From: Sergey Matveev <stargrave@stargrave.org>
Date: Wed, 8 Sep 2021 14:05:34 +0000 (+0300)
Subject: Allow PEMs to contain various entities
X-Git-Tag: v0.1.0~9
X-Git-Url: http://www.git.cypherpunks.ru/?p=ucspi.git;a=commitdiff_plain;h=cfdc20a8225fdcbc63e52f156af6529c984bdddb

Allow PEMs to contain various entities
---

diff --git a/x509.go b/x509.go
index 0743ba0..c8cf17a 100644
--- a/x509.go
+++ b/x509.go
@@ -30,17 +30,19 @@ func CertificateFromFile(p string) (b []byte, c *x509.Certificate, err error) {
 	if err != nil {
 		return
 	}
-	block, data := pem.Decode(data)
-	if block == nil {
-		err = errors.New("can not decode PEM")
-		return
-	}
-	if block.Type != "CERTIFICATE" {
-		err = errors.New("non CERTIFICATE found in PEM")
-		return
+	var block *pem.Block
+	for len(data) > 0 {
+		block, data = pem.Decode(data)
+		if block == nil {
+			continue
+		}
+		if block.Type == "CERTIFICATE" {
+			b = block.Bytes
+			c, err = x509.ParseCertificate(b)
+			return
+		}
 	}
-	b = block.Bytes
-	c, err = x509.ParseCertificate(b)
+	err = errors.New("no CERTIFICATE found in PEM")
 	return
 }
 
@@ -50,20 +52,22 @@ func PrivateKeyFromFile(p string) (prv interface{}, err error) {
 	if err != nil {
 		return
 	}
-	block, data := pem.Decode(data)
-	if block == nil {
-		err = errors.New("can not decode PEM")
-		return
-	}
-	data = block.Bytes
-	switch block.Type {
-	case "PRIVATE KEY":
-		prv, err = x509.ParsePKCS8PrivateKey(data)
-	case "EC PRIVATE KEY":
-		prv, err = x509.ParseECPrivateKey(data)
-	default:
-		err = errors.New("non PRIVATE KEY found in PEM")
+	var block *pem.Block
+	for len(data) > 0 {
+		block, data = pem.Decode(data)
+		if block == nil {
+			continue
+		}
+		switch block.Type {
+		case "PRIVATE KEY":
+			prv, err = x509.ParsePKCS8PrivateKey(block.Bytes)
+			return
+		case "EC PRIVATE KEY":
+			prv, err = x509.ParseECPrivateKey(block.Bytes)
+			return
+		}
 	}
+	err = errors.New("no PRIVATE KEY found in PEM")
 	return
 }