Skip to content

Commit

Permalink
feat: parse x509 certs in pem format when base64 encoded
Browse files Browse the repository at this point in the history
  • Loading branch information
livio-a committed Aug 21, 2024
1 parent 5b47709 commit 05ceb3c
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
16 changes: 9 additions & 7 deletions pkg/provider/signature/certificates.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,29 +7,31 @@ import (
"encoding/base64"
"encoding/pem"
"fmt"
"regexp"
"strings"

"github.com/amdonov/xmlsig"
dsig "github.com/russellhaering/goxmldsig"
)

func ParseCertificates(certStrs []string) ([]*x509.Certificate, error) {
var certs []*x509.Certificate
certs := make([]*x509.Certificate, len(certStrs))

regex := regexp.MustCompile(`\s+`)
for _, certStr := range certStrs {
certStr = regex.ReplaceAllString(certStr, "")
for i, certStr := range certStrs {
certStr = strings.TrimSpace(certStr)
certStr = strings.TrimPrefix(strings.TrimSuffix(certStr, "-----ENDCERTIFICATE-----"), "-----BEGINCERTIFICATE-----")
certBytes, err := base64.StdEncoding.DecodeString(certStr)
if err != nil {
return nil, fmt.Errorf("failed to parse PEM block containing the public key")
return nil, fmt.Errorf("failed to decode certificate:" + err.Error())
}
block, _ := pem.Decode(certBytes)
if block != nil {
certBytes = block.Bytes
}
parsedCert, err := x509.ParseCertificate(certBytes)
if err != nil {
return nil, fmt.Errorf("failed to parse certificate: " + err.Error())
}
certs = append(certs, parsedCert)
certs[i] = parsedCert
}

return certs, nil
Expand Down
8 changes: 8 additions & 0 deletions pkg/provider/signature/certificates_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,14 @@ func TestCertificates_ParseCertificates(t *testing.T) {
false,
},
},
{
"certificate out of metadata (PEM)",
[]string{"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHVENDQXdHZ0F3SUJBZ0lVSmdXK1d2dTVGUkdQc2xIWnR2bzdja2p1NnVzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hERWFNQmdHQTFVRUF3d1JaMmwwYUhWaVgyVnVkR1Z5Y0hKcGMyVXdIaGNOTWpRd05URTRNVGswTURBMwpXaGNOTXpRd05URTJNVGswTURBM1dqQWNNUm93R0FZRFZRUUREQkZuYVhSb2RXSmZaVzUwWlhKd2NtbHpaVENDCkFpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTUtmTUNSbVlWUkxqeC9zQlRqSXBIckkKT3R0RElXd1Z4ZWtaZUN2YnJoR2RJeDdkNi9GbDZwOWwrWVNnQm9WVm00L0U0c2F3YVBBSEhTVWFKU3gwcGlicgo1TUFUcko5STVLVUNRRzRQSEdMN1MyQWVVQ3Nxbmo5NzlsbnRLaytyYTBqSkVFSlNJdGNvSEN2MlFCelFPelU5CmZUV0UyazRMQSs5ZlBjeHd2VFFLQTBwenNvZE81dGs5WitrR09mclVnUUVDK091Z0V1dHgwUTN6azJLdG9qVkcKWk5GWktkOGVVcm5YWHBhc2RmYXVMZUMwWUdBV21pUnh6TmhCUlNreFowVWNNRkpreWNFb1hEZHNXT0tCMCt1WQpMVHE2OEI5RUtBOEp1Q0pNTmRTQ3Z6Rm5mNGlVOWpxQ2syOEMzTW5ldWtJSzlpN0U2RVJrdHFJY2M3OTdlaWhKClZaQlIzRUhVanRpTjBsZVNGVnkwM3g0a1Z6RzM1dEJGcjMrek1BUTkwOHJCVjduY3J1czV3RXE3TWJyNE5PUXYKVGRqZUpZSitJczBEak9YQW5oejdIbGFmd3Y4N0lpWkU1SDZDTHI2ak5pazFreFpRbVRRbjhkR1BDZTRtVjdrdQpuV0ZNLzVMbEhBU2kwSVpCZlEzcDV0ZGdHaDNwTlNaRzFCQkg3dXVIdy9uUHdNRXhNSFVPZWp3RUVzN0kySlBQCkNWaGF4Nkl6UDJWVWYyZ1FHNmlzOUFVQm5Qc2MzMzUyZzE0VVlBRU5iSnhzeTNJdUptaDg4L2duZkhhNXZHaEwKZHkxa1J4TlVFYlpJeFI1V2JHSTl4cmx1K3Q3WVdIY0gzWjdzQ1NNbCt4a3VTeHpzQ0dxNURERzlHeEZDKzdJQgpDa2ZGOC9hTmNQSnZpdEFYS2xMbEFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUmIyd1ZCVzlzOXkzR0dUQk1QCm9zMkJJMFgvY0RBZkJnTlZIU01FR0RBV2dCUmIyd1ZCVzlzOXkzR0dUQk1Qb3MyQkkwWC9jREFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElDQVFCV2dQSFFvVGZkU1l4cHJtVStzQXV1UnNKZwpTL1ZrSlczN2xrMVhYV1lUUktXMHc5UU1wSFNob083TEIxaXFRQjRMVXFEYjJid3Bac0ppQ2d3WWpvZlljaUNjClY1dC9zMGxhVW02VjB4ZUR0SzdPN2RZQU5iZUc5eXhhSWxEVTVzQTZJZkpSOVdoQWhLVy9uVUZ2LzdjWkNYWUYKRVpXTHJCcytkMk42NFAwOTdnNENzOFJ5V3pQZHMrTE14UmhXU3hoY3RFQ011dWlLNys4Z2k2dnpxYVh1cmV1RQp5Rko0L0kwR3FZOEF1NmdoQTVzSm9sTWxBU2tWUzIvb2xzVllHOStad0tvWEcyUWxnWFpaMVhWeTNaVkdKSC9BCndneXZkTWtneUVGMncybjRUc0lkd3ZTM2thbzUzc0t3aXRpNlVYOHZoMEtvY2Q1WkRHeS81WHBpamFPbmpIejMKSTNGeGxNS3JmUWlJMWp4NmdTcUFLb2x1UlpmZ1RmQ2FjUkFRMUZvTWhZOXdnaFY2bEZFR2xXeHdqUUVJYlJXUQpuajIybXNGcFhPY283MCs4VGp5Q3BCWjl2SFpSZ0ZGSHBEM1dPSWxvdjBYeTdzLzMrTlMvZDlpc3ZwVzJyLzViCjRIYUV0bTdFYlpyck5WS014aEprSnByT3owRjMva2QxMnRrRFY4aDZuazBuVi8wTm13V2dDRjRFVDVpK2ZWYXAKNlcrNCtaZTA1dzZRVkY3Tnl0TFFjNGdMZi8rRk51NWFPMVBwUSt0ZXlRV01VUzJ2N05Id0ZDcEQ0UnNPVHNvbgp5cU5tejRSWTM5dnliSC9VRk5WZFlTMVVOdGF5eTdONWJPS1JwSnBLLzU0QlBuYnJaOS9CcWx6S25HSWQ3Q0V1Ckxxb2ZCOGN4dTVBM2RQc0ViQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"},
res{
1,
false,
},
},
{
"certificate out of metadata base64 error",
[]string{"MIICvDCCAaQCCQD6E8sQ2usjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVt\neXNlcnZpY2UuZXhhbXBsZS5jb20wHhcNMjIwMjE3MTQwNjM5WhcNMjMwMjE3MTQw\nNjM5WjAgMR4wHAYDVQQDDBVteXNlcnZpY2UuZXhhbXBsZS5jb20wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7XKdCRxUZXjdqVqwwwOJqc1Ch0nOSmk+U\nerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWcWAHJloqZ7GBS7NpDhzV8\nG+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2gIfsYPs3TTq1sq7oCs5q\nLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+aEkyRh07oMpXBEobGisfF\n2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7Lfgq7oxmv/8LFi4Zopr5\nnyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v4cxTNPn/AgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBAJYxROWSOZbOzXzafdGjQKsMgN948G/hHwVuZneyAcVo\nLMFTs1Weya9Z+snMp1u0AdDGmQTS9zGnD7syDYGOmgigOLcMvLMoWf5tCQBbEukW\n8O7DPjRR0XypChGSsHsqLGO0B0HaTel0HdP9Si827OCkc9Q+WbsFG/8/4ToGWL+u\nla1WuLawozoj8umPi9D8iXCoW35y2STU+WFQG7W+Kfdu+2CYz/0tGdwVqNG4Wsfa\nwWchrS00vGFKjm/fJc876gAfxiMH1I9fZvYSAxAZ3sVI//Ml2sUdgf067ywQ75oa\nLSS2NImmz5aos3vuWmOXhILd7iTU+BD8Uv6vWbI7I1M=\n"},
Expand Down

0 comments on commit 05ceb3c

Please sign in to comment.