-
-// decodeCSR decodes a certificate request in PEM format and returns the
-func decodeCSR(data []byte) (*x509.CertificateRequest, error) {
- block, rest := pem.Decode(data)
- if block == nil || len(rest) > 0 {
- return nil, fmt.Errorf("unexpected CSR PEM on sign request")
- }
- if block.Type != "CERTIFICATE REQUEST" {
- return nil, fmt.Errorf("PEM is not a certificate request")
- }
- csr, err := x509.ParseCertificateRequest(block.Bytes)
- if err != nil {
- return nil, fmt.Errorf("error parsing certificate request: %v", err)
- }
- if err := csr.CheckSignature(); err != nil {
- return nil, fmt.Errorf("error checking certificate request signature: %v", err)
- }
- return csr, nil
-}
-
-// encodeX509 will encode a *x509.Certificate into PEM format.
-func encodeX509(cert *x509.Certificate) ([]byte, error) {
- caPem := bytes.NewBuffer([]byte{})
- err := pem.Encode(caPem, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
- if err != nil {
- return nil, err
- }
- return caPem.Bytes(), nil
-}