1// Copyright 2019 Istio Authors
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package util
16
17import (
18	"crypto/x509"
19	"encoding/pem"
20	"fmt"
21	"io/ioutil"
22	"path"
23	"time"
24
25	"go.opencensus.io/stats/view"
26)
27
28// ParseCertAndGetExpiryTimestamp parses the first certificate in certByte and returns cert expire
29// time, or return error if fails to parse certificate.
30func ParseCertAndGetExpiryTimestamp(certByte []byte) (time.Time, error) {
31	block, _ := pem.Decode(certByte)
32	if block == nil {
33		return time.Time{}, fmt.Errorf("failed to decode certificate")
34	}
35	cert, err := x509.ParseCertificate(block.Bytes)
36	if err != nil {
37		return time.Time{}, fmt.Errorf("failed to parse certificate: %v", err)
38	}
39	return cert.NotAfter, nil
40}
41
42// GetMetricsCounterValue returns counter value in float64. For test purpose only.
43func GetMetricsCounterValue(metricName string) (float64, error) {
44	rows, err := view.RetrieveData(metricName)
45	if err != nil {
46		return float64(0), err
47	}
48	if len(rows) == 0 {
49		return 0, nil
50	}
51	if len(rows) > 1 {
52		return float64(0), fmt.Errorf("unexpected number of data for view %s: %d",
53			metricName, len(rows))
54	}
55
56	return rows[0].Data.(*view.SumData).Value, nil
57}
58
59// Output the key and certificate to the given directory.
60// If directory is empty, return nil.
61func OutputKeyCertToDir(dir string, privateKey, certChain, rootCert []byte) error {
62	if len(dir) == 0 {
63		return nil
64	}
65	// Depending on the SDS resource to output, some fields may be nil
66	if privateKey == nil && certChain == nil && rootCert == nil {
67		return fmt.Errorf("the input private key, cert chain, and root cert are nil")
68	}
69
70	if privateKey != nil {
71		if err := ioutil.WriteFile(path.Join(dir, "key.pem"), privateKey, 0777); err != nil {
72			return fmt.Errorf("failed to write private key to file: %v", err)
73		}
74	}
75	if certChain != nil {
76		if err := ioutil.WriteFile(path.Join(dir, "cert-chain.pem"), certChain, 0777); err != nil {
77			return fmt.Errorf("failed to write cert chain to file: %v", err)
78		}
79	}
80	if rootCert != nil {
81		if err := ioutil.WriteFile(path.Join(dir, "root-cert.pem"), rootCert, 0777); err != nil {
82			return fmt.Errorf("failed to write root cert to file: %v", err)
83		}
84	}
85
86	return nil
87}
88