X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=x509.go;h=a6df04f37b3c8ba767176c0c316ec6b42dc4b6d0;hb=33f105c103ef5ae7a97142287d82079c06434c7d;hp=8a5dd4eac910799dbb545a602184a4883fb15521;hpb=c39958cb57c7a598f668a15a3d793a2ab708b193;p=ucspi.git

diff --git a/x509.go b/x509.go
index 8a5dd4e..a6df04f 100644
--- a/x509.go
+++ b/x509.go
@@ -1,6 +1,6 @@
 /*
 ucspi -- UCSPI-related utilities
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -21,55 +21,59 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
-	"io/ioutil"
+	"os"
 )
 
 func CertificateFromFile(p string) (b []byte, c *x509.Certificate, err error) {
 	var data []byte
-	data, err = ioutil.ReadFile(p)
+	data, err = os.ReadFile(p)
 	if err != nil {
 		return
 	}
-	block, data := pem.Decode(data)
-	if block == nil {
-		err = errors.New("can not decode PEM")
-		return
-	}
-	if block.Type != "CERTIFICATE" {
-		err = errors.New("non CERTIFICATE found in PEM")
-		return
+	var block *pem.Block
+	for len(data) > 0 {
+		block, data = pem.Decode(data)
+		if block == nil {
+			continue
+		}
+		if block.Type == "CERTIFICATE" {
+			b = block.Bytes
+			c, err = x509.ParseCertificate(b)
+			return
+		}
 	}
-	b = block.Bytes
-	c, err = x509.ParseCertificate(b)
+	err = errors.New("no CERTIFICATE found in PEM")
 	return
 }
 
 func PrivateKeyFromFile(p string) (prv interface{}, err error) {
 	var data []byte
-	data, err = ioutil.ReadFile(p)
+	data, err = os.ReadFile(p)
 	if err != nil {
 		return
 	}
-	block, data := pem.Decode(data)
-	if block == nil {
-		err = errors.New("can not decode PEM")
-		return
-	}
-	data = block.Bytes
-	switch block.Type {
-	case "PRIVATE KEY":
-		prv, err = x509.ParsePKCS8PrivateKey(data)
-	case "EC PRIVATE KEY":
-		prv, err = x509.ParseECPrivateKey(data)
-	default:
-		err = errors.New("non PRIVATE KEY found in PEM")
+	var block *pem.Block
+	for len(data) > 0 {
+		block, data = pem.Decode(data)
+		if block == nil {
+			continue
+		}
+		switch block.Type {
+		case "PRIVATE KEY":
+			prv, err = x509.ParsePKCS8PrivateKey(block.Bytes)
+			return
+		case "EC PRIVATE KEY":
+			prv, err = x509.ParseECPrivateKey(block.Bytes)
+			return
+		}
 	}
+	err = errors.New("no PRIVATE KEY found in PEM")
 	return
 }
 
-func CertPoolFromFile(p string) (pool *x509.CertPool, err error) {
+func CertPoolFromFile(p string) (certs []*x509.Certificate, pool *x509.CertPool, err error) {
 	var data []byte
-	data, err = ioutil.ReadFile(p)
+	data, err = os.ReadFile(p)
 	if err != nil {
 		return
 	}
@@ -90,6 +94,7 @@ func CertPoolFromFile(p string) (pool *x509.CertPool, err error) {
 		if err != nil {
 			return
 		}
+		certs = append(certs, ca)
 		pool.AddCert(ca)
 	}
 	return