| /* |
| Copyright 2014 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package cert |
| |
| import ( |
| "crypto/x509" |
| "encoding/pem" |
| "errors" |
| ) |
| |
| const ( |
| // CertificateBlockType is a possible value for pem.Block.Type. |
| CertificateBlockType = "CERTIFICATE" |
| // CertificateRequestBlockType is a possible value for pem.Block.Type. |
| CertificateRequestBlockType = "CERTIFICATE REQUEST" |
| ) |
| |
| // ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array |
| // Returns an error if a certificate could not be parsed, or if the data does not contain any certificates |
| func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error) { |
| ok := false |
| certs := []*x509.Certificate{} |
| for len(pemCerts) > 0 { |
| var block *pem.Block |
| block, pemCerts = pem.Decode(pemCerts) |
| if block == nil { |
| break |
| } |
| // Only use PEM "CERTIFICATE" blocks without extra headers |
| if block.Type != CertificateBlockType || len(block.Headers) != 0 { |
| continue |
| } |
| |
| cert, err := x509.ParseCertificate(block.Bytes) |
| if err != nil { |
| return certs, err |
| } |
| |
| certs = append(certs, cert) |
| ok = true |
| } |
| |
| if !ok { |
| return certs, errors.New("data does not contain any valid RSA or ECDSA certificates") |
| } |
| return certs, nil |
| } |
