Allow users to define what extensions CA certs will have. Skip any files that don't have the right extension.
This commit is contained in:
Renan DelValle
parent
3fa2a20fe4
commit
6cdcbcb5db
3 changed files with 67 additions and 21 deletions
40
util.go
40
util.go
|
|
@ -1,7 +1,11 @@
|
|||
package realis
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"io/ioutil"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/paypal/gorealis/gen-go/apache/aurora"
|
||||
|
|
@ -64,6 +68,42 @@ func init() {
|
|||
AwaitingPulseJobUpdateStates[status] = true
|
||||
}
|
||||
}
|
||||
func createCertPool(path string, extensions map[string]struct{}) (*x509.CertPool, error) {
|
||||
certPool := x509.NewCertPool()
|
||||
|
||||
_, err := os.Stat(path)
|
||||
if err != nil {
|
||||
return nil, errors.New("given certs path doesn't exist")
|
||||
}
|
||||
|
||||
caFiles, err := ioutil.ReadDir(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(caFiles) == 0 {
|
||||
return nil, errors.New("no possible certs found in " + path)
|
||||
}
|
||||
|
||||
for _, cert := range caFiles {
|
||||
// Skip directories
|
||||
if cert.IsDir() {
|
||||
continue
|
||||
}
|
||||
|
||||
// Skip any files that do not contain the right extension
|
||||
if _, ok := extensions[filepath.Ext(cert.Name())]; !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
caCert, err := ioutil.ReadFile(filepath.Join(path, cert.Name()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
certPool.AppendCertsFromPEM(caCert)
|
||||
}
|
||||
return certPool, nil
|
||||
}
|
||||
|
||||
func validateAuroraURL(location string) (string, error) {
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue