projects/fetchcert
1
0
Fork 1
Code Issues Pull requests Projects Releases 1 Activity Actions

Fix - Convert DER to PEM when reading from LDAP

Browse source
This commit is contained in:
Emmanuel BENOîT 2021-11-05 14:55:51 +01:00
parent a651e408ed
commit 4619b592e6
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
ldap.go
View file

@ -3,6 +3,7 @@ package main
import ( import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/pem"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
@ -163,7 +164,11 @@ func (conn *tLdapConn) getEndEntityCertificate(dn string) ([]byte, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("DN %s - invalid certificate in attribute %s : %w", dn, eec, err) return nil, fmt.Errorf("DN %s - invalid certificate in attribute %s : %w", dn, eec, err)
} }
return values[0], nil data := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE",
Bytes: values[0],
})
return data, nil
} }
// Get a CA certificate, as well as the value of the chaining field, from // Get a CA certificate, as well as the value of the chaining field, from
@ -189,11 +194,14 @@ func (conn *tLdapConn) getCaCertificate(dn string) ([]byte, string, error) {
if nFound > 1 { if nFound > 1 {
return ca_cert, chain_dn, fmt.Errorf("DN %s - one value expected for %s, %d values found", dn, cc, nFound) return ca_cert, chain_dn, fmt.Errorf("DN %s - one value expected for %s, %d values found", dn, cc, nFound)
} else if nFound == 1 { } else if nFound == 1 {
ca_cert = values[0] _, err := x509.ParseCertificate(values[0])
_, err := x509.ParseCertificate(ca_cert)
if err != nil { if err != nil {
return nil, "", fmt.Errorf("DN %s - invalid certificate in attribute %s : %w", dn, cc, err) return nil, "", fmt.Errorf("DN %s - invalid certificate in attribute %s : %w", dn, cc, err)
} }
ca_cert = pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE",
Bytes: values[0],
})
} }
chval := entry.GetAttributeValues(chain) chval := entry.GetAttributeValues(chain)