weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

add new utility method to clarify cert decoding semantics

Browse Source 
Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
This commit is contained in:
Bill Waldrep 2024-03-04 12:47:27 -05:00
parent 251610d951
commit bf3d202c72
No known key found for this signature in database
GPG Key ID: DF6FE04D604AB5F7
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/controller/certificates/issuing/internal/keystore.go
View File

@ -51,7 +51,7 @@ func encodePKCS12Keystore(profile cmapi.PKCS12Profile, password string, rawKey [
} }
var cas []*x509.Certificate var cas []*x509.Certificate
if len(caPem) > 0 { if len(caPem) > 0 {
cas, err = pki.DecodeX509CertificateChainBytes(caPem) cas, err = pki.DecodeX509CertificateSetBytes(caPem)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -75,7 +75,7 @@ func encodePKCS12Keystore(profile cmapi.PKCS12Profile, password string, rawKey [
} }
func encodePKCS12Truststore(profile cmapi.PKCS12Profile, password string, caPem []byte) ([]byte, error) { func encodePKCS12Truststore(profile cmapi.PKCS12Profile, password string, caPem []byte) ([]byte, error) {
cas, err := pki.DecodeX509CertificateChainBytes(caPem) cas, err := pki.DecodeX509CertificateSetBytes(caPem)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -152,7 +152,7 @@ func encodeJKSTruststore(password []byte, caPem []byte) ([]byte, error) {
} }
func addCAsToJKSStore(ks *jks.KeyStore, caPem []byte) error { func addCAsToJKSStore(ks *jks.KeyStore, caPem []byte) error {
cas, err := pki.DecodeX509CertificateChainBytes(caPem) cas, err := pki.DecodeX509CertificateSetBytes(caPem)
if err != nil { if err != nil {
return err return err
} }

7
pkg/util/pki/parse.go
View File

@ -70,6 +70,11 @@ func DecodePrivateKeyBytes(keyBytes []byte) (crypto.Signer, error) {
// DecodeX509CertificateChainBytes will decode a PEM encoded x509 Certificate chain. // DecodeX509CertificateChainBytes will decode a PEM encoded x509 Certificate chain.
func DecodeX509CertificateChainBytes(certBytes []byte) ([]*x509.Certificate, error) { func DecodeX509CertificateChainBytes(certBytes []byte) ([]*x509.Certificate, error) {
return DecodeX509CertificateSetBytes(certBytes)
}
// DecodeX509CertificateSetBytes will decode a concatenated set of PEM encoded x509 Certificates.
func DecodeX509CertificateSetBytes(certBytes []byte) ([]*x509.Certificate, error) {
certs := []*x509.Certificate{} certs := []*x509.Certificate{}
var block *pem.Block var block *pem.Block
@ -98,7 +103,7 @@ func DecodeX509CertificateChainBytes(certBytes []byte) ([]*x509.Certificate, err
// DecodeX509CertificateBytes will decode a PEM encoded x509 Certificate. // DecodeX509CertificateBytes will decode a PEM encoded x509 Certificate.
func DecodeX509CertificateBytes(certBytes []byte) (*x509.Certificate, error) { func DecodeX509CertificateBytes(certBytes []byte) (*x509.Certificate, error) {
certs, err := DecodeX509CertificateChainBytes(certBytes) certs, err := DecodeX509CertificateSetBytes(certBytes)
if err != nil { if err != nil {
return nil, err return nil, err
} }