本文整理汇总了Golang中github.com/openshift/origin/pkg/cmd/util.CertificatesFromPEM函数的典型用法代码示例。如果您正苦于以下问题:Golang CertificatesFromPEM函数的具体用法?Golang CertificatesFromPEM怎么用?Golang CertificatesFromPEM使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了CertificatesFromPEM函数的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: validateCertificatePEM
// validateCertificatePEM checks if a certificate PEM is valid and
// optionally verifies the certificate using the options.
func validateCertificatePEM(certPEM string, options *x509.VerifyOptions) ([]*x509.Certificate, error) {
certs, err := cmdutil.CertificatesFromPEM([]byte(certPEM))
if err != nil {
return nil, err
}
if len(certs) < 1 {
return nil, fmt.Errorf("invalid/empty certificate data")
}
if options != nil {
// Ensure we don't report errors for expired certs or if
// the validity is in the future.
// Not that this can be for the actual certificate or any
// intermediates in the CA chain. This allows the router to
// still serve an expired/valid-in-the-future certificate
// and lets the client to control if it can tolerate that
// (just like for self-signed certs).
_, err = certs[0].Verify(*options)
if err != nil {
if invalidErr, ok := err.(x509.CertificateInvalidError); !ok || invalidErr.Reason != x509.Expired {
return certs, fmt.Errorf("error verifying certificate: %s", err.Error())
}
}
}
return certs, nil
}
开发者ID:juanluisvaladas,项目名称:origin,代码行数:30,代码来源:validation.go
示例2: GetTLSCertificateConfig
func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error) {
if len(certFile) == 0 {
return nil, errors.New("certFile missing")
}
if len(keyFile) == 0 {
return nil, errors.New("keyFile missing")
}
certPEMBlock, err := ioutil.ReadFile(certFile)
if err != nil {
return nil, err
}
certs, err := cmdutil.CertificatesFromPEM(certPEMBlock)
if err != nil {
return nil, fmt.Errorf("Error reading %s: %s", certFile, err)
}
keyPEMBlock, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, err
}
keyPairCert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
if err != nil {
return nil, err
}
key := keyPairCert.PrivateKey
return &TLSCertificateConfig{certs, key}, nil
}
开发者ID:johnmccawley,项目名称:origin,代码行数:29,代码来源:crypto.go
示例3: GetTLSCARoots
func GetTLSCARoots(caFile string) (*TLSCARoots, error) {
if len(caFile) == 0 {
return nil, errors.New("caFile missing")
}
caPEMBlock, err := ioutil.ReadFile(caFile)
if err != nil {
return nil, err
}
roots, err := cmdutil.CertificatesFromPEM(caPEMBlock)
if err != nil {
return nil, fmt.Errorf("Error reading %s: %s", caFile, err)
}
return &TLSCARoots{roots}, nil
}
开发者ID:johnmccawley,项目名称:origin,代码行数:16,代码来源:crypto.go
示例4: ExtendedValidateRoute
// ExtendedValidateRoute performs an extended validation on the route
// including checking that the TLS config is valid.
func ExtendedValidateRoute(route *routeapi.Route) field.ErrorList {
tlsConfig := route.Spec.TLS
result := field.ErrorList{}
if tlsConfig == nil {
return result
}
tlsFieldPath := field.NewPath("spec").Child("tls")
if errs := validateTLS(route, tlsFieldPath); len(errs) != 0 {
result = append(result, errs...)
}
// TODO: Check if we can be stricter with validating the certificate
// is for the route hostname. Don't want existing routes to
// break, so disable the hostname validation for now.
// hostname := route.Spec.Host
hostname := ""
var verifyOptions *x509.VerifyOptions
if len(tlsConfig.CACertificate) > 0 {
certPool := x509.NewCertPool()
if certs, err := cmdutil.CertificatesFromPEM([]byte(tlsConfig.CACertificate)); err != nil {
errmsg := fmt.Sprintf("failed to parse CA certificate: %v", err)
result = append(result, field.Invalid(tlsFieldPath.Child("caCertificate"), "<ca certificate data>", errmsg))
} else {
for _, cert := range certs {
certPool.AddCert(cert)
}
}
verifyOptions = &x509.VerifyOptions{
DNSName: hostname,
Intermediates: certPool,
Roots: certPool,
}
}
if len(tlsConfig.Certificate) > 0 {
if _, err := validateCertificatePEM(tlsConfig.Certificate, verifyOptions); err != nil {
result = append(result, field.Invalid(tlsFieldPath.Child("certificate"), "<certificate data>", err.Error()))
}
certKeyBytes := []byte{}
certKeyBytes = append(certKeyBytes, []byte(tlsConfig.Certificate)...)
if len(tlsConfig.Key) > 0 {
certKeyBytes = append(certKeyBytes, byte('\n'))
certKeyBytes = append(certKeyBytes, []byte(tlsConfig.Key)...)
}
if _, err := tls.X509KeyPair(certKeyBytes, certKeyBytes); err != nil {
result = append(result, field.Invalid(tlsFieldPath.Child("key"), "<key data>", err.Error()))
}
}
if len(tlsConfig.DestinationCACertificate) > 0 {
if _, err := cmdutil.CertificatesFromPEM([]byte(tlsConfig.DestinationCACertificate)); err != nil {
errmsg := fmt.Sprintf("failed to parse destination CA certificate: %v", err)
result = append(result, field.Invalid(tlsFieldPath.Child("destinationCACertificate"), "<destination ca certificate data>", errmsg))
}
}
return result
}
开发者ID:juanluisvaladas,项目名称:origin,代码行数:66,代码来源:validation.go
注:本文中的github.com/openshift/origin/pkg/cmd/util.CertificatesFromPEM函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论