12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- package http
- import (
- "crypto/x509"
- "fmt"
- "io/ioutil"
- "os"
- "strings"
- "github.com/ethereum/go-ethereum/log"
- )
- // Load Root CA certificate(s).
- // Path can be a single certificate file, or a comma separated list containing a combination of
- // certificate files or directories containing certificate files.
- func loadRootCaCerts(rootCAPath string) (*x509.CertPool, error) {
- rootCAPool, err := x509.SystemCertPool()
- if err != nil {
- rootCAPool = x509.NewCertPool()
- }
- if len(rootCAPath) == 0 {
- return rootCAPool, nil
- }
- list := strings.Split(rootCAPath, ",")
- for _, thisFileOrDirEntry := range list {
- info, err := os.Lstat(thisFileOrDirEntry)
- if err != nil {
- return nil, fmt.Errorf("unable to check whether RootCA entry '%v' is a file or directory, due to: %s", thisFileOrDirEntry, err)
- }
- if info.Mode()&os.ModeDir != 0 {
- fileList, err := ioutil.ReadDir(thisFileOrDirEntry)
- if err != nil {
- return nil, fmt.Errorf("unable to read contents of RootCA directory '%v', due to: %s", thisFileOrDirEntry, err)
- }
- for _, fileinfo := range fileList {
- if err := loadRootCAFromFile(thisFileOrDirEntry+"/"+fileinfo.Name(), rootCAPool); err != nil {
- return nil, err
- }
- }
- } else if err := loadRootCAFromFile(thisFileOrDirEntry, rootCAPool); err != nil {
- return nil, err
- }
- }
- return rootCAPool, nil
- }
- func loadRootCAFromFile(file string, roots *x509.CertPool) error {
- log.Debug("loading RootCA certificate for connection to private transaction manager", "file", file)
- data, err := ioutil.ReadFile(file)
- if err != nil {
- return fmt.Errorf("unable to read contents of RootCA certificate file '%v', due to: %s", file, err)
- }
- if !roots.AppendCertsFromPEM(data) {
- return fmt.Errorf("failed to add TlsRootCA certificate to pool, check that '%v' contains a valid RootCA certificate", file)
- }
- return nil
- }
|