Allow multiple certificates per file in x509_cert input (#6695)

This commit is contained in:
Jonathan Negrin 2019-11-26 00:38:57 +01:00 committed by Daniel Nelson
parent c16b760a26
commit c53d53826d
2 changed files with 25 additions and 10 deletions

View File

@ -2,6 +2,7 @@
package x509_cert package x509_cert
import ( import (
"bytes"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
@ -96,18 +97,24 @@ func (c *X509Cert) getCert(u *url.URL, timeout time.Duration) ([]*x509.Certifica
if err != nil { if err != nil {
return nil, err return nil, err
} }
var certs []*x509.Certificate
for {
block, rest := pem.Decode(bytes.TrimSpace(content))
if block == nil {
return nil, fmt.Errorf("failed to parse certificate PEM")
}
block, _ := pem.Decode(content) cert, err := x509.ParseCertificate(block.Bytes)
if block == nil { if err != nil {
return nil, fmt.Errorf("failed to parse certificate PEM") return nil, err
}
certs = append(certs, cert)
if rest == nil || len(rest) == 0 {
break
}
content = rest
} }
return certs, nil
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}
return []*x509.Certificate{cert}, nil
default: default:
return nil, fmt.Errorf("unsuported scheme '%s' in location %s", u.Scheme, u.String()) return nil, fmt.Errorf("unsuported scheme '%s' in location %s", u.Scheme, u.String())
} }

View File

@ -141,6 +141,14 @@ func TestGatherLocal(t *testing.T) {
{name: "not a certificate", mode: 0640, content: "test", error: true}, {name: "not a certificate", mode: 0640, content: "test", error: true},
{name: "wrong certificate", mode: 0640, content: wrongCert, error: true}, {name: "wrong certificate", mode: 0640, content: wrongCert, error: true},
{name: "correct certificate", mode: 0640, content: pki.ReadServerCert()}, {name: "correct certificate", mode: 0640, content: pki.ReadServerCert()},
{name: "correct certificate and extra trailing space", mode: 0640, content: pki.ReadServerCert() + " "},
{name: "correct certificate and extra leading space", mode: 0640, content: " " + pki.ReadServerCert()},
{name: "correct multiple certificates", mode: 0640, content: pki.ReadServerCert() + pki.ReadCACert()},
{name: "correct certificate and wrong certificate", mode: 0640, content: pki.ReadServerCert() + "\n" + wrongCert, error: true},
{name: "correct certificate and not a certificate", mode: 0640, content: pki.ReadServerCert() + "\ntest", error: true},
{name: "correct multiple certificates and extra trailing space", mode: 0640, content: pki.ReadServerCert() + pki.ReadServerCert() + " "},
{name: "correct multiple certificates and extra leading space", mode: 0640, content: " " + pki.ReadServerCert() + pki.ReadServerCert()},
{name: "correct multiple certificates and extra middle space", mode: 0640, content: pki.ReadServerCert() + " " + pki.ReadServerCert()},
} }
for _, test := range tests { for _, test := range tests {