DecodePrivateKeyBytes will decode a PEM encoded private key into a crypto.Signer. It supports ECDSA, RSA and EdDSA private keys only. All other types will return err.
(keyBytes []byte)
| 28 | // DecodePrivateKeyBytes will decode a PEM encoded private key into a crypto.Signer. |
| 29 | // It supports ECDSA, RSA and EdDSA private keys only. All other types will return err. |
| 30 | func DecodePrivateKeyBytes(keyBytes []byte) (crypto.Signer, error) { |
| 31 | // decode the private key pem |
| 32 | block, _, err := pem.SafeDecodePrivateKey(keyBytes) |
| 33 | if err != nil { |
| 34 | return nil, errors.NewInvalidData("error decoding private key PEM block: %s", err.Error()) |
| 35 | } |
| 36 | |
| 37 | switch block.Type { |
| 38 | case "PRIVATE KEY": |
| 39 | key, err := x509.ParsePKCS8PrivateKey(block.Bytes) |
| 40 | if err != nil { |
| 41 | return nil, errors.NewInvalidData("error parsing pkcs#8 private key: %s", err.Error()) |
| 42 | } |
| 43 | |
| 44 | signer, ok := key.(crypto.Signer) |
| 45 | if !ok { |
| 46 | return nil, errors.NewInvalidData("error parsing pkcs#8 private key: invalid key type") |
| 47 | } |
| 48 | return signer, nil |
| 49 | case "EC PRIVATE KEY": |
| 50 | key, err := x509.ParseECPrivateKey(block.Bytes) |
| 51 | if err != nil { |
| 52 | return nil, errors.NewInvalidData("error parsing ecdsa private key: %s", err.Error()) |
| 53 | } |
| 54 | |
| 55 | return key, nil |
| 56 | case "RSA PRIVATE KEY": |
| 57 | key, err := x509.ParsePKCS1PrivateKey(block.Bytes) |
| 58 | if err != nil { |
| 59 | return nil, errors.NewInvalidData("error parsing rsa private key: %s", err.Error()) |
| 60 | } |
| 61 | |
| 62 | err = key.Validate() |
| 63 | if err != nil { |
| 64 | return nil, errors.NewInvalidData("rsa private key failed validation: %s", err.Error()) |
| 65 | } |
| 66 | return key, nil |
| 67 | default: |
| 68 | return nil, errors.NewInvalidData("unknown private key type: %s", block.Type) |
| 69 | } |
| 70 | } |
| 71 | |
| 72 | func decodeMultipleCerts(certBytes []byte, decodeFn func([]byte) (*stdpem.Block, []byte, error)) ([]*x509.Certificate, error) { |
| 73 | certs := []*x509.Certificate{} |
searching dependent graphs…