Allow multiple certificates per file in x509_cert input (#6695)

2019-11-26 00:38:57 +01:00 · 2019-11-26 00:38:57 +01:00 · c53d53826d
parent c16b760a26
commit c53d53826d
2 changed files with 25 additions and 10 deletions
--- a/plugins/inputs/x509_cert/x509_cert.go
+++ b/plugins/inputs/x509_cert/x509_cert.go
@ -2,6 +2,7 @@
 package x509_cert

 import (
+	"bytes"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
@ -96,18 +97,24 @@ func (c *X509Cert) getCert(u *url.URL, timeout time.Duration) ([]*x509.Certifica
 		if err != nil {
 			return nil, err
 		}
+		var certs []*x509.Certificate
+		for {
+			block, rest := pem.Decode(bytes.TrimSpace(content))
+			if block == nil {
+				return nil, fmt.Errorf("failed to parse certificate PEM")
+			}

-		block, _ := pem.Decode(content)
-		if block == nil {
-			return nil, fmt.Errorf("failed to parse certificate PEM")
+			cert, err := x509.ParseCertificate(block.Bytes)
+			if err != nil {
+				return nil, err
+			}
+			certs = append(certs, cert)
+			if rest == nil || len(rest) == 0 {
+				break
+			}
+			content = rest
 		}
-
-		cert, err := x509.ParseCertificate(block.Bytes)
-		if err != nil {
-			return nil, err
-		}
-
-		return []*x509.Certificate{cert}, nil
+		return certs, nil
 	default:
 		return nil, fmt.Errorf("unsuported scheme '%s' in location %s", u.Scheme, u.String())
 	}
--- a/plugins/inputs/x509_cert/x509_cert_test.go
+++ b/plugins/inputs/x509_cert/x509_cert_test.go
@ -141,6 +141,14 @@ func TestGatherLocal(t *testing.T) {
 		{name: "not a certificate", mode: 0640, content: "test", error: true},
 		{name: "wrong certificate", mode: 0640, content: wrongCert, error: true},
 		{name: "correct certificate", mode: 0640, content: pki.ReadServerCert()},
+		{name: "correct certificate and extra trailing space", mode: 0640, content: pki.ReadServerCert() + " "},
+		{name: "correct certificate and extra leading space", mode: 0640, content: " " + pki.ReadServerCert()},
+		{name: "correct multiple certificates", mode: 0640, content: pki.ReadServerCert() + pki.ReadCACert()},
+		{name: "correct certificate and wrong certificate", mode: 0640, content: pki.ReadServerCert() + "\n" + wrongCert, error: true},
+		{name: "correct certificate and not a certificate", mode: 0640, content: pki.ReadServerCert() + "\ntest", error: true},
+		{name: "correct multiple certificates and extra trailing space", mode: 0640, content: pki.ReadServerCert() + pki.ReadServerCert() + " "},
+		{name: "correct multiple certificates and extra leading space", mode: 0640, content: " " + pki.ReadServerCert() + pki.ReadServerCert()},
+		{name: "correct multiple certificates and extra middle space", mode: 0640, content: pki.ReadServerCert() + " " + pki.ReadServerCert()},
 	}

 	for _, test := range tests {