-
Notifications
You must be signed in to change notification settings - Fork 149
/
pem.go
125 lines (112 loc) · 3.98 KB
/
pem.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
// Copyright 2021 Tencent Inc. All rights reserved.
package utils
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"io/ioutil"
"time"
)
// LoadCertificate 通过证书的文本内容加载证书
func LoadCertificate(certificateStr string) (certificate *x509.Certificate, err error) {
block, _ := pem.Decode([]byte(certificateStr))
if block == nil {
return nil, fmt.Errorf("decode certificate err")
}
if block.Type != "CERTIFICATE" {
return nil, fmt.Errorf("the kind of PEM should be CERTIFICATE")
}
certificate, err = x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, fmt.Errorf("parse certificate err:%s", err.Error())
}
return certificate, nil
}
// LoadPrivateKey 通过私钥的文本内容加载私钥
func LoadPrivateKey(privateKeyStr string) (privateKey *rsa.PrivateKey, err error) {
block, _ := pem.Decode([]byte(privateKeyStr))
if block == nil {
return nil, fmt.Errorf("decode private key err")
}
if block.Type != "PRIVATE KEY" {
return nil, fmt.Errorf("the kind of PEM should be PRVATE KEY")
}
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, fmt.Errorf("parse private key err:%s", err.Error())
}
privateKey, ok := key.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("not a RSA private key")
}
return privateKey, nil
}
// LoadPublicKey 通过公钥的文本内容加载公钥
func LoadPublicKey(publicKeyStr string) (publicKey *rsa.PublicKey, err error) {
block, _ := pem.Decode([]byte(publicKeyStr))
if block == nil {
return nil, errors.New("decode public key error")
}
if block.Type != "PUBLIC KEY" {
return nil, fmt.Errorf("the kind of PEM should be PUBLIC KEY")
}
key, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, fmt.Errorf("parse public key err:%s", err.Error())
}
publicKey, ok := key.(*rsa.PublicKey)
if !ok {
return nil, fmt.Errorf("%s is not rsa public key", publicKeyStr)
}
return publicKey, nil
}
// LoadCertificateWithPath 通过证书的文件路径加载证书
func LoadCertificateWithPath(path string) (certificate *x509.Certificate, err error) {
certificateBytes, err := ioutil.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("read certificate pem file err:%s", err.Error())
}
return LoadCertificate(string(certificateBytes))
}
// LoadPrivateKeyWithPath 通过私钥的文件路径内容加载私钥
func LoadPrivateKeyWithPath(path string) (privateKey *rsa.PrivateKey, err error) {
privateKeyBytes, err := ioutil.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("read private pem file err:%s", err.Error())
}
return LoadPrivateKey(string(privateKeyBytes))
}
// LoadPublicKeyWithPath 通过公钥的文件路径加载公钥
func LoadPublicKeyWithPath(path string) (publicKey *rsa.PublicKey, err error) {
publicKeyBytes, err := ioutil.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("read certificate pem file err:%s", err.Error())
}
return LoadPublicKey(string(publicKeyBytes))
}
// GetCertificateSerialNumber 从证书中获取证书序列号
func GetCertificateSerialNumber(certificate x509.Certificate) string {
return fmt.Sprintf("%X", certificate.SerialNumber.Bytes())
}
// IsCertExpired 判定证书在特定时间是否过期
//
// Deprecated: 请使用 IsCertificateExpired
func IsCertExpired(certificate x509.Certificate, now time.Time) bool {
return now.After(certificate.NotAfter)
}
// IsCertificateExpired 判定证书在特定时间是否过期
func IsCertificateExpired(certificate x509.Certificate, now time.Time) bool {
return now.After(certificate.NotAfter)
}
// IsCertValid 判定证书在特定时间是否有效
//
// Deprecated: 请使用 IsCertificateValid
func IsCertValid(certificate x509.Certificate, now time.Time) bool {
return now.After(certificate.NotBefore) && now.Before(certificate.NotAfter)
}
// IsCertificateValid 判定证书在特定时间是否有效
func IsCertificateValid(certificate x509.Certificate, now time.Time) bool {
return now.After(certificate.NotBefore) && now.Before(certificate.NotAfter)
}