]> Cypherpunks.ru repositories - ucspi.git/commitdiff
projects / ucspi.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 57c1e99)
Allow PEMs to contain various entities
authorSergey Matveev <stargrave@stargrave.org>
Wed, 8 Sep 2021 14:05:34 +0000 (17:05 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Wed, 8 Sep 2021 14:05:34 +0000 (17:05 +0300)
x509.go patch | blob | history

diff --git a/x509.go b/x509.go
index 0743ba0b0c1734d2aab322a9d0fa850186f4807c..c8cf17a3afa323ebc6ecc60f000183b7142b2efc 100644 (file)
--- a/x509.go
+++ b/x509.go
@@ -30,17 +30,19 @@ func CertificateFromFile(p string) (b []byte, c *x509.Certificate, err error) {
        if err != nil {
                return
        }
        if err != nil {
                return
        }
-       block, data := pem.Decode(data)
-       if block == nil {
-               err = errors.New("can not decode PEM")
-               return
-       }
-       if block.Type != "CERTIFICATE" {
-               err = errors.New("non CERTIFICATE found in PEM")
-               return
+       var block *pem.Block
+       for len(data) > 0 {
+               block, data = pem.Decode(data)
+               if block == nil {
+                       continue
+               }
+               if block.Type == "CERTIFICATE" {
+                       b = block.Bytes
+                       c, err = x509.ParseCertificate(b)
+                       return
+               }
        }
        }
-       b = block.Bytes
-       c, err = x509.ParseCertificate(b)
+       err = errors.New("no CERTIFICATE found in PEM")
        return
 }
 
        return
 }
 
@@ -50,20 +52,22 @@ func PrivateKeyFromFile(p string) (prv interface{}, err error) {
        if err != nil {
                return
        }
        if err != nil {
                return
        }
-       block, data := pem.Decode(data)
-       if block == nil {
-               err = errors.New("can not decode PEM")
-               return
-       }
-       data = block.Bytes
-       switch block.Type {
-       case "PRIVATE KEY":
-               prv, err = x509.ParsePKCS8PrivateKey(data)
-       case "EC PRIVATE KEY":
-               prv, err = x509.ParseECPrivateKey(data)
-       default:
-               err = errors.New("non PRIVATE KEY found in PEM")
+       var block *pem.Block
+       for len(data) > 0 {
+               block, data = pem.Decode(data)
+               if block == nil {
+                       continue
+               }
+               switch block.Type {
+               case "PRIVATE KEY":
+                       prv, err = x509.ParsePKCS8PrivateKey(block.Bytes)
+                       return
+               case "EC PRIVATE KEY":
+                       prv, err = x509.ParseECPrivateKey(block.Bytes)
+                       return
+               }
        }
        }
+       err = errors.New("no PRIVATE KEY found in PEM")
        return
 }
 
        return
 }
 
UCSPI-related utilities