Allow multiple certificates per file in x509_cert input (#6695)
This commit is contained in:
parent
c16b760a26
commit
c53d53826d
|
@ -2,6 +2,7 @@
|
||||||
package x509_cert
|
package x509_cert
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
|
@ -96,8 +97,9 @@ func (c *X509Cert) getCert(u *url.URL, timeout time.Duration) ([]*x509.Certifica
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
var certs []*x509.Certificate
|
||||||
block, _ := pem.Decode(content)
|
for {
|
||||||
|
block, rest := pem.Decode(bytes.TrimSpace(content))
|
||||||
if block == nil {
|
if block == nil {
|
||||||
return nil, fmt.Errorf("failed to parse certificate PEM")
|
return nil, fmt.Errorf("failed to parse certificate PEM")
|
||||||
}
|
}
|
||||||
|
@ -106,8 +108,13 @@ func (c *X509Cert) getCert(u *url.URL, timeout time.Duration) ([]*x509.Certifica
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
certs = append(certs, cert)
|
||||||
return []*x509.Certificate{cert}, nil
|
if rest == nil || len(rest) == 0 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
content = rest
|
||||||
|
}
|
||||||
|
return certs, nil
|
||||||
default:
|
default:
|
||||||
return nil, fmt.Errorf("unsuported scheme '%s' in location %s", u.Scheme, u.String())
|
return nil, fmt.Errorf("unsuported scheme '%s' in location %s", u.Scheme, u.String())
|
||||||
}
|
}
|
||||||
|
|
|
@ -141,6 +141,14 @@ func TestGatherLocal(t *testing.T) {
|
||||||
{name: "not a certificate", mode: 0640, content: "test", error: true},
|
{name: "not a certificate", mode: 0640, content: "test", error: true},
|
||||||
{name: "wrong certificate", mode: 0640, content: wrongCert, error: true},
|
{name: "wrong certificate", mode: 0640, content: wrongCert, error: true},
|
||||||
{name: "correct certificate", mode: 0640, content: pki.ReadServerCert()},
|
{name: "correct certificate", mode: 0640, content: pki.ReadServerCert()},
|
||||||
|
{name: "correct certificate and extra trailing space", mode: 0640, content: pki.ReadServerCert() + " "},
|
||||||
|
{name: "correct certificate and extra leading space", mode: 0640, content: " " + pki.ReadServerCert()},
|
||||||
|
{name: "correct multiple certificates", mode: 0640, content: pki.ReadServerCert() + pki.ReadCACert()},
|
||||||
|
{name: "correct certificate and wrong certificate", mode: 0640, content: pki.ReadServerCert() + "\n" + wrongCert, error: true},
|
||||||
|
{name: "correct certificate and not a certificate", mode: 0640, content: pki.ReadServerCert() + "\ntest", error: true},
|
||||||
|
{name: "correct multiple certificates and extra trailing space", mode: 0640, content: pki.ReadServerCert() + pki.ReadServerCert() + " "},
|
||||||
|
{name: "correct multiple certificates and extra leading space", mode: 0640, content: " " + pki.ReadServerCert() + pki.ReadServerCert()},
|
||||||
|
{name: "correct multiple certificates and extra middle space", mode: 0640, content: pki.ReadServerCert() + " " + pki.ReadServerCert()},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
|
|
Loading…
Reference in New Issue