<p>Today, a code snippet that shows how to parse a certificate from a <a href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM-encoded</a> key pair using Go. The function <a href="https://golang.org/pkg/crypto/tls/#X509KeyPair"><code>tls.X509KeyPair</code></a> will do the hard work for us.</p> <div class="highlight"><pre><span></span><span class="kn">import</span> <span class="p">(</span> <span class="s">&quot;crypto/tls&quot;</span> <span class="s">&quot;crypto/x509&quot;</span> <span class="s">&quot;errors&quot;</span> <span class="p">)</span> <span class="kd">func</span> <span class="nx">ParseCertificate</span><span class="p">(</span><span class="nx">certificateBytes</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="nx">privateKeyBytes</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="nx">tls</span><span class="p">.</span><span class="nx">Certificate</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">cert</span> <span class="nx">tls</span><span class="p">.</span><span class="nx">Certificate</span> <span class="kd">var</span> <span class="nx">err</span> <span class="kt">error</span> <span class="nx">cert</span><span class="p">,</span> <span class="nx">err</span> <span class="p">=</span> <span class="nx">tls</span><span class="p">.</span><span class="nx">X509KeyPair</span><span class="p">([]</span><span class="nb">byte</span><span class="p">(</span><span class="nx">certificateBytes</span><span class="p">),</span> <span class="p">[]</span><span class="nb">byte</span><span class="p">(</span><span class="nx">privateKeyBytes</span><span class="p">))</span> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">cert</span><span class="p">,</span> <span class="nx">err</span> <span class="p">}</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="nx">cert</span><span class="p">.</span><span class="nx">Certificate</span><span class="p">)</span> <span class="p">&gt;</span> <span class="mi">1</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">cert</span><span class="p">,</span> <span class="nx">errors</span><span class="p">.</span><span class="nx">New</span><span class="p">(</span><span class="s">&quot;PEM file contains multiple certificates&quot;</span><span class="p">)</span> <span class="p">}</span> <span class="nx">c</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">x509</span><span class="p">.</span><span class="nx">ParseCertificate</span><span class="p">(</span><span class="nx">cert</span><span class="p">.</span><span class="nx">Certificate</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="k">if</span> <span class="nx">c</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="o">&amp;&amp;</span> <span class="nx">err</span> <span class="o">==</span> <span class="kc">nil</span> <span class="p">{</span> <span class="nx">cert</span><span class="p">.</span><span class="nx">Leaf</span> <span class="p">=</span> <span class="nx">c</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">cert</span><span class="p">,</span> <span class="kc">nil</span> <span class="p">}</span> </pre></div> <div class="highlight"><pre><span></span><span class="kd">func</span> <span class="nx">X509KeyPair</span><span class="p">(</span><span class="nx">certPEMBlock</span><span class="p">,</span> <span class="nx">keyPEMBlock</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="nx">Certificate</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> </pre></div> <blockquote><p><a href="https://golang.org/pkg/crypto/tls/#X509KeyPair"><code>X509KeyPair</code></a> parses a public/private key pair from a pair of PEM encoded data. On successful return, <code>Certificate.Leaf</code> will be nil because the parsed form of the certificate is not retained.</p> </blockquote>

Related Posts

  • Embedding file with Go 1.16
  • Truncating a Unix timestamp to the hour using Go
  • Gotcha with defer in Go
  • Looking up a CNAME in Go
  • Pretty-print JSON with Go