| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- package truststore
- import (
- "crypto"
- "crypto/x509"
- "encoding/pem"
- "fmt"
- "log/slog"
- "os"
- )
- func newPEMTrustStore(filename string) (TrustStore, error) {
- raw, err := os.ReadFile(filename)
- if err != nil {
- return nil, err
- }
- result := &InMemoryTrustStore{
- Keys: make(map[string]crypto.PublicKey),
- }
- for {
- block, rest := pem.Decode(raw)
- if block == nil {
- break
- }
- switch block.Type {
- case "PUBLIC KEY":
- keyID, ok := block.Headers["key_id"]
- if !ok {
- keyID = "default"
- }
- key, err := x509.ParsePKIXPublicKey(block.Bytes)
- if err != nil {
- return nil, err
- }
- result.Keys[keyID] = key
- slog.Debug("public key loaded into the trustore", "id", keyID)
- case "CERTIFICATE":
- cert, err := x509.ParseCertificate(block.Bytes)
- if err != nil {
- return nil, err
- }
- keyID := string(cert.Subject.CommonName)
- result.Keys[keyID] = cert.PublicKey
- slog.Debug("certificate loaded into the trustore", "id", keyID)
- }
- raw = rest
- }
- if len(result.Keys) == 0 {
- return nil, fmt.Errorf("no RSA public key found: %s", filename)
- }
- return result, nil
- }
|
