| package crypto |
| |
| import ( |
| "crypto/rsa" |
| "crypto/x509" |
| "encoding/pem" |
| "errors" |
| ) |
| |
| // Errors specific to rsa_utils. |
| var ( |
| ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be PEM encoded PKCS1 or PKCS8 private key") |
| ErrNotRSAPrivateKey = errors.New("key is not a valid RSA private key") |
| ErrNotRSAPublicKey = errors.New("key is not a valid RSA public key") |
| ) |
| |
| // ParseRSAPrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 private key. |
| func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error) { |
| var err error |
| |
| // Parse PEM block |
| var block *pem.Block |
| if block, _ = pem.Decode(key); block == nil { |
| return nil, ErrKeyMustBePEMEncoded |
| } |
| |
| var parsedKey interface{} |
| if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { |
| if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { |
| return nil, err |
| } |
| } |
| |
| var pkey *rsa.PrivateKey |
| var ok bool |
| if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok { |
| return nil, ErrNotRSAPrivateKey |
| } |
| |
| return pkey, nil |
| } |
| |
| // ParseRSAPublicKeyFromPEM parses PEM encoded PKCS1 or PKCS8 public key. |
| func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error) { |
| var err error |
| |
| // Parse PEM block |
| var block *pem.Block |
| if block, _ = pem.Decode(key); block == nil { |
| return nil, ErrKeyMustBePEMEncoded |
| } |
| |
| // Parse the key |
| var parsedKey interface{} |
| if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil { |
| if cert, err := x509.ParseCertificate(block.Bytes); err == nil { |
| parsedKey = cert.PublicKey |
| } else { |
| return nil, err |
| } |
| } |
| |
| var pkey *rsa.PublicKey |
| var ok bool |
| if pkey, ok = parsedKey.(*rsa.PublicKey); !ok { |
| return nil, ErrNotRSAPublicKey |
| } |
| |
| return pkey, nil |
| } |
