distribution/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go
Olivier Gambier 77e69b9cf3 Move to vendor
Signed-off-by: Olivier Gambier <olivier@docker.com>
2016-03-22 10:45:49 -07:00

68 lines
1.6 KiB
Go

package sign
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"io/ioutil"
"os"
)
// LoadPEMPrivKeyFile reads a PEM encoded RSA private key from the file name.
// A new RSA private key will be returned if no error.
func LoadPEMPrivKeyFile(name string) (*rsa.PrivateKey, error) {
file, err := os.Open(name)
if err != nil {
return nil, err
}
defer file.Close()
return LoadPEMPrivKey(file)
}
// LoadPEMPrivKey reads a PEM encoded RSA private key from the io.Reader.
// A new RSA private key will be returned if no error.
func LoadPEMPrivKey(reader io.Reader) (*rsa.PrivateKey, error) {
block, err := loadPem(reader)
if err != nil {
return nil, err
}
return x509.ParsePKCS1PrivateKey(block.Bytes)
}
// LoadEncryptedPEMPrivKey decrypts the PEM encoded private key using the
// password provided returning a RSA private key. If the PEM data is invalid,
// or unable to decrypt an error will be returned.
func LoadEncryptedPEMPrivKey(reader io.Reader, password []byte) (*rsa.PrivateKey, error) {
block, err := loadPem(reader)
if err != nil {
return nil, err
}
decryptedBlock, err := x509.DecryptPEMBlock(block, password)
if err != nil {
return nil, err
}
return x509.ParsePKCS1PrivateKey(decryptedBlock)
}
func loadPem(reader io.Reader) (*pem.Block, error) {
b, err := ioutil.ReadAll(reader)
if err != nil {
return nil, err
}
block, _ := pem.Decode(b)
if block == nil {
// pem.Decode will set block to nil if there is no PEM data in the input
// the second parameter will contain the provided bytes that failed
// to be decoded.
return nil, fmt.Errorf("no valid PEM data provided")
}
return block, nil
}