51 lines
1.2 KiB
Go
51 lines
1.2 KiB
Go
package targets
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"errors"
|
|
"os"
|
|
)
|
|
|
|
const (
|
|
DefaultCertKey = "LOGR_DEFAULT_CERT"
|
|
)
|
|
|
|
// GetCertPoolOrNil returns a x509.CertPool containing the cert(s) from `cert`,
|
|
// or from the certs specified by the env var `LOGR_DEFAULT_CERT`, either of which
|
|
// can be a path to a .pem or .crt file, or a base64 encoded cert.
|
|
//
|
|
// If a cert is specified by either `cert` or `LOGR_DEFAULT_CERT`, but the cert
|
|
// is invalid then an error is returned.
|
|
//
|
|
// If no certs are specified by either `cert` or `LOGR_DEFAULT_CERT`, then
|
|
// nil is returned.
|
|
func GetCertPoolOrNil(cert string) (*x509.CertPool, error) {
|
|
if cert == "" {
|
|
cert = getDefaultCert()
|
|
if cert == "" {
|
|
return nil, nil // no cert provided, not an error but no pool returned
|
|
}
|
|
}
|
|
|
|
// first treat as a file and try to read.
|
|
serverCert, err := os.ReadFile(cert)
|
|
if err != nil {
|
|
// maybe it's a base64 encoded cert
|
|
serverCert, err = base64.StdEncoding.DecodeString(cert)
|
|
if err != nil {
|
|
return nil, errors.New("cert cannot be read")
|
|
}
|
|
}
|
|
|
|
pool := x509.NewCertPool()
|
|
if ok := pool.AppendCertsFromPEM(serverCert); ok {
|
|
return pool, nil
|
|
}
|
|
return nil, errors.New("cannot parse cert")
|
|
}
|
|
|
|
func getDefaultCert() string {
|
|
return os.Getenv(DefaultCertKey)
|
|
}
|