How to use parse method of x509 Package

Best K6 code snippet using x509.parse

helpers.go

Source:helpers.go Github

copy

Full Screen

...171// EncodeCertificatePEM encodes a single x509 certficates to PEM172func EncodeCertificatePEM(cert *x509.Certificate) []byte {173 return EncodeCertificatesPEM([]*x509.Certificate{cert})174}175// ParseCertificatesPEM parses a sequence of PEM-encoded certificate and returns them,176// can handle PEM encoded PKCS #7 structures.177func ParseCertificatesPEM(certsPEM []byte) ([]*x509.Certificate, error) {178 var certs []*x509.Certificate179 var err error180 certsPEM = bytes.TrimSpace(certsPEM)181 for len(certsPEM) > 0 {182 var cert []*x509.Certificate183 cert, certsPEM, err = ParseOneCertificateFromPEM(certsPEM)184 if err != nil {185 return nil, cferr.New(cferr.CertificateError, cferr.ParseFailed)186 } else if cert == nil {187 break188 }189 certs = append(certs, cert...)190 }191 if len(certsPEM) > 0 {192 return nil, cferr.New(cferr.CertificateError, cferr.DecodeFailed)193 }194 return certs, nil195}196// ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key,197// either PKCS #7, PKCS #12, or raw x509.198func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certificate, key crypto.Signer, err error) {199 certsDER = bytes.TrimSpace(certsDER)200 pkcs7data, err := pkcs7.ParsePKCS7(certsDER)201 if err != nil {202 var pkcs12data interface{}203 certs = make([]*x509.Certificate, 1)204 pkcs12data, certs[0], err = pkcs12.Decode(certsDER, password)205 if err != nil {206 certs, err = x509.ParseCertificates(certsDER)207 if err != nil {208 return nil, nil, cferr.New(cferr.CertificateError, cferr.DecodeFailed)209 }210 } else {211 key = pkcs12data.(crypto.Signer)212 }213 } else {214 if pkcs7data.ContentInfo != "SignedData" {215 return nil, nil, cferr.Wrap(cferr.CertificateError, cferr.DecodeFailed, errors.New("can only extract certificates from signed data content info"))216 }217 certs = pkcs7data.Content.SignedData.Certificates218 }219 if certs == nil {220 return nil, key, cferr.New(cferr.CertificateError, cferr.DecodeFailed)221 }222 return certs, key, nil223}224// ParseSelfSignedCertificatePEM parses a PEM-encoded certificate and check if it is self-signed.225func ParseSelfSignedCertificatePEM(certPEM []byte) (*x509.Certificate, error) {226 cert, err := ParseCertificatePEM(certPEM)227 if err != nil {228 return nil, err229 }230 if err := cert.CheckSignature(cert.SignatureAlgorithm, cert.RawTBSCertificate, cert.Signature); err != nil {231 return nil, cferr.Wrap(cferr.CertificateError, cferr.VerifyFailed, err)232 }233 return cert, nil234}235// ParseCertificatePEM parses and returns a PEM-encoded certificate,236// can handle PEM encoded PKCS #7 structures.237func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error) {238 certPEM = bytes.TrimSpace(certPEM)239 cert, rest, err := ParseOneCertificateFromPEM(certPEM)240 if err != nil {241 // Log the actual parsing error but throw a default parse error message.242 log.Debugf("Certificate parsing error: %v", err)243 return nil, cferr.New(cferr.CertificateError, cferr.ParseFailed)244 } else if cert == nil {245 return nil, cferr.New(cferr.CertificateError, cferr.DecodeFailed)246 } else if len(rest) > 0 {247 return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, errors.New("the PEM file should contain only one object"))248 } else if len(cert) > 1 {249 return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, errors.New("the PKCS7 object in the PEM file should contain only one certificate"))250 }251 return cert[0], nil252}253// ParseOneCertificateFromPEM attempts to parse one PEM encoded certificate object,254// either a raw x509 certificate or a PKCS #7 structure possibly containing255// multiple certificates, from the top of certsPEM, which itself may256// contain multiple PEM encoded certificate objects.257func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error) {258 block, rest := pem.Decode(certsPEM)259 if block == nil {260 return nil, rest, nil261 }262 cert, err := x509.ParseCertificate(block.Bytes)263 if err != nil {264 pkcs7data, err := pkcs7.ParsePKCS7(block.Bytes)265 if err != nil {266 return nil, rest, err267 }268 if pkcs7data.ContentInfo != "SignedData" {269 return nil, rest, errors.New("only PKCS #7 Signed Data Content Info supported for certificate parsing")270 }271 certs := pkcs7data.Content.SignedData.Certificates272 if certs == nil {273 return nil, rest, errors.New("PKCS #7 structure contains no certificates")274 }275 return certs, rest, nil276 }277 var certs = []*x509.Certificate{cert}278 return certs, rest, nil279}280// LoadPEMCertPool loads a pool of PEM certificates from file.281func LoadPEMCertPool(certsFile string) (*x509.CertPool, error) {282 if certsFile == "" {283 return nil, nil284 }285 pemCerts, err := ioutil.ReadFile(certsFile)286 if err != nil {287 return nil, err288 }289 return PEMToCertPool(pemCerts)290}291// PEMToCertPool concerts PEM certificates to a CertPool.292func PEMToCertPool(pemCerts []byte) (*x509.CertPool, error) {293 if len(pemCerts) == 0 {294 return nil, nil295 }296 certPool := x509.NewCertPool()297 if !certPool.AppendCertsFromPEM(pemCerts) {298 return nil, errors.New("failed to load cert pool")299 }300 return certPool, nil301}302// ParsePrivateKeyPEM parses and returns a PEM-encoded private303// key. The private key may be either an unencrypted PKCS#8, PKCS#1,304// or elliptic private key.305func ParsePrivateKeyPEM(keyPEM []byte) (key crypto.Signer, err error) {306 return ParsePrivateKeyPEMWithPassword(keyPEM, nil)307}308// ParsePrivateKeyPEMWithPassword parses and returns a PEM-encoded private309// key. The private key may be a potentially encrypted PKCS#8, PKCS#1,310// or elliptic private key.311func ParsePrivateKeyPEMWithPassword(keyPEM []byte, password []byte) (key crypto.Signer, err error) {312 keyDER, err := GetKeyDERFromPEM(keyPEM, password)313 if err != nil {314 return nil, err315 }316 return derhelpers.ParsePrivateKeyDER(keyDER)317}318// GetKeyDERFromPEM parses a PEM-encoded private key and returns DER-format key bytes.319func GetKeyDERFromPEM(in []byte, password []byte) ([]byte, error) {320 keyDER, _ := pem.Decode(in)321 if keyDER != nil {322 if procType, ok := keyDER.Headers["Proc-Type"]; ok {323 if strings.Contains(procType, "ENCRYPTED") {324 if password != nil {325 return x509.DecryptPEMBlock(keyDER, password)326 }327 return nil, cferr.New(cferr.PrivateKeyError, cferr.Encrypted)328 }329 }330 return keyDER.Bytes, nil331 }332 return nil, cferr.New(cferr.PrivateKeyError, cferr.DecodeFailed)333}334// CheckSignature verifies a signature made by the key on a CSR, such335// as on the CSR itself.336func CheckSignature(csr *x509.CertificateRequest, algo x509.SignatureAlgorithm, signed, signature []byte) error {337 var hashType crypto.Hash338 switch algo {339 case x509.SHA1WithRSA, x509.ECDSAWithSHA1:340 hashType = crypto.SHA1341 case x509.SHA256WithRSA, x509.ECDSAWithSHA256:342 hashType = crypto.SHA256343 case x509.SHA384WithRSA, x509.ECDSAWithSHA384:344 hashType = crypto.SHA384345 case x509.SHA512WithRSA, x509.ECDSAWithSHA512:346 hashType = crypto.SHA512347 default:348 return x509.ErrUnsupportedAlgorithm349 }350 if !hashType.Available() {351 return x509.ErrUnsupportedAlgorithm352 }353 h := hashType.New()354 h.Write(signed)355 digest := h.Sum(nil)356 switch pub := csr.PublicKey.(type) {357 case *rsa.PublicKey:358 return rsa.VerifyPKCS1v15(pub, hashType, digest, signature)359 case *ecdsa.PublicKey:360 ecdsaSig := new(struct{ R, S *big.Int })361 if _, err := asn1.Unmarshal(signature, ecdsaSig); err != nil {362 return err363 }364 if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {365 return errors.New("x509: ECDSA signature contained zero or negative values")366 }367 if !ecdsa.Verify(pub, digest, ecdsaSig.R, ecdsaSig.S) {368 return errors.New("x509: ECDSA verification failure")369 }370 return nil371 }372 return x509.ErrUnsupportedAlgorithm373}374// ParseCSR parses a PEM- or DER-encoded PKCS #10 certificate signing request.375func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error) {376 in = bytes.TrimSpace(in)377 p, rest := pem.Decode(in)378 if p != nil {379 if p.Type != "NEW CERTIFICATE REQUEST" && p.Type != "CERTIFICATE REQUEST" {380 return nil, rest, cferr.New(cferr.CSRError, cferr.BadRequest)381 }382 csr, err = x509.ParseCertificateRequest(p.Bytes)383 } else {384 csr, err = x509.ParseCertificateRequest(in)385 }386 if err != nil {387 return nil, rest, err388 }389 err = CheckSignature(csr, csr.SignatureAlgorithm, csr.RawTBSCertificateRequest, csr.Signature)390 if err != nil {391 return nil, rest, err392 }393 return csr, rest, nil394}395// ParseCSRPEM parses a PEM-encoded certificiate signing request.396// It does not check the signature. This is useful for dumping data from a CSR397// locally.398func ParseCSRPEM(csrPEM []byte) (*x509.CertificateRequest, error) {399 block, _ := pem.Decode([]byte(csrPEM))400 der := block.Bytes401 csrObject, err := x509.ParseCertificateRequest(der)402 if err != nil {403 return nil, err404 }405 return csrObject, nil406}407// SignerAlgo returns an X.509 signature algorithm from a crypto.Signer.408func SignerAlgo(priv crypto.Signer) x509.SignatureAlgorithm {409 switch pub := priv.Public().(type) {...

Full Screen

Full Screen

pem.go

Source:pem.go Github

copy

Full Screen

...60 Bytes: cert.Raw,61 }62 return pem.EncodeToMemory(&block)63}64// ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data.65// Recognizes PEM blocks for "EC PRIVATE KEY", "RSA PRIVATE KEY", or "PRIVATE KEY"66func ParsePrivateKeyPEM(keyData []byte) (interface{}, error) {67 var privateKeyPemBlock *pem.Block68 for {69 privateKeyPemBlock, keyData = pem.Decode(keyData)70 if privateKeyPemBlock == nil {71 break72 }73 switch privateKeyPemBlock.Type {74 case ECPrivateKeyBlockType:75 // ECDSA Private Key in ASN.1 format76 if key, err := x509.ParseECPrivateKey(privateKeyPemBlock.Bytes); err == nil {77 return key, nil78 }79 case RSAPrivateKeyBlockType:80 // RSA Private Key in PKCS#1 format81 if key, err := x509.ParsePKCS1PrivateKey(privateKeyPemBlock.Bytes); err == nil {82 return key, nil83 }84 case PrivateKeyBlockType:85 // RSA or ECDSA Private Key in unencrypted PKCS#8 format86 if key, err := x509.ParsePKCS8PrivateKey(privateKeyPemBlock.Bytes); err == nil {87 return key, nil88 }89 }90 // tolerate non-key PEM blocks for compatibility with things like "EC PARAMETERS" blocks91 // originally, only the first PEM block was parsed and expected to be a key block92 }93 // we read all the PEM blocks and didn't recognize one94 return nil, fmt.Errorf("data does not contain a valid RSA or ECDSA private key")95}96// ParsePublicKeysPEM is a helper function for reading an array of rsa.PublicKey or ecdsa.PublicKey from a PEM-encoded byte array.97// Reads public keys from both public and private key files.98func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error) {99 var block *pem.Block100 keys := []interface{}{}101 for {102 // read the next block103 block, keyData = pem.Decode(keyData)104 if block == nil {105 break106 }107 // test block against parsing functions108 if privateKey, err := parseRSAPrivateKey(block.Bytes); err == nil {109 keys = append(keys, &privateKey.PublicKey)110 continue111 }112 if publicKey, err := parseRSAPublicKey(block.Bytes); err == nil {113 keys = append(keys, publicKey)114 continue115 }116 if privateKey, err := parseECPrivateKey(block.Bytes); err == nil {117 keys = append(keys, &privateKey.PublicKey)118 continue119 }120 if publicKey, err := parseECPublicKey(block.Bytes); err == nil {121 keys = append(keys, publicKey)122 continue123 }124 // tolerate non-key PEM blocks for backwards compatibility125 // originally, only the first PEM block was parsed and expected to be a key block126 }127 if len(keys) == 0 {128 return nil, fmt.Errorf("data does not contain any valid RSA or ECDSA public keys")129 }130 return keys, nil131}132// ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array133// Returns an error if a certificate could not be parsed, or if the data does not contain any certificates134func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error) {135 ok := false136 certs := []*x509.Certificate{}137 for len(pemCerts) > 0 {138 var block *pem.Block139 block, pemCerts = pem.Decode(pemCerts)140 if block == nil {141 break142 }143 // Only use PEM "CERTIFICATE" blocks without extra headers144 if block.Type != CertificateBlockType || len(block.Headers) != 0 {145 continue146 }147 cert, err := x509.ParseCertificate(block.Bytes)148 if err != nil {149 return certs, err150 }151 certs = append(certs, cert)152 ok = true153 }154 if !ok {155 return certs, errors.New("data does not contain any valid RSA or ECDSA certificates")156 }157 return certs, nil158}159// parseRSAPublicKey parses a single RSA public key from the provided data160func parseRSAPublicKey(data []byte) (*rsa.PublicKey, error) {161 var err error162 // Parse the key163 var parsedKey interface{}164 if parsedKey, err = x509.ParsePKIXPublicKey(data); err != nil {165 if cert, err := x509.ParseCertificate(data); err == nil {166 parsedKey = cert.PublicKey167 } else {168 return nil, err169 }170 }171 // Test if parsed key is an RSA Public Key172 var pubKey *rsa.PublicKey173 var ok bool174 if pubKey, ok = parsedKey.(*rsa.PublicKey); !ok {175 return nil, fmt.Errorf("data doesn't contain valid RSA Public Key")176 }177 return pubKey, nil178}179// parseRSAPrivateKey parses a single RSA private key from the provided data180func parseRSAPrivateKey(data []byte) (*rsa.PrivateKey, error) {181 var err error182 // Parse the key183 var parsedKey interface{}184 if parsedKey, err = x509.ParsePKCS1PrivateKey(data); err != nil {185 if parsedKey, err = x509.ParsePKCS8PrivateKey(data); err != nil {186 return nil, err187 }188 }189 // Test if parsed key is an RSA Private Key190 var privKey *rsa.PrivateKey191 var ok bool192 if privKey, ok = parsedKey.(*rsa.PrivateKey); !ok {193 return nil, fmt.Errorf("data doesn't contain valid RSA Private Key")194 }195 return privKey, nil196}197// parseECPublicKey parses a single ECDSA public key from the provided data198func parseECPublicKey(data []byte) (*ecdsa.PublicKey, error) {199 var err error200 // Parse the key201 var parsedKey interface{}202 if parsedKey, err = x509.ParsePKIXPublicKey(data); err != nil {203 if cert, err := x509.ParseCertificate(data); err == nil {204 parsedKey = cert.PublicKey205 } else {206 return nil, err207 }208 }209 // Test if parsed key is an ECDSA Public Key210 var pubKey *ecdsa.PublicKey211 var ok bool212 if pubKey, ok = parsedKey.(*ecdsa.PublicKey); !ok {213 return nil, fmt.Errorf("data doesn't contain valid ECDSA Public Key")214 }215 return pubKey, nil216}217// parseECPrivateKey parses a single ECDSA private key from the provided data218func parseECPrivateKey(data []byte) (*ecdsa.PrivateKey, error) {219 var err error220 // Parse the key221 var parsedKey interface{}222 if parsedKey, err = x509.ParseECPrivateKey(data); err != nil {223 return nil, err224 }225 // Test if parsed key is an ECDSA Private Key226 var privKey *ecdsa.PrivateKey227 var ok bool228 if privKey, ok = parsedKey.(*ecdsa.PrivateKey); !ok {229 return nil, fmt.Errorf("data doesn't contain valid ECDSA Private Key")230 }231 return privKey, nil232}...

Full Screen

Full Screen

parse

Using AI Code Generation

copy

Full Screen

1import (2func main() {3 cert, err := ioutil.ReadFile("cert.pem")4 if err != nil {5 fmt.Println(err)6 }7 block, _ := pem.Decode(cert)8 if block == nil {9 fmt.Println("failed to parse certificate PEM")10 }11 cert, err = x509.ParseCertificate(block.Bytes)12 if err != nil {13 fmt.Println(err)14 }15 fmt.Println(cert.Subject)16}

Full Screen

Full Screen

parse

Using AI Code Generation

copy

Full Screen

1import ( 2func main() { 3 pemData, err := ioutil.ReadFile(“cert.pem”)4 if err != nil { 5 fmt.Println(“Error reading file:”, err) 6 os.Exit(1) 7 }8 block, _ := pem.Decode(pemData) 9 if block == nil { 10 fmt.Println(“Failed to parse PEM block containing the public key”) 11 os.Exit(1) 12 }13 cert, err := x509.ParseCertificate(block.Bytes) 14 if err != nil { 15 fmt.Println(“Failed to parse certificate:”, err) 16 os.Exit(1) 17 }18 fmt.Println(cert) 19}

Full Screen

Full Screen

parse

Using AI Code Generation

copy

Full Screen

1import (2func main() {3 cert, err := ioutil.ReadFile("cert.pem")4 if err != nil {5 log.Fatal(err)6 }7 block, _ := pem.Decode(cert)8 if block == nil {9 log.Fatal("failed to parse certificate PEM")10 }11 cert, err = x509.ParseCertificate(block.Bytes)12 if err != nil {13 log.Fatal(err)14 }15 fmt.Println(cert.Subject)16}

Full Screen

Full Screen

parse

Using AI Code Generation

copy

Full Screen

1import (2func main() {3 cert, err := ioutil.ReadFile("cert.pem")4 if err != nil {5 log.Fatal(err)6 }7 block, _ := pem.Decode(cert)8 if block == nil {9 log.Fatal("failed to parse certificate PEM")10 }11 cert, err = x509.ParseCertificate(block.Bytes)12 if err != nil {13 log.Fatal(err)14 }15 fmt.Println(cert)16}17 Version: 3 (0x2)18 Serial Number: 1 (0x1)19 RSA Public-Key: (2048 bit)

Full Screen

Full Screen

parse

Using AI Code Generation

copy

Full Screen

1import (2func main() {3 pemFile, err := os.Open("cert.pem")4 if err != nil {5 fmt.Println("Error opening pem file")6 os.Exit(1)7 }8 info, err := pemFile.Stat()9 if err != nil {10 fmt.Println("Error stating pem file")11 os.Exit(1)12 }13 pemBytes := make([]byte, info.Size())14 count, err := pemFile.Read(pemBytes)15 if err != nil {16 fmt.Println("Error reading pem file")17 os.Exit(1)18 }19 if count != int(info.Size()) {20 fmt.Println("Error reading pem file")21 os.Exit(1)22 }23 pemFile.Close()24 pemBlock, _ := pem.Decode(pemBytes)25 if pemBlock == nil {26 fmt.Println("Error decoding pem file")27 os.Exit(1)28 }29 cert, err := x509.ParseCertificate(pemBlock.Bytes)30 if err != nil {31 fmt.Println("Error parsing certificate")32 os.Exit(1)33 }34 fmt.Println(cert.Subject.CommonName)35}

Full Screen

Full Screen

parse

Using AI Code Generation

copy

Full Screen

1import (2func main() {3 pemData, err := ioutil.ReadFile("certificate.pem")4 if err != nil {5 log.Fatal(err)6 }7 block, _ := pem.Decode(pemData)8 if block == nil {9 log.Fatal("failed to parse certificate PEM")10 }11 cert, err := x509.ParseCertificate(block.Bytes)12 if err != nil {13 log.Fatal(err)14 }15 fmt.Println(cert.Subject)16}17import (18func main() {19 cert, err := tls.LoadX509KeyPair("certificate.pem", "key.pem")20 if err != nil {21 panic(err)22 }23 fmt.Println(cert.Certificate[0])24}25{C=IN, ST=Karnataka, L=Bangalore, O=Acme, OU=IT, CN=Acme.com,

Full Screen

Full Screen

parse

Using AI Code Generation

copy

Full Screen

1import (2func main() {3 keyfile, err := ioutil.ReadFile("private.pem")4 if err != nil {5 fmt.Println(err)6 os.Exit(1)7 }8 block, _ := pem.Decode(keyfile)9 if block == nil {10 fmt.Println("failed to parse PEM block containing the key")11 os.Exit(1)12 }13 priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)14 if err != nil {15 fmt.Println(err)16 os.Exit(1)17 }18 message := []byte("Hello, world!")19 hash := md5.Sum(message)20 signature, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.MD5, hash[:])21 if err != nil {22 fmt.Println(err)23 os.Exit(1)24 }25 fmt.Printf("%x26}

Full Screen

Full Screen

parse

Using AI Code Generation

copy

Full Screen

1import (2func main() {3 cert, err := ioutil.ReadFile("C:/Users/Abhishek/Desktop/Certificates/CA/CA.crt")4 if err != nil {5 fmt.Println(err)6 }7 block, _ := pem.Decode(cert)8 cert, err = x509.ParseCertificate(block.Bytes)9 if err != nil {10 fmt.Println(err)11 }12 fmt.Println(cert)13}14 Version: 3 (0x2)15 Serial Number: 0 (0x0)

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run K6 automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

... View sample repo... View DocumentationSign up Free
_

Most used method in

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

...
Sign up with GoogleSign up with Email
Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful