Allow users to define what extensions CA certs will have (#120)
* Allow users to define what extensions CA certs will have. Skip any files that don't have the right extension.
This commit is contained in:
Renán I. Del Valle
GitHub
parent
3dc3b09a8e
commit
ea8e48f3b8
3 changed files with 75 additions and 22 deletions
49
util.go
49
util.go
|
|
@ -1,7 +1,11 @@
|
|||
package realis
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"io/ioutil"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/paypal/gorealis/gen-go/apache/aurora"
|
||||
|
|
@ -65,6 +69,49 @@ func init() {
|
|||
}
|
||||
}
|
||||
|
||||
// createCertPool will attempt to load certificates into a certificate pool from a given directory.
|
||||
// Only files with an extension contained in the extension map are considered.
|
||||
// This function ignores any files that cannot be read successfully or cannot be added to the certPool
|
||||
// successfully.
|
||||
func createCertPool(path string, extensions map[string]struct{}) (*x509.CertPool, error) {
|
||||
_, err := os.Stat(path)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "unable to load certificates")
|
||||
}
|
||||
|
||||
caFiles, err := ioutil.ReadDir(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
certPool := x509.NewCertPool()
|
||||
loadedCerts := 0
|
||||
for _, cert := range caFiles {
|
||||
// Skip directories
|
||||
if cert.IsDir() {
|
||||
continue
|
||||
}
|
||||
|
||||
// Skip any files that do not contain the right extension
|
||||
if _, ok := extensions[filepath.Ext(cert.Name())]; !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
pem, err := ioutil.ReadFile(filepath.Join(path, cert.Name()))
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if certPool.AppendCertsFromPEM(pem) {
|
||||
loadedCerts++
|
||||
}
|
||||
}
|
||||
if loadedCerts == 0 {
|
||||
return nil, errors.New("no certificates were able to be successfully loaded")
|
||||
}
|
||||
return certPool, nil
|
||||
}
|
||||
|
||||
func validateAuroraURL(location string) (string, error) {
|
||||
|
||||
// If no protocol defined, assume http
|
||||
|
|
@ -92,7 +139,7 @@ func validateAuroraURL(location string) (string, error) {
|
|||
return "", errors.Errorf("only protocols http and https are supported %v\n", u.Scheme)
|
||||
}
|
||||
|
||||
// This could theoretically be elsewhwere but we'll be strict for the sake of simplicty
|
||||
// This could theoretically be elsewhere but we'll be strict for the sake of simplicity
|
||||
if u.Path != apiPath {
|
||||
return "", errors.Errorf("expected /api path %v\n", u.Path)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue