Sign In
golang
/
flannel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: dcb7182080
Branches Tags
flannel
/
vendor
/
k8s.io
/
client-go
/
util
/
cert
/
io.go

io.go 4.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. /*
    2. 

  2. Copyright 2014 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package cert
    18. 

  18. 

  19. import (
    20. 

  20. 	"crypto/x509"
    21. 

  21. 	"fmt"
    22. 

  22. 	"io/ioutil"
    23. 

  23. 	"os"
    24. 

  24. 	"path/filepath"
    25. 

  25. )
    26. 

  26. 

  27. // CanReadCertAndKey returns true if the certificate and key files already exists,
    28. 

  28. // otherwise returns false. If lost one of cert and key, returns error.
    29. 

  29. func CanReadCertAndKey(certPath, keyPath string) (bool, error) {
    30. 

  30. 	certReadable := canReadFile(certPath)
    31. 

  31. 	keyReadable := canReadFile(keyPath)
    32. 

  32. 

  33. 	if certReadable == false && keyReadable == false {
    34. 

  34. 		return false, nil
    35. 

  35. 	}
    36. 

  36. 

  37. 	if certReadable == false {
    38. 

  38. 		return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", certPath)
    39. 

  39. 	}
    40. 

  40. 

  41. 	if keyReadable == false {
    42. 

  42. 		return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", keyPath)
    43. 

  43. 	}
    44. 

  44. 

  45. 	return true, nil
    46. 

  46. }
    47. 

  47. 

  48. // If the file represented by path exists and
    49. 

  49. // readable, returns true otherwise returns false.
    50. 

  50. func canReadFile(path string) bool {
    51. 

  51. 	f, err := os.Open(path)
    52. 

  52. 	if err != nil {
    53. 

  53. 		return false
    54. 

  54. 	}
    55. 

  55. 

  56. 	defer f.Close()
    57. 

  57. 

  58. 	return true
    59. 

  59. }
    60. 

  60. 

  61. // WriteCert writes the pem-encoded certificate data to certPath.
    62. 

  62. // The certificate file will be created with file mode 0644.
    63. 

  63. // If the certificate file already exists, it will be overwritten.
    64. 

  64. // The parent directory of the certPath will be created as needed with file mode 0755.
    65. 

  65. func WriteCert(certPath string, data []byte) error {
    66. 

  66. 	if err := os.MkdirAll(filepath.Dir(certPath), os.FileMode(0755)); err != nil {
    67. 

  67. 		return err
    68. 

  68. 	}
    69. 

  69. 	if err := ioutil.WriteFile(certPath, data, os.FileMode(0644)); err != nil {
    70. 

  70. 		return err
    71. 

  71. 	}
    72. 

  72. 	return nil
    73. 

  73. }
    74. 

  74. 

  75. // WriteKey writes the pem-encoded key data to keyPath.
    76. 

  76. // The key file will be created with file mode 0600.
    77. 

  77. // If the key file already exists, it will be overwritten.
    78. 

  78. // The parent directory of the keyPath will be created as needed with file mode 0755.
    79. 

  79. func WriteKey(keyPath string, data []byte) error {
    80. 

  80. 	if err := os.MkdirAll(filepath.Dir(keyPath), os.FileMode(0755)); err != nil {
    81. 

  81. 		return err
    82. 

  82. 	}
    83. 

  83. 	if err := ioutil.WriteFile(keyPath, data, os.FileMode(0600)); err != nil {
    84. 

  84. 		return err
    85. 

  85. 	}
    86. 

  86. 	return nil
    87. 

  87. }
    88. 

  88. 

  89. // LoadOrGenerateKeyFile looks for a key in the file at the given path. If it
    90. 

  90. // can't find one, it will generate a new key and store it there.
    91. 

  91. func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) {
    92. 

  92. 	loadedData, err := ioutil.ReadFile(keyPath)
    93. 

  93. 	if err == nil {
    94. 

  94. 		return loadedData, false, err
    95. 

  95. 	}
    96. 

  96. 	if !os.IsNotExist(err) {
    97. 

  97. 		return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
    98. 

  98. 	}
    99. 

  99. 

  100. 	generatedData, err := MakeEllipticPrivateKeyPEM()
    101. 

  101. 	if err != nil {
    102. 

  102. 		return nil, false, fmt.Errorf("error generating key: %v", err)
    103. 

  103. 	}
    104. 

  104. 	if err := WriteKey(keyPath, generatedData); err != nil {
    105. 

  105. 		return nil, false, fmt.Errorf("error writing key to %s: %v", keyPath, err)
    106. 

  106. 	}
    107. 

  107. 	return generatedData, true, nil
    108. 

  108. }
    109. 

  109. 

  110. // NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file.
    111. 

  111. // Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
    112. 

  112. func NewPool(filename string) (*x509.CertPool, error) {
    113. 

  113. 	certs, err := CertsFromFile(filename)
    114. 

  114. 	if err != nil {
    115. 

  115. 		return nil, err
    116. 

  116. 	}
    117. 

  117. 	pool := x509.NewCertPool()
    118. 

  118. 	for _, cert := range certs {
    119. 

  119. 		pool.AddCert(cert)
    120. 

  120. 	}
    121. 

  121. 	return pool, nil
    122. 

  122. }
    123. 

  123. 

  124. // CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file.
    125. 

  125. // Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
    126. 

  126. func CertsFromFile(file string) ([]*x509.Certificate, error) {
    127. 

  127. 	pemBlock, err := ioutil.ReadFile(file)
    128. 

  128. 	if err != nil {
    129. 

  129. 		return nil, err
    130. 

  130. 	}
    131. 

  131. 	certs, err := ParseCertsPEM(pemBlock)
    132. 

  132. 	if err != nil {
    133. 

  133. 		return nil, fmt.Errorf("error reading %s: %s", file, err)
    134. 

  134. 	}
    135. 

  135. 	return certs, nil
    136. 

  136. }
    137. 

  137. 

  138. // PrivateKeyFromFile returns the private key in rsa.PrivateKey or ecdsa.PrivateKey format from a given PEM-encoded file.
    139. 

  139. // Returns an error if the file could not be read or if the private key could not be parsed.
    140. 

  140. func PrivateKeyFromFile(file string) (interface{}, error) {
    141. 

  141. 	pemBlock, err := ioutil.ReadFile(file)
    142. 

  142. 	if err != nil {
    143. 

  143. 		return nil, err
    144. 

  144. 	}
    145. 

  145. 	key, err := ParsePrivateKeyPEM(pemBlock)
    146. 

  146. 	if err != nil {
    147. 

  147. 		return nil, fmt.Errorf("error reading %s: %v", file, err)
    148. 

  148. 	}
    149. 

  149. 	return key, nil
    150. 

  150. }
    151.