mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-10-18 21:29:50 +00:00
91774fc936
Uses github.com/libopenstorage/secrets to communicate with Vault. This removes the need for maintaining our own limited Vault APIs. By adding the new dependency, several other packages got updated in the process. Unused indirect dependencies have been removed from go.mod. Signed-off-by: Niels de Vos <ndevos@redhat.com>
49 lines
1022 B
Go
49 lines
1022 B
Go
package rootcerts
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"os/exec"
|
|
"path"
|
|
|
|
"github.com/mitchellh/go-homedir"
|
|
)
|
|
|
|
// LoadSystemCAs has special behavior on Darwin systems to work around
|
|
func LoadSystemCAs() (*x509.CertPool, error) {
|
|
pool := x509.NewCertPool()
|
|
|
|
for _, keychain := range certKeychains() {
|
|
err := addCertsFromKeychain(pool, keychain)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return pool, nil
|
|
}
|
|
|
|
func addCertsFromKeychain(pool *x509.CertPool, keychain string) error {
|
|
cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", keychain)
|
|
data, err := cmd.Output()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
pool.AppendCertsFromPEM(data)
|
|
|
|
return nil
|
|
}
|
|
|
|
func certKeychains() []string {
|
|
keychains := []string{
|
|
"/System/Library/Keychains/SystemRootCertificates.keychain",
|
|
"/Library/Keychains/System.keychain",
|
|
}
|
|
home, err := homedir.Dir()
|
|
if err == nil {
|
|
loginKeychain := path.Join(home, "Library", "Keychains", "login.keychain")
|
|
keychains = append(keychains, loginKeychain)
|
|
}
|
|
return keychains
|
|
}
|