Skip to content

Commit

Permalink
allow pem certs
Browse files Browse the repository at this point in the history
Signed-off-by: Isaac Matthews <[email protected]>
  • Loading branch information
Isaac-Matthews committed Nov 8, 2023
1 parent 2f7880d commit f1fe817
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
6 changes: 6 additions & 0 deletions keylime-agent/src/crypto.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ pub(crate) fn load_x509_der(input_cert_path: &Path) -> Result<X509> {
X509::from_der(&contents).map_err(Error::Crypto)
}

Check warning on line 39 in keylime-agent/src/crypto.rs

View check run for this annotation

Codecov / codecov/patch

keylime-agent/src/crypto.rs#L38-L39

Added lines #L38 - L39 were not covered by tests

pub(crate) fn load_x509_pem(input_cert_path: &Path) -> Result<X509> {
let contents = std::fs::read(input_cert_path).map_err(Error::from)?;

Check warning on line 42 in keylime-agent/src/crypto.rs

View check run for this annotation

Codecov / codecov/patch

keylime-agent/src/crypto.rs#L41-L42

Added lines #L41 - L42 were not covered by tests

X509::from_pem(&contents).map_err(Error::Crypto)
}

Check warning on line 45 in keylime-agent/src/crypto.rs

View check run for this annotation

Codecov / codecov/patch

keylime-agent/src/crypto.rs#L44-L45

Added lines #L44 - L45 were not covered by tests

// Read a X509 cert or cert chain and outputs the first certificate
pub(crate) fn load_x509(input_cert_path: &Path) -> Result<X509> {
let mut cert_chain = load_x509_cert_chain(input_cert_path)?;
Expand Down
10 changes: 8 additions & 2 deletions keylime-agent/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,10 @@ async fn main() -> Result<()> {
"Loading IAK certificate from {}",
iak_path.display()
);
let iakcert = crypto::load_x509_der(iak_path)?;
let iakcert = match crypto::load_x509_der(iak_path) {
Ok(cert) => cert,
Err(error) => crypto::load_x509_pem(iak_path)?,
};
if crypto::check_x509_key(
&iakcert,
iak.clone().unwrap().public, //#[allow_ci]
Expand Down Expand Up @@ -343,7 +346,10 @@ async fn main() -> Result<()> {
"Loading IDevID certificate from {}",
idevid_path.display()
);
let idevcert = crypto::load_x509_der(idevid_path)?;
let idevcert = match crypto::load_x509_der(idevid_path) {
Ok(cert) => cert,
Err(error) => crypto::load_x509_pem(idevid_path)?,
};
if crypto::check_x509_key(
&idevcert,
idevid.clone().unwrap().public, //#[allow_ci]
Expand Down

0 comments on commit f1fe817

Please sign in to comment.