LoadCertificates loads all the certificates+keys in the directories listed in fl from all files ending with .pem. This method of loading certificates expects the certificate and key to be bundled into the same file.
()
| 61 | // certificates expects the certificate and key to be bundled into the |
| 62 | // same file. |
| 63 | func (fl FolderLoader) LoadCertificates() ([]Certificate, error) { |
| 64 | var certs []Certificate |
| 65 | for _, dir := range fl { |
| 66 | root, err := os.OpenRoot(dir) |
| 67 | if err != nil { |
| 68 | return nil, fmt.Errorf("unable to open root directory %s: %w", dir, err) |
| 69 | } |
| 70 | err = filepath.WalkDir(dir, func(fpath string, d fs.DirEntry, err error) error { |
| 71 | if err != nil { |
| 72 | return fmt.Errorf("unable to traverse into path: %s", fpath) |
| 73 | } |
| 74 | if d.IsDir() { |
| 75 | return nil |
| 76 | } |
| 77 | if !strings.HasSuffix(strings.ToLower(d.Name()), ".pem") { |
| 78 | return nil |
| 79 | } |
| 80 | |
| 81 | rel, err := filepath.Rel(dir, fpath) |
| 82 | if err != nil { |
| 83 | return fmt.Errorf("unable to get relative path for %s: %w", fpath, err) |
| 84 | } |
| 85 | |
| 86 | bundle, err := root.ReadFile(rel) |
| 87 | if err != nil { |
| 88 | return err |
| 89 | } |
| 90 | cert, err := tlsCertFromCertAndKeyPEMBundle(bundle) |
| 91 | if err != nil { |
| 92 | return fmt.Errorf("%s: %w", fpath, err) |
| 93 | } |
| 94 | |
| 95 | certs = append(certs, Certificate{Certificate: cert}) |
| 96 | return nil |
| 97 | }) |
| 98 | _ = root.Close() |
| 99 | if err != nil { |
| 100 | return nil, fmt.Errorf("walking certificates directory %s: %w", dir, err) |
| 101 | } |
| 102 | } |
| 103 | return certs, nil |
| 104 | } |
| 105 | |
| 106 | func tlsCertFromCertAndKeyPEMBundle(bundle []byte) (tls.Certificate, error) { |
| 107 | certBuilder, keyBuilder := new(bytes.Buffer), new(bytes.Buffer) |
nothing calls this directly
no test coverage detected