Skip to content

Commit

Permalink
refactor to remove duplication
Browse files Browse the repository at this point in the history
  • Loading branch information
chelseakomlo committed May 29, 2018
1 parent ac8afe0 commit 8e2da4e
Showing 1 changed file with 18 additions and 22 deletions.
40 changes: 18 additions & 22 deletions helper/tlsutil/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -148,38 +148,34 @@ func (c *Config) AppendCA(pool *x509.CertPool) error {
}

block, rest := pem.Decode(data)
if block == nil {
return fmt.Errorf("Failed to decode CA file from pem format")
if err := validateCertificate(block); err != nil {
return err
}

// Parse the certificate to ensure that it is properly formatted
if _, err := x509.ParseCertificates(block.Bytes); err != nil {
return fmt.Errorf("Failed to parse CA file: %v", err)
for len(rest) > 0 {
block, rest = pem.Decode(rest)
if err := validateCertificate(block); err != nil {
return err
}
}

if !pool.AppendCertsFromPEM(data) {
return fmt.Errorf("Failed to add any CA certificates")
}

for len(rest) > 0 {
block, rest = pem.Decode(rest)

if block == nil {
return fmt.Errorf("Failed to decode CA file from pem format")
}

// Parse the certificate to ensure that it is properly formatted
if _, err := x509.ParseCertificates(block.Bytes); err != nil {
return fmt.Errorf("Failed to parse CA file: %v", err)
}
return nil
}

if !pool.AppendCertsFromPEM(data) {
return fmt.Errorf("Failed to add any CA certificates")
}
// validateCertificate checks to ensure a certificate is valid. If it is not,
// return a descriptive error of why the certificate is invalid.
func validateCertificate(block *pem.Block) error {
if block == nil {
return fmt.Errorf("Failed to decode CA file from pem format")
}

if len(rest) == 0 {
break
}
// Parse the certificate to ensure that it is properly formatted
if _, err := x509.ParseCertificates(block.Bytes); err != nil {
return fmt.Errorf("Failed to parse CA file: %v", err)
}

return nil
Expand Down

0 comments on commit 8e2da4e

Please sign in to comment.