-
Notifications
You must be signed in to change notification settings - Fork 2
/
Certificate.go
71 lines (60 loc) · 1.87 KB
/
Certificate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package goapns
import (
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"io/ioutil"
"golang.org/x/crypto/pkcs12"
)
var (
//ErrorCertificateExpired is an error that reports that the certificate is expired.
ErrorCertificateExpired = errors.New("Your certificate has expired. Please renew in Apples Developer Center")
//ErrorCertificatePrivateKeyNotRSA is an error that reports that the certificate is in the wrong format.
ErrorCertificatePrivateKeyNotRSA = errors.New("Apparently the private key is not in RSA format, aborting.")
)
//CertificateFromP12 loads a p12 certificate file from a given path.
//If can be secured by a password. You should pass it as an argument to
//enable Go-APNS to open it
func CertificateFromP12(filePath string, key string) (tls.Certificate, error) {
fmt.Printf("Will load cert from file %v \n", filePath)
p12Data, err := ioutil.ReadFile(filePath)
// fmt.Printf("Read Data %v error: %v\n", p12Data, err)
if err != nil {
return tls.Certificate{}, err
}
privateKey, crt, err := pkcs12.Decode(p12Data, key)
if err != nil {
fmt.Printf("Could not load cert with error %v \n", err)
return tls.Certificate{}, err
}
// fmt.Printf("Decoded. Private key %v crt %v, error %v \n", privateKey, crt, err)
fmt.Println("Decoded certificate successfully")
//ensure that private key is RSA
privateRSAKey, ok := privateKey.(*rsa.PrivateKey)
if !ok {
return tls.Certificate{}, ErrorCertificatePrivateKeyNotRSA
}
certificate := tls.Certificate{
Certificate: [][]byte{crt.Raw},
PrivateKey: privateRSAKey,
Leaf: crt,
}
return certificate, nil
}
func verify(cert *x509.Certificate) error {
_, err := cert.Verify(x509.VerifyOptions{})
if err == nil {
return nil
}
switch e := err.(type) {
case x509.CertificateInvalidError:
if e.Reason == x509.Expired {
return ErrorCertificateExpired
}
return err
default:
return err
}
}