kairos/kairos-sdk
1
0
Fork 0
mirror of https://github.com/kairos-io/kairos-sdk.git synced 2025-06-26 07:01:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add a method to return full certs (#103)

Browse Source 
* Add a method to return full certs

Signed-off-by: Itxaka <itxaka@kairos.io>

* Fix lint

Signed-off-by: Itxaka <itxaka@kairos.io>

* Rework the cert extraction

Signed-off-by: Itxaka <itxaka@kairos.io>

---------

Signed-off-by: Itxaka <itxaka@kairos.io>
This commit is contained in:
Itxaka 2024-04-18 13:11:52 +00:00 committed by GitHub
parent b7420201f1
commit 6364d90a12
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 52 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
signatures/signatures.go
View File

@ -28,6 +28,47 @@ func GetKeyDatabase(sigType string) (*signature.SignatureDatabase, error) {
return sig, err return sig, err
} }
// GetAllFullCerts returns a list of certs in the system. Full cert, including raw data of the cert
func GetAllFullCerts() (types.CertListFull, error) {
var certList types.CertListFull
pk, err := GetKeyDatabase("PK")
if err != nil {
return certList, err
}
kek, err := GetKeyDatabase("KEK")
if err != nil {
return certList, err
}
db, err := GetKeyDatabase("DB")
if err != nil {
return certList, err
}
certList.PK = ExtractCertsFromSignatureDatabase(pk)
certList.KEK = ExtractCertsFromSignatureDatabase(kek)
certList.DB = ExtractCertsFromSignatureDatabase(db)
return certList, nil
}
// ExtractCertsFromSignatureDatabase returns a []*x509.Certificate from a *signature.SignatureDatabase
func ExtractCertsFromSignatureDatabase(database *signature.SignatureDatabase) []*x509.Certificate {
var result []*x509.Certificate
for _, k := range *database {
if isValidSignature(k.SignatureType) {
for _, k1 := range k.Signatures {
// Note the S at the end of the function, we are parsing multiple certs, not just one
certificates, err := x509.ParseCertificates(k1.Data)
if err != nil {
continue
}
result = append(result, certificates...)
}
}
}
return result
}
// GetAllCerts returns a list of certs in the system // GetAllCerts returns a list of certs in the system
func GetAllCerts() (types.CertList, error) { func GetAllCerts() (types.CertList, error) {
var certList types.CertList var certList types.CertList
@ -90,7 +131,6 @@ func GetAllCerts() (types.CertList, error) {
} }
return certList, nil return certList, nil
} }
// isValidSignature identifies a signature based as a DER-encoded X.509 certificate // isValidSignature identifies a signature based as a DER-encoded X.509 certificate

12
types/certs.go
View File

@ -1,6 +1,9 @@
package types package types
import "crypto/x509/pkix" import (
"crypto/x509"
"crypto/x509/pkix"
)
// CertList provides a list of certs on the system from the Efivars and properly parsed // CertList provides a list of certs on the system from the Efivars and properly parsed
type CertList struct { type CertList struct {
@ -9,6 +12,13 @@ type CertList struct {
DB []CertDetail DB []CertDetail
} }
// CertListFull provides a list of FULL certs, including raw cert data
type CertListFull struct {
PK []*x509.Certificate
KEK []*x509.Certificate
DB []*x509.Certificate
}
type CertDetail struct { type CertDetail struct {
Owner pkix.Name Owner pkix.Name
Issuer pkix.Name Issuer pkix.Name