io.go

Documentation: k8s.io/client-go/util/cert

     1  /*
     2  Copyright 2014 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package cert
    18  
    19  import (
    20  	"crypto/x509"
    21  	"fmt"
    22  	"os"
    23  	"path/filepath"
    24  )
    25  
    26  // CanReadCertAndKey returns true if the certificate and key files already exists,
    27  // otherwise returns false. If lost one of cert and key, returns error.
    28  func CanReadCertAndKey(certPath, keyPath string) (bool, error) {
    29  	certReadable := canReadFile(certPath)
    30  	keyReadable := canReadFile(keyPath)
    31  
    32  	if certReadable == false && keyReadable == false {
    33  		return false, nil
    34  	}
    35  
    36  	if certReadable == false {
    37  		return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", certPath)
    38  	}
    39  
    40  	if keyReadable == false {
    41  		return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", keyPath)
    42  	}
    43  
    44  	return true, nil
    45  }
    46  
    47  // If the file represented by path exists and
    48  // readable, returns true otherwise returns false.
    49  func canReadFile(path string) bool {
    50  	f, err := os.Open(path)
    51  	if err != nil {
    52  		return false
    53  	}
    54  
    55  	defer f.Close()
    56  
    57  	return true
    58  }
    59  
    60  // WriteCert writes the pem-encoded certificate data to certPath.
    61  // The certificate file will be created with file mode 0644.
    62  // If the certificate file already exists, it will be overwritten.
    63  // The parent directory of the certPath will be created as needed with file mode 0755.
    64  func WriteCert(certPath string, data []byte) error {
    65  	if err := os.MkdirAll(filepath.Dir(certPath), os.FileMode(0755)); err != nil {
    66  		return err
    67  	}
    68  	return os.WriteFile(certPath, data, os.FileMode(0644))
    69  }
    70  
    71  // NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file.
    72  // Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
    73  func NewPool(filename string) (*x509.CertPool, error) {
    74  	pemBlock, err := os.ReadFile(filename)
    75  	if err != nil {
    76  		return nil, err
    77  	}
    78  
    79  	pool, err := NewPoolFromBytes(pemBlock)
    80  	if err != nil {
    81  		return nil, fmt.Errorf("error creating pool from %s: %s", filename, err)
    82  	}
    83  	return pool, nil
    84  }
    85  
    86  // NewPoolFromBytes returns an x509.CertPool containing the certificates in the given PEM-encoded bytes.
    87  // Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
    88  func NewPoolFromBytes(pemBlock []byte) (*x509.CertPool, error) {
    89  	certs, err := ParseCertsPEM(pemBlock)
    90  	if err != nil {
    91  		return nil, err
    92  	}
    93  	pool := x509.NewCertPool()
    94  	for _, cert := range certs {
    95  		pool.AddCert(cert)
    96  	}
    97  	return pool, nil
    98  }
    99  
   100  // CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file.
   101  // Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
   102  func CertsFromFile(file string) ([]*x509.Certificate, error) {
   103  	pemBlock, err := os.ReadFile(file)
   104  	if err != nil {
   105  		return nil, err
   106  	}
   107  	certs, err := ParseCertsPEM(pemBlock)
   108  	if err != nil {
   109  		return nil, fmt.Errorf("error reading %s: %s", file, err)
   110  	}
   111  	return certs, nil
   112  }
   113
View as plain text