mirror of
https://github.com/vmware-tanzu/pinniped.git
synced 2025-12-23 14:25:50 +00:00
79 lines
1.5 KiB
Go
79 lines
1.5 KiB
Go
// Copyright 2024 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package tlsconfigutil
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/x509"
|
|
)
|
|
|
|
type CABundleHash struct {
|
|
hash [sha256.Size]byte
|
|
}
|
|
|
|
func NewCABundleHash(bundle []byte) CABundleHash {
|
|
return CABundleHash{
|
|
hash: sha256.Sum256(bundle),
|
|
}
|
|
}
|
|
|
|
func (a CABundleHash) Equal(b CABundleHash) bool {
|
|
return a == b
|
|
}
|
|
|
|
// CABundle abstracts the internal representation of CA certificate bundles.
|
|
type CABundle struct {
|
|
caBundle []byte
|
|
sha256 CABundleHash
|
|
certPool *x509.CertPool
|
|
}
|
|
|
|
func NewCABundle(caBundle []byte) (*CABundle, bool) {
|
|
var certPool *x509.CertPool
|
|
ok := true
|
|
|
|
if len(caBundle) > 0 {
|
|
certPool = x509.NewCertPool()
|
|
ok = certPool.AppendCertsFromPEM(caBundle)
|
|
}
|
|
|
|
return &CABundle{
|
|
caBundle: caBundle,
|
|
sha256: NewCABundleHash(caBundle),
|
|
certPool: certPool,
|
|
}, ok
|
|
}
|
|
|
|
// PEMBytes returns the CA certificate bundle PEM bytes.
|
|
func (c *CABundle) PEMBytes() []byte {
|
|
if c == nil {
|
|
return nil
|
|
}
|
|
return c.caBundle
|
|
}
|
|
|
|
// PEMString returns the certificate bundle PEM formatted as a string.
|
|
func (c *CABundle) PEMString() string {
|
|
if c == nil {
|
|
return ""
|
|
}
|
|
return string(c.caBundle)
|
|
}
|
|
|
|
// CertPool returns a X509 cert pool with the CA certificate bundle.
|
|
func (c *CABundle) CertPool() *x509.CertPool {
|
|
if c == nil {
|
|
return nil
|
|
}
|
|
return c.certPool
|
|
}
|
|
|
|
// Hash returns a sha256 sum of the CA bundle bytes.
|
|
func (c *CABundle) Hash() CABundleHash {
|
|
if c == nil {
|
|
return NewCABundleHash(nil)
|
|
}
|
|
return c.sha256
|
|
}
|