LoadCertificates returns the certificates to be loaded by fl.
()
| 78 | |
| 79 | // LoadCertificates returns the certificates to be loaded by fl. |
| 80 | func (fl FileLoader) LoadCertificates() ([]Certificate, error) { |
| 81 | certs := make([]Certificate, 0, len(fl)) |
| 82 | for _, pair := range fl { |
| 83 | certData, err := os.ReadFile(pair.Certificate) |
| 84 | if err != nil { |
| 85 | return nil, err |
| 86 | } |
| 87 | keyData, err := os.ReadFile(pair.Key) |
| 88 | if err != nil { |
| 89 | return nil, err |
| 90 | } |
| 91 | |
| 92 | var cert tls.Certificate |
| 93 | switch pair.Format { |
| 94 | case "": |
| 95 | fallthrough |
| 96 | |
| 97 | case "pem": |
| 98 | // if the start of the key file looks like an encrypted private key, |
| 99 | // reject it with a helpful error message |
| 100 | if strings.Contains(string(keyData[:40]), "ENCRYPTED") { |
| 101 | return nil, fmt.Errorf("encrypted private keys are not supported; please decrypt the key first") |
| 102 | } |
| 103 | |
| 104 | cert, err = tls.X509KeyPair(certData, keyData) |
| 105 | |
| 106 | default: |
| 107 | return nil, fmt.Errorf("unrecognized certificate/key encoding format: %s", pair.Format) |
| 108 | } |
| 109 | if err != nil { |
| 110 | return nil, err |
| 111 | } |
| 112 | |
| 113 | certs = append(certs, Certificate{Certificate: cert, Tags: pair.Tags}) |
| 114 | } |
| 115 | return certs, nil |
| 116 | } |
| 117 | |
| 118 | // Interface guard |
| 119 | var ( |