pogpp/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

Change GetCertExpiration to accept PEM encoded certs.

Browse source
This commit is contained in:
xenolf 2015-10-18 21:18:36 +02:00
parent 10b0192255
commit dc4125d3cf
2 changed files with 44 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
acme/crypto.go
View file

@ -6,6 +6,7 @@ import (
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"encoding/pem" "encoding/pem"
"fmt"
"math/big" "math/big"
"time" "time"
) )
@ -39,8 +40,37 @@ func pemEncode(data interface{}) []byte {
return pem.EncodeToMemory(pemBlock) return pem.EncodeToMemory(pemBlock)
} }
// GetCertExpiration returns the "NotAfter" date of a DER encoded certificate. func pemDecode(data []byte) (*pem.Block, error) {
func GetCertExpiration(cert []byte) (time.Time, error) { pemBlock, _ := pem.Decode(data)
if pemBlock == nil {
return nil, fmt.Errorf("Pem decode did not yield a valid block. Is the certificate in the right format?")
}
return pemBlock, nil
}
func pemDecodeTox509(pem []byte) (*x509.Certificate, error) {
pemBlock, err := pemDecode(pem)
if pemBlock == nil {
return nil, err
}
return x509.ParseCertificate(pemBlock.Bytes)
}
// GetPEMCertExpiration returns the "NotAfter" date of a PEM encoded certificate.
// The certificate has to be PEM encoded. Any other encodings like DER will fail.
func GetPEMCertExpiration(cert []byte) (time.Time, error) {
pemBlock, err := pemDecode(cert)
if pemBlock == nil {
return time.Time{}, err
}
return getCertExpiration(pemBlock.Bytes)
}
// getCertExpiration returns the "NotAfter" date of a DER encoded certificate.
func getCertExpiration(cert []byte) (time.Time, error) {
pCert, err := x509.ParseCertificate(cert) pCert, err := x509.ParseCertificate(cert)
if err != nil { if err != nil {
return time.Time{}, err return time.Time{}, err

16
acme/crypto_test.go
View file

@ -51,7 +51,7 @@ func TestPEMEncode(t *testing.T) {
} }
} }
func TestCertExpiration(t *testing.T) { func TestPEMCertExpiration(t *testing.T) {
privKey, err := generatePrivateKey(2048) privKey, err := generatePrivateKey(2048)
if err != nil { if err != nil {
t.Fatal("Error generating private key:", err) t.Fatal("Error generating private key:", err)
@ -66,12 +66,20 @@ func TestCertExpiration(t *testing.T) {
buf := bytes.NewBufferString("TestingRSAIsSoMuchFun") buf := bytes.NewBufferString("TestingRSAIsSoMuchFun")
if ctime, err := GetCertExpiration(buf.Bytes()); err == nil { // Some random string should return an error.
if ctime, err := GetPEMCertExpiration(buf.Bytes()); err == nil {
t.Errorf("Expected getCertExpiration to return an error for garbage string but returned %v", ctime) t.Errorf("Expected getCertExpiration to return an error for garbage string but returned %v", ctime)
} }
if ctime, err := GetCertExpiration(certBytes); err != nil || ctime != expiration.UTC() { // A DER encoded certificate should return an error.
t.Errorf("Expected getCertExpiration to return %v but returned: %v, err: %v", expiration.UTC(), ctime, err) if _, err := GetPEMCertExpiration(certBytes); err == nil {
t.Errorf("Expected getCertExpiration to return an error for DER certificates but returned none.")
}
// A PEM encoded certificate should work ok.
pemCert := pemEncode(derCertificateBytes(certBytes))
if ctime, err := GetPEMCertExpiration(pemCert); err != nil || !ctime.Equal(expiration.UTC()) {
t.Errorf("Expected getCertExpiration to return %v but returned %v. Error: %v", expiration, ctime, err)
} }
} }