x509.go

   1 // udpobfs -- simple point-to-point UDP obfuscation proxy
   2 // Copyright (C) 2023-2024 Sergey Matveev <stargrave@stargrave.org>
   3 //
   4 // This program is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, version 3 of the License.
   7 //
   8 // This program is distributed in the hope that it will be useful,
   9 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11 // GNU General Public License for more details.
  12 //
  13 // You should have received a copy of the GNU General Public License
  14 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
  15
  16 package udpobfs
  17
  18 import (
  19         "crypto/x509"
  20         "encoding/pem"
  21         "errors"
  22         "os"
  23 )
  24
  25 func CertificateFromFile(p string) (b []byte, c *x509.Certificate, err error) {
  26         var data []byte
  27         data, err = os.ReadFile(p)
  28         if err != nil {
  29                 return
  30         }
  31         var block *pem.Block
  32         for len(data) > 0 {
  33                 block, data = pem.Decode(data)
  34                 if block == nil {
  35                         continue
  36                 }
  37                 if block.Type == "CERTIFICATE" {
  38                         b = block.Bytes
  39                         c, err = x509.ParseCertificate(b)
  40                         return
  41                 }
  42         }
  43         err = errors.New("no CERTIFICATE found in PEM")
  44         return
  45 }
  46
  47 func PrivateKeyFromFile(p string) (prv interface{}, err error) {
  48         var data []byte
  49         data, err = os.ReadFile(p)
  50         if err != nil {
  51                 return
  52         }
  53         var block *pem.Block
  54         for len(data) > 0 {
  55                 block, data = pem.Decode(data)
  56                 if block == nil {
  57                         continue
  58                 }
  59                 switch block.Type {
  60                 case "PRIVATE KEY":
  61                         prv, err = x509.ParsePKCS8PrivateKey(block.Bytes)
  62                         return
  63                 case "EC PRIVATE KEY":
  64                         prv, err = x509.ParseECPrivateKey(block.Bytes)
  65                         return
  66                 }
  67         }
  68         err = errors.New("no PRIVATE KEY found in PEM")
  69         return
  70 }
  71
  72 func CertPoolFromFile(p string) (
  73         certs []*x509.Certificate, pool *x509.CertPool, err error,
  74 ) {
  75         var data []byte
  76         data, err = os.ReadFile(p)
  77         if err != nil {
  78                 return
  79         }
  80         pool = x509.NewCertPool()
  81         var block *pem.Block
  82         for len(data) > 0 {
  83                 block, data = pem.Decode(data)
  84                 if block == nil {
  85                         err = errors.New("can not decode PEM")
  86                         return
  87                 }
  88                 if block.Type != "CERTIFICATE" {
  89                         err = errors.New("non CERTIFICATE found in PEM")
  90                         return
  91                 }
  92                 var ca *x509.Certificate
  93                 ca, err = x509.ParseCertificate(block.Bytes)
  94                 if err != nil {
  95                         return
  96                 }
  97                 certs = append(certs, ca)
  98                 pool.AddCert(ca)
  99         }
 100         return
 101 }