diff options
author | Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2020-10-29 14:03:25 +0100 |
---|---|---|
committer | Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2020-11-02 15:15:18 +0100 |
commit | 9879e0147fc076114c7226bd6130d25c14770639 (patch) | |
tree | 2a43ea6723cfc4e4caf325155061bdb90d5990e1 /certServiceK8sExternalProvider/src/x509/x509_utils.go | |
parent | a622e8871c9bea86aff16ffe5ae021abe08326fe (diff) |
[OOM-K8S-CERT-EXTERNAL-PROVIDER] Filter not supported CSR properties
Align EJBCA config with OOM
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I8ab73c84415e1ea1b09b6210ffbf84386315f9eb
Diffstat (limited to 'certServiceK8sExternalProvider/src/x509/x509_utils.go')
-rw-r--r-- | certServiceK8sExternalProvider/src/x509/x509_utils.go | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/certServiceK8sExternalProvider/src/x509/x509_utils.go b/certServiceK8sExternalProvider/src/x509/x509_utils.go index b2530132..e1e887f0 100644 --- a/certServiceK8sExternalProvider/src/x509/x509_utils.go +++ b/certServiceK8sExternalProvider/src/x509/x509_utils.go @@ -27,14 +27,16 @@ import ( "fmt" ) -// decodeCSR decodes a certificate request in PEM format and returns the +const ( + PemCsrType = "CERTIFICATE REQUEST" + pemPrivateKeyType = "PRIVATE KEY" +) + +// decodeCSR decodes a certificate request in PEM format func DecodeCSR(data []byte) (*x509.CertificateRequest, error) { - block, rest := pem.Decode(data) - if block == nil || len(rest) > 0 { - return nil, fmt.Errorf("unexpected CSR PEM on sign request") - } - if block.Type != "CERTIFICATE REQUEST" { - return nil, fmt.Errorf("PEM is not a certificate request") + block, err := decodePemBlock(data, PemCsrType) + if err != nil { + return nil, fmt.Errorf("error decoding CSR PEM: %v", err) } csr, err := x509.ParseCertificateRequest(block.Bytes) if err != nil { @@ -46,16 +48,30 @@ func DecodeCSR(data []byte) (*x509.CertificateRequest, error) { return csr, nil } -// encodeX509 will encode a *x509.Certificate into PEM format. -func EncodeX509(cert *x509.Certificate) ([]byte, error) { - caPem := bytes.NewBuffer([]byte{}) - err := pem.Encode(caPem, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}) +func DecodePrivateKey(data []byte) (interface{}, error) { + block, err := decodePemBlock(data, pemPrivateKeyType) + if err != nil { + return nil, fmt.Errorf("error decoding Private Key PEM: %v", err) + } + key, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { - return nil, err + return nil, fmt.Errorf("error parsing Private Key: %v", err) } - return caPem.Bytes(), nil + return key, nil } +func decodePemBlock(data []byte, pemType string) (*pem.Block, error) { + block, rest := pem.Decode(data) + if block == nil || len(rest) > 0 { + return nil, fmt.Errorf("unexpected PEM") + } + if block.Type != pemType { + return nil, fmt.Errorf("PEM is not: %s", pemType) + } + return block, nil +} + + func ParseCertificateArrayToBytes(certificateArray []string) ([]byte, error) { buffer := bytes.NewBuffer([]byte{}) for _, cert := range certificateArray { |