diff options
| author | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-12-17 19:10:46 +0100 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-12-17 19:10:46 +0100 |
| commit | 5442e71e7710897126a0034f487fab7e5013b3cc (patch) | |
| tree | 5fdade10956802b27afa4fcfcfc4b39c3640e137 /internal | |
| parent | 895d5fea41177e444c18f4fdc820fffa5f67d5bf (diff) | |
Drafty server package to receive node requests
curl http://localhost:2009/get-status
curl -X POST --data-binary @/home/rgdd/fullchain.pem -u node_a:aaaa http://localhost:2009/add-chain
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/manager/manager.go | 2 | ||||
| -rw-r--r-- | internal/x509util/x509util.go | 44 |
2 files changed, 45 insertions, 1 deletions
diff --git a/internal/manager/manager.go b/internal/manager/manager.go index 2210c9b..33207e9 100644 --- a/internal/manager/manager.go +++ b/internal/manager/manager.go @@ -70,7 +70,7 @@ func (mgr *Manager) Run(ctx context.Context, case ev := <-monitorCh: fmt.Printf("DEBUG: received event from monitor with %d matches\n", len(ev.Matches)) case ev := <-serverCh: - fmt.Printf("DEBUG: received event from server\n: %v", ev) + fmt.Printf("DEBUG: received event from server: %v\n", ev) case err := <-errorCh: fmt.Printf("DEBUG: received error: %v\n", err) } diff --git a/internal/x509util/x509util.go b/internal/x509util/x509util.go new file mode 100644 index 0000000..912d1b4 --- /dev/null +++ b/internal/x509util/x509util.go @@ -0,0 +1,44 @@ +package x509util + +import ( + "crypto/x509" + "encoding/pem" + "fmt" +) + +// ParseChain parses a certificate chain in PEM format. At least one +// certificate must be in the chain. The first certificate must be a leaf, +// whereas all other certificates must CA certificates (intermdiates/roots). +// +// Note: it is not checked if the certificate chain's root is trusted or not. +func ParseChain(b []byte) ([]x509.Certificate, error) { + var chain []x509.Certificate + + for { + block, rest := pem.Decode(b) + if block == nil { + break + } + crt, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, fmt.Errorf("parse certificate: %v", err) + } + + chain = append(chain, *crt) + b = rest + } + + if len(chain) == 0 { + return nil, fmt.Errorf("no certificates in the provided chain") + } + if chain[0].IsCA { + return nil, fmt.Errorf("leaf certificate has the CA bit set") + } + for _, crt := range chain[1:] { + if !crt.IsCA { + return nil, fmt.Errorf("non-leaf certificate without the CA bit set") + } + } + + return chain, nil +} |