oauth2-proxy/pkg/util/util.go

package util

import (
	"crypto/x509"
	"fmt"
	"io/ioutil"
)

func GetCertPool(paths []string) (*x509.CertPool, error) {
	if len(paths) == 0 {
		return nil, fmt.Errorf("invalid empty list of Root CAs file paths")
	}
	pool := x509.NewCertPool()
	for _, path := range paths {
		data, err := ioutil.ReadFile(path)
		if err != nil {
			return nil, fmt.Errorf("certificate authority file (%s) could not be read - %s", path, err)
		}
		if !pool.AppendCertsFromPEM(data) {
			return nil, fmt.Errorf("loading certificate authority (%s) failed", path)
		}
	}
	return pool, nil
}
Fix #635: Support specifying alternative provider TLS trust source(s) (#645) * Fix #635: Support specifying alternative provider TLS trust source(s) * Update pkg/apis/options/options.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/validation/options.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Address review comments * upd CHANGELOG.md * refactor test to assert textual subjects + add openssl gen cmd Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-07-03 16:09:17 +01:00			`package util`

			`import (`
			`"crypto/x509"`
			`"fmt"`
			`"io/ioutil"`
			`)`

			`func GetCertPool(paths []string) (*x509.CertPool, error) {`
			`if len(paths) == 0 {`
			`return nil, fmt.Errorf("invalid empty list of Root CAs file paths")`
			`}`
			`pool := x509.NewCertPool()`
			`for _, path := range paths {`
			`data, err := ioutil.ReadFile(path)`
			`if err != nil {`
			`return nil, fmt.Errorf("certificate authority file (%s) could not be read - %s", path, err)`
			`}`
			`if !pool.AppendCertsFromPEM(data) {`
			`return nil, fmt.Errorf("loading certificate authority (%s) failed", path)`
			`}`
			`}`
			`return pool, nil`
			`}`