gitee.com/lh-her-team/common@v1.5.1/ca/ca.go

gitee.com/lh-her-team/common@v1.5.1/ca/ca.go (about)

     1  package ca
     2  
     3  import (
     4  	"crypto/x509"
     5  	"encoding/pem"
     6  	"fmt"
     7  	"io/ioutil"
     8  	"os"
     9  	"strings"
    10  
    11  	cmx509 "gitee.com/lh-her-team/common/crypto/x509"
    12  )
    13  
    14  func loadCerts(caPaths []string) ([]string, error) {
    15  	var filepaths []string
    16  	for _, caPath := range caPaths {
    17  		if caPath == "" {
    18  			continue
    19  		}
    20  		dir, err := ioutil.ReadDir(caPath)
    21  		if err != nil {
    22  			return nil, err
    23  		}
    24  		pathSep := string(os.PathSeparator)
    25  		for _, fi := range dir {
    26  			if !fi.IsDir() {
    27  				ok := strings.HasSuffix(fi.Name(), ".crt")
    28  				if ok {
    29  					filepaths = append(filepaths, caPath+pathSep+fi.Name())
    30  				}
    31  			}
    32  		}
    33  	}
    34  	return filepaths, nil
    35  }
    36  
    37  func addTrust(pool *x509.CertPool, path string) error {
    38  	aCrt, err := ioutil.ReadFile(path)
    39  	if err != nil {
    40  		return fmt.Errorf("read cert file failed, %s", err.Error())
    41  	}
    42  	//pool.AppendCertsFromPEM(aCrt)
    43  	err = addCertPool(pool, string(aCrt))
    44  	if err != nil {
    45  		return fmt.Errorf("add cert pool failed, %s", err.Error())
    46  	}
    47  	return nil
    48  }
    49  
    50  func addGMTrust(pool *cmx509.CertPool, path string) error {
    51  	aCrt, err := ioutil.ReadFile(path)
    52  	if err != nil {
    53  		return fmt.Errorf("read cert file failed, %s", err.Error())
    54  	}
    55  	//pool.AppendCertsFromPEM(aCrt)
    56  	err = addSM2CertPool(pool, string(aCrt))
    57  	if err != nil {
    58  		return fmt.Errorf("add sm2 cert pool failed, %s", err.Error())
    59  	}
    60  	return nil
    61  }
    62  
    63  func getCertificates(trustRoot string) ([]*x509.Certificate, error) {
    64  	var certificates []*x509.Certificate
    65  	pemBlock, rest := pem.Decode([]byte(trustRoot))
    66  	for pemBlock != nil {
    67  		cert, err := x509.ParseCertificate(pemBlock.Bytes)
    68  		if err != nil {
    69  			return nil, fmt.Errorf("invalid trusted root cert list")
    70  		}
    71  		certificates = append(certificates, cert)
    72  		pemBlock, rest = pem.Decode(rest)
    73  	}
    74  	return certificates, nil
    75  }
    76  
    77  func addCertPool(certPool *x509.CertPool, trustRoot string) error {
    78  	certificates, err := getCertificates(trustRoot)
    79  	if err != nil {
    80  		return fmt.Errorf("get certificates failed, %s", err.Error())
    81  	}
    82  	for _, certificate := range certificates {
    83  		certPool.AddCert(certificate)
    84  	}
    85  	return nil
    86  }
    87  
    88  func getSM2Certificates(trustRoot string) ([]*cmx509.Certificate, error) {
    89  	var certificates []*cmx509.Certificate
    90  	pemBlock, rest := pem.Decode([]byte(trustRoot))
    91  	for pemBlock != nil {
    92  		cert, err := cmx509.ParseCertificate(pemBlock.Bytes)
    93  		if err != nil {
    94  			return nil, fmt.Errorf("invalid trusted root cert list")
    95  		}
    96  		certificates = append(certificates, cert)
    97  		pemBlock, rest = pem.Decode(rest)
    98  	}
    99  	return certificates, nil
   100  }
   101  
   102  func addSM2CertPool(certPool *cmx509.CertPool, trustRoot string) error {
   103  	certificates, err := getSM2Certificates(trustRoot)
   104  	if err != nil {
   105  		return fmt.Errorf("get sm2 certificates failed, %s", err.Error())
   106  	}
   107  	for _, certificate := range certificates {
   108  		certPool.AddCert(certificate)
   109  	}
   110  	return nil
   111  }