Loads and decodes the DER and pem files to generate the certificate pool
(ctx caddy.Context)
| 145 | |
| 146 | // Loads and decodes the DER and pem files to generate the certificate pool |
| 147 | func (f *FileCAPool) Provision(ctx caddy.Context) error { |
| 148 | caPool := x509.NewCertPool() |
| 149 | var certs []*x509.Certificate |
| 150 | for _, pemFile := range f.TrustedCACertPEMFiles { |
| 151 | pemContents, err := os.ReadFile(pemFile) |
| 152 | if err != nil { |
| 153 | return fmt.Errorf("reading %s: %v", pemFile, err) |
| 154 | } |
| 155 | // Parse PEM to extract certificates |
| 156 | for len(pemContents) > 0 { |
| 157 | var block *pem.Block |
| 158 | block, pemContents = pem.Decode(pemContents) |
| 159 | if block == nil { |
| 160 | break |
| 161 | } |
| 162 | if block.Type != "CERTIFICATE" { |
| 163 | continue |
| 164 | } |
| 165 | cert, err := x509.ParseCertificate(block.Bytes) |
| 166 | if err != nil { |
| 167 | return fmt.Errorf("parsing certificate in %s: %v", pemFile, err) |
| 168 | } |
| 169 | caPool.AddCert(cert) |
| 170 | certs = append(certs, cert) |
| 171 | } |
| 172 | } |
| 173 | f.pool = caPool |
| 174 | f.certs = certs |
| 175 | return nil |
| 176 | } |
| 177 | |
| 178 | // Syntax: |
| 179 | // |