Source file src/pkg/encoding/pem/pem.go
1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package pem implements the PEM data encoding, which originated in Privacy 6 // Enhanced Mail. The most common use of PEM encoding today is in TLS keys and 7 // certificates. See RFC 1421. 8 package pem 9 10 import ( 11 "bytes" 12 "encoding/base64" 13 "io" 14 ) 15 16 // A Block represents a PEM encoded structure. 17 // 18 // The encoded form is: 19 // -----BEGIN Type----- 20 // Headers 21 // base64-encoded Bytes 22 // -----END Type----- 23 // where Headers is a possibly empty sequence of Key: Value lines. 24 type Block struct { 25 Type string // The type, taken from the preamble (i.e. "RSA PRIVATE KEY"). 26 Headers map[string]string // Optional headers. 27 Bytes []byte // The decoded bytes of the contents. Typically a DER encoded ASN.1 structure. 28 } 29 30 // getLine results the first \r\n or \n delineated line from the given byte 31 // array. The line does not include trailing whitespace or the trailing new 32 // line bytes. The remainder of the byte array (also not including the new line 33 // bytes) is also returned and this will always be smaller than the original 34 // argument. 35 func getLine(data []byte) (line, rest []byte) { 36 i := bytes.Index(data, []byte{'\n'}) 37 var j int 38 if i < 0 { 39 i = len(data) 40 j = i 41 } else { 42 j = i + 1 43 if i > 0 && data[i-1] == '\r' { 44 i-- 45 } 46 } 47 return bytes.TrimRight(data[0:i], " \t"), data[j:] 48 } 49 50 // removeWhitespace returns a copy of its input with all spaces, tab and 51 // newline characters removed. 52 func removeWhitespace(data []byte) []byte { 53 result := make([]byte, len(data)) 54 n := 0 55 56 for _, b := range data { 57 if b == ' ' || b == '\t' || b == '\r' || b == '\n' { 58 continue 59 } 60 result[n] = b 61 n++ 62 } 63 64 return result[0:n] 65 } 66 67 var pemStart = []byte("\n-----BEGIN ") 68 var pemEnd = []byte("\n-----END ") 69 var pemEndOfLine = []byte("-----") 70 71 // Decode will find the next PEM formatted block (certificate, private key 72 // etc) in the input. It returns that block and the remainder of the input. If 73 // no PEM data is found, p is nil and the whole of the input is returned in 74 // rest. 75 func Decode(data []byte) (p *Block, rest []byte) { 76 // pemStart begins with a newline. However, at the very beginning of 77 // the byte array, we'll accept the start string without it. 78 rest = data 79 if bytes.HasPrefix(data, pemStart[1:]) { 80 rest = rest[len(pemStart)-1 : len(data)] 81 } else if i := bytes.Index(data, pemStart); i >= 0 { 82 rest = rest[i+len(pemStart) : len(data)] 83 } else { 84 return nil, data 85 } 86 87 typeLine, rest := getLine(rest) 88 if !bytes.HasSuffix(typeLine, pemEndOfLine) { 89 return decodeError(data, rest) 90 } 91 typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)] 92 93 p = &Block{ 94 Headers: make(map[string]string), 95 Type: string(typeLine), 96 } 97 98 for { 99 // This loop terminates because getLine's second result is 100 // always smaller than its argument. 101 if len(rest) == 0 { 102 return nil, data 103 } 104 line, next := getLine(rest) 105 106 i := bytes.Index(line, []byte{':'}) 107 if i == -1 { 108 break 109 } 110 111 // TODO(agl): need to cope with values that spread across lines. 112 key, val := line[0:i], line[i+1:] 113 key = bytes.TrimSpace(key) 114 val = bytes.TrimSpace(val) 115 p.Headers[string(key)] = string(val) 116 rest = next 117 } 118 119 i := bytes.Index(rest, pemEnd) 120 if i < 0 { 121 return decodeError(data, rest) 122 } 123 base64Data := removeWhitespace(rest[0:i]) 124 125 p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data))) 126 n, err := base64.StdEncoding.Decode(p.Bytes, base64Data) 127 if err != nil { 128 return decodeError(data, rest) 129 } 130 p.Bytes = p.Bytes[0:n] 131 132 _, rest = getLine(rest[i+len(pemEnd):]) 133 134 return 135 } 136 137 func decodeError(data, rest []byte) (*Block, []byte) { 138 // If we get here then we have rejected a likely looking, but 139 // ultimately invalid PEM block. We need to start over from a new 140 // position. We have consumed the preamble line and will have consumed 141 // any lines which could be header lines. However, a valid preamble 142 // line is not a valid header line, therefore we cannot have consumed 143 // the preamble line for the any subsequent block. Thus, we will always 144 // find any valid block, no matter what bytes precede it. 145 // 146 // For example, if the input is 147 // 148 // -----BEGIN MALFORMED BLOCK----- 149 // junk that may look like header lines 150 // or data lines, but no END line 151 // 152 // -----BEGIN ACTUAL BLOCK----- 153 // realdata 154 // -----END ACTUAL BLOCK----- 155 // 156 // we've failed to parse using the first BEGIN line 157 // and now will try again, using the second BEGIN line. 158 p, rest := Decode(rest) 159 if p == nil { 160 rest = data 161 } 162 return p, rest 163 } 164 165 const pemLineLength = 64 166 167 type lineBreaker struct { 168 line [pemLineLength]byte 169 used int 170 out io.Writer 171 } 172 173 func (l *lineBreaker) Write(b []byte) (n int, err error) { 174 if l.used+len(b) < pemLineLength { 175 copy(l.line[l.used:], b) 176 l.used += len(b) 177 return len(b), nil 178 } 179 180 n, err = l.out.Write(l.line[0:l.used]) 181 if err != nil { 182 return 183 } 184 excess := pemLineLength - l.used 185 l.used = 0 186 187 n, err = l.out.Write(b[0:excess]) 188 if err != nil { 189 return 190 } 191 192 n, err = l.out.Write([]byte{'\n'}) 193 if err != nil { 194 return 195 } 196 197 return l.Write(b[excess:]) 198 } 199 200 func (l *lineBreaker) Close() (err error) { 201 if l.used > 0 { 202 _, err = l.out.Write(l.line[0:l.used]) 203 if err != nil { 204 return 205 } 206 _, err = l.out.Write([]byte{'\n'}) 207 } 208 209 return 210 } 211 212 func Encode(out io.Writer, b *Block) (err error) { 213 _, err = out.Write(pemStart[1:]) 214 if err != nil { 215 return 216 } 217 _, err = out.Write([]byte(b.Type + "-----\n")) 218 if err != nil { 219 return 220 } 221 222 if len(b.Headers) > 0 { 223 for k, v := range b.Headers { 224 _, err = out.Write([]byte(k + ": " + v + "\n")) 225 if err != nil { 226 return 227 } 228 } 229 _, err = out.Write([]byte{'\n'}) 230 if err != nil { 231 return 232 } 233 } 234 235 var breaker lineBreaker 236 breaker.out = out 237 238 b64 := base64.NewEncoder(base64.StdEncoding, &breaker) 239 _, err = b64.Write(b.Bytes) 240 if err != nil { 241 return 242 } 243 b64.Close() 244 breaker.Close() 245 246 _, err = out.Write(pemEnd[1:]) 247 if err != nil { 248 return 249 } 250 _, err = out.Write([]byte(b.Type + "-----\n")) 251 return 252 } 253 254 func EncodeToMemory(b *Block) []byte { 255 var buf bytes.Buffer 256 Encode(&buf, b) 257 return buf.Bytes() 258 }