<p>Today, a code snippet that shows how to parse a certificate from a <a href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM-encoded</a> key pair using Go. The function <a href="https://golang.org/pkg/crypto/tls/#X509KeyPair"><code>tls.X509KeyPair</code></a> will do the hard work for us.</p>
<div class="highlight"><pre><span></span><span class="kn">import</span> <span class="p">(</span>
<span class="s">"crypto/tls"</span>
<span class="s">"crypto/x509"</span>
<span class="s">"errors"</span>
<span class="p">)</span>
<span class="kd">func</span> <span class="nx">ParseCertificate</span><span class="p">(</span><span class="nx">certificateBytes</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="nx">privateKeyBytes</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="nx">tls</span><span class="p">.</span><span class="nx">Certificate</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="kd">var</span> <span class="nx">cert</span> <span class="nx">tls</span><span class="p">.</span><span class="nx">Certificate</span>
<span class="kd">var</span> <span class="nx">err</span> <span class="kt">error</span>
<span class="nx">cert</span><span class="p">,</span> <span class="nx">err</span> <span class="p">=</span> <span class="nx">tls</span><span class="p">.</span><span class="nx">X509KeyPair</span><span class="p">([]</span><span class="nb">byte</span><span class="p">(</span><span class="nx">certificateBytes</span><span class="p">),</span> <span class="p">[]</span><span class="nb">byte</span><span class="p">(</span><span class="nx">privateKeyBytes</span><span class="p">))</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="nx">cert</span><span class="p">,</span> <span class="nx">err</span>
<span class="p">}</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="nx">cert</span><span class="p">.</span><span class="nx">Certificate</span><span class="p">)</span> <span class="p">></span> <span class="mi">1</span> <span class="p">{</span>
<span class="k">return</span> <span class="nx">cert</span><span class="p">,</span> <span class="nx">errors</span><span class="p">.</span><span class="nx">New</span><span class="p">(</span><span class="s">"PEM file contains multiple certificates"</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">c</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">x509</span><span class="p">.</span><span class="nx">ParseCertificate</span><span class="p">(</span><span class="nx">cert</span><span class="p">.</span><span class="nx">Certificate</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
<span class="k">if</span> <span class="nx">c</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="o">&&</span> <span class="nx">err</span> <span class="o">==</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">cert</span><span class="p">.</span><span class="nx">Leaf</span> <span class="p">=</span> <span class="nx">c</span>
<span class="p">}</span>
<span class="k">return</span> <span class="nx">cert</span><span class="p">,</span> <span class="kc">nil</span>
<span class="p">}</span>
</pre></div>
<div class="highlight"><pre><span></span><span class="kd">func</span> <span class="nx">X509KeyPair</span><span class="p">(</span><span class="nx">certPEMBlock</span><span class="p">,</span> <span class="nx">keyPEMBlock</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="nx">Certificate</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span>
</pre></div>
<blockquote><p><a href="https://golang.org/pkg/crypto/tls/#X509KeyPair"><code>X509KeyPair</code></a> parses a public/private key pair from a pair of PEM encoded data. On successful return, <code>Certificate.Leaf</code> will be nil because the parsed form of the certificate is not retained.</p>
</blockquote>
Embedding file with Go 1.16
Truncating a Unix timestamp to the hour using Go
Gotcha with defer in Go
Looking up a CNAME in Go
Pretty-print JSON with Go