MCPcopy
hub / github.com/caddyserver/caddy / Load

Method Load

modules/caddypki/crypto.go:91–123  ·  view source on GitHub ↗

Load loads the certificate chain and (optional) private key from the corresponding files, using the configured format. If a private key is read, it will be verified to belong to the first certificate in the chain.

()

Source from the content-addressed store, hash-verified

89// private key is read, it will be verified to belong to the first
90// certificate in the chain.
91func (kp KeyPair) Load() ([]*x509.Certificate, crypto.Signer, error) {
92 switch kp.Format {
93 case "", "pem_file":
94 certData, err := os.ReadFile(kp.Certificate)
95 if err != nil {
96 return nil, nil, err
97 }
98 chain, err := pemDecodeCertificateChain(certData)
99 if err != nil {
100 return nil, nil, err
101 }
102
103 var key crypto.Signer
104 if kp.PrivateKey != "" {
105 keyData, err := os.ReadFile(kp.PrivateKey)
106 if err != nil {
107 return nil, nil, err
108 }
109 key, err = certmagic.PEMDecodePrivateKey(keyData)
110 if err != nil {
111 return nil, nil, err
112 }
113 if err := verifyKeysMatch(chain[0], key); err != nil {
114 return nil, nil, err
115 }
116 }
117
118 return chain, key, nil
119
120 default:
121 return nil, nil, fmt.Errorf("unsupported format: %s", kp.Format)
122 }
123}
124
125// verifyKeysMatch verifies that the public key in the [x509.Certificate] matches
126// the public key of the [crypto.Signer].

Callers 15

TestKeyPair_LoadFunction · 0.95
AcceptMethod · 0.80
DeleteMethod · 0.80
ReferencesMethod · 0.80
AcceptMethod · 0.80
ReadFromMethod · 0.80
ExitingFunction · 0.80
ProvisionMethod · 0.80
loadOrGenRootMethod · 0.80
loadOrGenIntermediateMethod · 0.80
LoadLeafCertificatesMethod · 0.80
ProvisionMethod · 0.80

Calls 3

verifyKeysMatchFunction · 0.85
ReadFileMethod · 0.80