github.com/aavshr/aws-sdk-go@v1.41.3/service/cloudfront/sign/privkey.go (about) 1 package sign 2 3 import ( 4 "crypto/rsa" 5 "crypto/x509" 6 "encoding/pem" 7 "fmt" 8 "io" 9 "io/ioutil" 10 "os" 11 ) 12 13 // LoadPEMPrivKeyFile reads a PEM encoded RSA private key from the file name. 14 // A new RSA private key will be returned if no error. 15 func LoadPEMPrivKeyFile(name string) (*rsa.PrivateKey, error) { 16 file, err := os.Open(name) 17 if err != nil { 18 return nil, err 19 } 20 defer file.Close() 21 22 return LoadPEMPrivKey(file) 23 } 24 25 // LoadPEMPrivKey reads a PEM encoded RSA private key from the io.Reader. 26 // A new RSA private key will be returned if no error. 27 func LoadPEMPrivKey(reader io.Reader) (*rsa.PrivateKey, error) { 28 block, err := loadPem(reader) 29 if err != nil { 30 return nil, err 31 } 32 33 return x509.ParsePKCS1PrivateKey(block.Bytes) 34 } 35 36 // LoadEncryptedPEMPrivKey decrypts the PEM encoded private key using the 37 // password provided returning a RSA private key. If the PEM data is invalid, 38 // or unable to decrypt an error will be returned. 39 func LoadEncryptedPEMPrivKey(reader io.Reader, password []byte) (*rsa.PrivateKey, error) { 40 block, err := loadPem(reader) 41 if err != nil { 42 return nil, err 43 } 44 45 decryptedBlock, err := x509.DecryptPEMBlock(block, password) 46 if err != nil { 47 return nil, err 48 } 49 50 return x509.ParsePKCS1PrivateKey(decryptedBlock) 51 } 52 53 func loadPem(reader io.Reader) (*pem.Block, error) { 54 b, err := ioutil.ReadAll(reader) 55 if err != nil { 56 return nil, err 57 } 58 59 block, _ := pem.Decode(b) 60 if block == nil { 61 // pem.Decode will set block to nil if there is no PEM data in the input 62 // the second parameter will contain the provided bytes that failed 63 // to be decoded. 64 return nil, fmt.Errorf("no valid PEM data provided") 65 } 66 67 return block, nil 68 }