diff --git a/pkg/provider/signature/certificates.go b/pkg/provider/signature/certificates.go index 0b91402..805abcc 100644 --- a/pkg/provider/signature/certificates.go +++ b/pkg/provider/signature/certificates.go @@ -14,22 +14,29 @@ import ( dsig "github.com/russellhaering/goxmldsig" ) +var ( + spaceRegex = regexp.MustCompile(`\s+`) +) + func ParseCertificates(certStrs []string) ([]*x509.Certificate, error) { - var certs []*x509.Certificate + certs := make([]*x509.Certificate, len(certStrs)) - regex := regexp.MustCompile(`\s+`) - for _, certStr := range certStrs { - certStr = regex.ReplaceAllString(certStr, "") + for i, certStr := range certStrs { + certStr = spaceRegex.ReplaceAllString(certStr, "") certStr = strings.TrimPrefix(strings.TrimSuffix(certStr, "-----ENDCERTIFICATE-----"), "-----BEGINCERTIFICATE-----") certBytes, err := base64.StdEncoding.DecodeString(certStr) if err != nil { - return nil, fmt.Errorf("failed to parse PEM block containing the public key") + return nil, fmt.Errorf("failed to decode certificate:" + err.Error()) + } + block, _ := pem.Decode(certBytes) + if block != nil { + certBytes = block.Bytes } parsedCert, err := x509.ParseCertificate(certBytes) if err != nil { return nil, fmt.Errorf("failed to parse certificate: " + err.Error()) } - certs = append(certs, parsedCert) + certs[i] = parsedCert } return certs, nil diff --git a/pkg/provider/signature/certificates_test.go b/pkg/provider/signature/certificates_test.go index ae4cf08..b4cf933 100644 --- a/pkg/provider/signature/certificates_test.go +++ b/pkg/provider/signature/certificates_test.go @@ -43,6 +43,14 @@ func TestCertificates_ParseCertificates(t *testing.T) { false, }, }, + { + "certificate out of metadata (PEM)", + []string{"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHVENDQXdHZ0F3SUJBZ0lVSmdXK1d2dTVGUkdQc2xIWnR2bzdja2p1NnVzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hERWFNQmdHQTFVRUF3d1JaMmwwYUhWaVgyVnVkR1Z5Y0hKcGMyVXdIaGNOTWpRd05URTRNVGswTURBMwpXaGNOTXpRd05URTJNVGswTURBM1dqQWNNUm93R0FZRFZRUUREQkZuYVhSb2RXSmZaVzUwWlhKd2NtbHpaVENDCkFpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTUtmTUNSbVlWUkxqeC9zQlRqSXBIckkKT3R0RElXd1Z4ZWtaZUN2YnJoR2RJeDdkNi9GbDZwOWwrWVNnQm9WVm00L0U0c2F3YVBBSEhTVWFKU3gwcGlicgo1TUFUcko5STVLVUNRRzRQSEdMN1MyQWVVQ3Nxbmo5NzlsbnRLaytyYTBqSkVFSlNJdGNvSEN2MlFCelFPelU5CmZUV0UyazRMQSs5ZlBjeHd2VFFLQTBwenNvZE81dGs5WitrR09mclVnUUVDK091Z0V1dHgwUTN6azJLdG9qVkcKWk5GWktkOGVVcm5YWHBhc2RmYXVMZUMwWUdBV21pUnh6TmhCUlNreFowVWNNRkpreWNFb1hEZHNXT0tCMCt1WQpMVHE2OEI5RUtBOEp1Q0pNTmRTQ3Z6Rm5mNGlVOWpxQ2syOEMzTW5ldWtJSzlpN0U2RVJrdHFJY2M3OTdlaWhKClZaQlIzRUhVanRpTjBsZVNGVnkwM3g0a1Z6RzM1dEJGcjMrek1BUTkwOHJCVjduY3J1czV3RXE3TWJyNE5PUXYKVGRqZUpZSitJczBEak9YQW5oejdIbGFmd3Y4N0lpWkU1SDZDTHI2ak5pazFreFpRbVRRbjhkR1BDZTRtVjdrdQpuV0ZNLzVMbEhBU2kwSVpCZlEzcDV0ZGdHaDNwTlNaRzFCQkg3dXVIdy9uUHdNRXhNSFVPZWp3RUVzN0kySlBQCkNWaGF4Nkl6UDJWVWYyZ1FHNmlzOUFVQm5Qc2MzMzUyZzE0VVlBRU5iSnhzeTNJdUptaDg4L2duZkhhNXZHaEwKZHkxa1J4TlVFYlpJeFI1V2JHSTl4cmx1K3Q3WVdIY0gzWjdzQ1NNbCt4a3VTeHpzQ0dxNURERzlHeEZDKzdJQgpDa2ZGOC9hTmNQSnZpdEFYS2xMbEFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUmIyd1ZCVzlzOXkzR0dUQk1QCm9zMkJJMFgvY0RBZkJnTlZIU01FR0RBV2dCUmIyd1ZCVzlzOXkzR0dUQk1Qb3MyQkkwWC9jREFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElDQVFCV2dQSFFvVGZkU1l4cHJtVStzQXV1UnNKZwpTL1ZrSlczN2xrMVhYV1lUUktXMHc5UU1wSFNob083TEIxaXFRQjRMVXFEYjJid3Bac0ppQ2d3WWpvZlljaUNjClY1dC9zMGxhVW02VjB4ZUR0SzdPN2RZQU5iZUc5eXhhSWxEVTVzQTZJZkpSOVdoQWhLVy9uVUZ2LzdjWkNYWUYKRVpXTHJCcytkMk42NFAwOTdnNENzOFJ5V3pQZHMrTE14UmhXU3hoY3RFQ011dWlLNys4Z2k2dnpxYVh1cmV1RQp5Rko0L0kwR3FZOEF1NmdoQTVzSm9sTWxBU2tWUzIvb2xzVllHOStad0tvWEcyUWxnWFpaMVhWeTNaVkdKSC9BCndneXZkTWtneUVGMncybjRUc0lkd3ZTM2thbzUzc0t3aXRpNlVYOHZoMEtvY2Q1WkRHeS81WHBpamFPbmpIejMKSTNGeGxNS3JmUWlJMWp4NmdTcUFLb2x1UlpmZ1RmQ2FjUkFRMUZvTWhZOXdnaFY2bEZFR2xXeHdqUUVJYlJXUQpuajIybXNGcFhPY283MCs4VGp5Q3BCWjl2SFpSZ0ZGSHBEM1dPSWxvdjBYeTdzLzMrTlMvZDlpc3ZwVzJyLzViCjRIYUV0bTdFYlpyck5WS014aEprSnByT3owRjMva2QxMnRrRFY4aDZuazBuVi8wTm13V2dDRjRFVDVpK2ZWYXAKNlcrNCtaZTA1dzZRVkY3Tnl0TFFjNGdMZi8rRk51NWFPMVBwUSt0ZXlRV01VUzJ2N05Id0ZDcEQ0UnNPVHNvbgp5cU5tejRSWTM5dnliSC9VRk5WZFlTMVVOdGF5eTdONWJPS1JwSnBLLzU0QlBuYnJaOS9CcWx6S25HSWQ3Q0V1Ckxxb2ZCOGN4dTVBM2RQc0ViQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"}, + res{ + 1, + false, + }, + }, { "certificate out of metadata base64 error", []string{"MIICvDCCAaQCCQD6E8sQ2usjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVt\neXNlcnZpY2UuZXhhbXBsZS5jb20wHhcNMjIwMjE3MTQwNjM5WhcNMjMwMjE3MTQw\nNjM5WjAgMR4wHAYDVQQDDBVteXNlcnZpY2UuZXhhbXBsZS5jb20wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7XKdCRxUZXjdqVqwwwOJqc1Ch0nOSmk+U\nerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWcWAHJloqZ7GBS7NpDhzV8\nG+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2gIfsYPs3TTq1sq7oCs5q\nLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+aEkyRh07oMpXBEobGisfF\n2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7Lfgq7oxmv/8LFi4Zopr5\nnyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v4cxTNPn/AgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBAJYxROWSOZbOzXzafdGjQKsMgN948G/hHwVuZneyAcVo\nLMFTs1Weya9Z+snMp1u0AdDGmQTS9zGnD7syDYGOmgigOLcMvLMoWf5tCQBbEukW\n8O7DPjRR0XypChGSsHsqLGO0B0HaTel0HdP9Si827OCkc9Q+WbsFG/8/4ToGWL+u\nla1WuLawozoj8umPi9D8iXCoW35y2STU+WFQG7W+Kfdu+2CYz/0tGdwVqNG4Wsfa\nwWchrS00vGFKjm/fJc876gAfxiMH1I9fZvYSAxAZ3sVI//Ml2sUdgf067ywQ75oa\nLSS2NImmz5aos3vuWmOXhILd7iTU+BD8Uv6vWbI7I1M=\n"},