, err
}
DebugVerbose("decoding PEM key")
keyBlock, rest := pem.Decode(keyBytes)
if len(rest) > 0 {
log.Error().Err(err).Msgf("malformed key")
return nil, err
}
// parse the private key
DebugVerbose("determining key type")
keyType := regexp.MustCompile("\\s+").Split(keyBlock.Type, -1)[0]
var bitSize int
switch keyType {
case "EC":
DebugVerbose("parsing EC private key")
var pk *ecdsa.PrivateKey
pk, err = x509.ParseECPrivateKey(keyBlock.Bytes)
if err != nil {
log.Error().Err(err).Msgf("could not parse key:")
return nil, err
}
bitSize = pk.Params().BitSize
case "RSA":
DebugVerbose("parsing RSA private key")
var pk *rsa.PrivateKey
pk, err = x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
if err != nil {
log.Error().Err(err).Msgf("could not parse key:")
return nil, err
}
bitSize = pk.Size()
default:
return nil, KeyTypeNotSupportedErr{Type: keyType}
}
// parse the certificate
DebugVerbose("parsing cert")
var cert *x509.Certificate
cert, err = x509.ParseCertificate(certBlock.Bytes)
if err != nil {
log.Error().Err(err).Msgf("could not parse certificate:")
return nil, err
}
return &InspectResponse{
KeyType: keyType,
KeyBitSize: bitSize,
Subject: cert.Subject.String(),
Signature: hex.EncodeToString(cert.Signature),
Emails: cert.EmailAddresses,
Expiry: cert.NotAfter,
CertPath: certPath,
KeyPath: keyPath,
}, nil
}