x509.go

   1 /*
   2 udpobfs -- simple point-to-point UDP obfuscation proxy
   3 Copyright (C) 2023 Sergey Matveev <stargrave@stargrave.org>
   4
   5 This program is free software: you can redistribute it and/or modify
   6 it under the terms of the GNU General Public License as published by
   7 the Free Software Foundation, version 3 of the License.
   8
   9 This program is distributed in the hope that it will be useful,
  10 but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 GNU General Public License for more details.
  13
  14 You should have received a copy of the GNU General Public License
  15 along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 */
  17
  18 package udpobfs
  19
  20 import (
  21         "crypto/x509"
  22         "encoding/pem"
  23         "errors"
  24         "os"
  25 )
  26
  27 func CertificateFromFile(p string) (b []byte, c *x509.Certificate, err error) {
  28         var data []byte
  29         data, err = os.ReadFile(p)
  30         if err != nil {
  31                 return
  32         }
  33         var block *pem.Block
  34         for len(data) > 0 {
  35                 block, data = pem.Decode(data)
  36                 if block == nil {
  37                         continue
  38                 }
  39                 if block.Type == "CERTIFICATE" {
  40                         b = block.Bytes
  41                         c, err = x509.ParseCertificate(b)
  42                         return
  43                 }
  44         }
  45         err = errors.New("no CERTIFICATE found in PEM")
  46         return
  47 }
  48
  49 func PrivateKeyFromFile(p string) (prv interface{}, err error) {
  50         var data []byte
  51         data, err = os.ReadFile(p)
  52         if err != nil {
  53                 return
  54         }
  55         var block *pem.Block
  56         for len(data) > 0 {
  57                 block, data = pem.Decode(data)
  58                 if block == nil {
  59                         continue
  60                 }
  61                 switch block.Type {
  62                 case "PRIVATE KEY":
  63                         prv, err = x509.ParsePKCS8PrivateKey(block.Bytes)
  64                         return
  65                 case "EC PRIVATE KEY":
  66                         prv, err = x509.ParseECPrivateKey(block.Bytes)
  67                         return
  68                 }
  69         }
  70         err = errors.New("no PRIVATE KEY found in PEM")
  71         return
  72 }
  73
  74 func CertPoolFromFile(p string) (
  75         certs []*x509.Certificate, pool *x509.CertPool, err error,
  76 ) {
  77         var data []byte
  78         data, err = os.ReadFile(p)
  79         if err != nil {
  80                 return
  81         }
  82         pool = x509.NewCertPool()
  83         var block *pem.Block
  84         for len(data) > 0 {
  85                 block, data = pem.Decode(data)
  86                 if block == nil {
  87                         err = errors.New("can not decode PEM")
  88                         return
  89                 }
  90                 if block.Type != "CERTIFICATE" {
  91                         err = errors.New("non CERTIFICATE found in PEM")
  92                         return
  93                 }
  94                 var ca *x509.Certificate
  95                 ca, err = x509.ParseCertificate(block.Bytes)
  96                 if err != nil {
  97                         return
  98                 }
  99                 certs = append(certs, ca)
 100                 pool.AddCert(ca)
 101         }
 102         return
 103 }