MCPcopy
hub / github.com/caddyserver/certmagic / PEMDecodePrivateKey

Function PEMDecodePrivateKey

crypto.go:75–108  ·  view source on GitHub ↗

PEMDecodePrivateKey loads a PEM-encoded ECC/RSA private key from an array of bytes. Borrowed from Go standard library, to handle various private key and PEM block types.

(keyPEMBytes []byte)

Source from the content-addressed store, hash-verified

73// PEMDecodePrivateKey loads a PEM-encoded ECC/RSA private key from an array of bytes.
74// Borrowed from Go standard library, to handle various private key and PEM block types.
75func PEMDecodePrivateKey(keyPEMBytes []byte) (crypto.Signer, error) {
76 // Modified from original:
77 // https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308
78 // https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238
79
80 keyBlockDER, _ := pem.Decode(keyPEMBytes)
81
82 if keyBlockDER == nil {
83 return nil, fmt.Errorf("failed to decode PEM block containing private key")
84 }
85
86 if keyBlockDER.Type != "PRIVATE KEY" && !strings.HasSuffix(keyBlockDER.Type, " PRIVATE KEY") {
87 return nil, fmt.Errorf("unknown PEM header %q", keyBlockDER.Type)
88 }
89
90 if key, err := x509.ParsePKCS1PrivateKey(keyBlockDER.Bytes); err == nil {
91 return key, nil
92 }
93
94 if key, err := x509.ParsePKCS8PrivateKey(keyBlockDER.Bytes); err == nil {
95 switch key := key.(type) {
96 case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey:
97 return key.(crypto.Signer), nil
98 default:
99 return nil, fmt.Errorf("found unknown private key type in PKCS#8 wrapping: %T", key)
100 }
101 }
102
103 if key, err := x509.ParseECPrivateKey(keyBlockDER.Bytes); err == nil {
104 return key, nil
105 }
106
107 return nil, fmt.Errorf("unknown private key type")
108}
109
110// parseCertsFromPEMBundle parses a certificate bundle from top to bottom and returns
111// a slice of x509 certificates. This function will error if no certificates are found.

Callers 6

loadAccountMethod · 0.85
lookUpAccountMethod · 0.85
reusePrivateKeyMethod · 0.85
renewCertMethod · 0.85

Calls

no outgoing calls

Tested by 2

Used in the wild real call sites across dependent graphs

searching dependent graphs…