aboutsummaryrefslogtreecommitdiffstats
path: root/certServiceK8sExternalProvider/src/x509/x509_utils.go
diff options
context:
space:
mode:
Diffstat (limited to 'certServiceK8sExternalProvider/src/x509/x509_utils.go')
-rw-r--r--certServiceK8sExternalProvider/src/x509/x509_utils.go57
1 files changed, 57 insertions, 0 deletions
diff --git a/certServiceK8sExternalProvider/src/x509/x509_utils.go b/certServiceK8sExternalProvider/src/x509/x509_utils.go
new file mode 100644
index 00000000..b8b03e1a
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/x509/x509_utils.go
@@ -0,0 +1,57 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package x509
+
+import (
+ "bytes"
+ "crypto/x509"
+ "encoding/pem"
+ "fmt"
+)
+
+// decodeCSR decodes a certificate request in PEM format and returns the
+func DecodeCSR(data []byte) (*x509.CertificateRequest, error) {
+ block, rest := pem.Decode(data)
+ if block == nil || len(rest) > 0 {
+ return nil, fmt.Errorf("unexpected CSR PEM on sign request")
+ }
+ if block.Type != "CERTIFICATE REQUEST" {
+ return nil, fmt.Errorf("PEM is not a certificate request")
+ }
+ csr, err := x509.ParseCertificateRequest(block.Bytes)
+ if err != nil {
+ return nil, fmt.Errorf("error parsing certificate request: %v", err)
+ }
+ if err := csr.CheckSignature(); err != nil {
+ return nil, fmt.Errorf("error checking certificate request signature: %v", err)
+ }
+ return csr, nil
+}
+
+// encodeX509 will encode a *x509.Certificate into PEM format.
+func EncodeX509(cert *x509.Certificate) ([]byte, error) {
+ caPem := bytes.NewBuffer([]byte{})
+ err := pem.Encode(caPem, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
+ if err != nil {
+ return nil, err
+ }
+ return caPem.Bytes(), nil
+}