Source file src/pkg/encoding/pem/pem.go
1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 // Package pem implements the PEM data encoding, which originated in Privacy
6 // Enhanced Mail. The most common use of PEM encoding today is in TLS keys and
7 // certificates. See RFC 1421.
8 package pem
9
10 import (
11 "bytes"
12 "encoding/base64"
13 "io"
14 )
15
16 // A Block represents a PEM encoded structure.
17 //
18 // The encoded form is:
19 // -----BEGIN Type-----
20 // Headers
21 // base64-encoded Bytes
22 // -----END Type-----
23 // where Headers is a possibly empty sequence of Key: Value lines.
24 type Block struct {
25 Type string // The type, taken from the preamble (i.e. "RSA PRIVATE KEY").
26 Headers map[string]string // Optional headers.
27 Bytes []byte // The decoded bytes of the contents. Typically a DER encoded ASN.1 structure.
28 }
29
30 // getLine results the first \r\n or \n delineated line from the given byte
31 // array. The line does not include trailing whitespace or the trailing new
32 // line bytes. The remainder of the byte array (also not including the new line
33 // bytes) is also returned and this will always be smaller than the original
34 // argument.
35 func getLine(data []byte) (line, rest []byte) {
36 i := bytes.Index(data, []byte{'\n'})
37 var j int
38 if i < 0 {
39 i = len(data)
40 j = i
41 } else {
42 j = i + 1
43 if i > 0 && data[i-1] == '\r' {
44 i--
45 }
46 }
47 return bytes.TrimRight(data[0:i], " \t"), data[j:]
48 }
49
50 // removeWhitespace returns a copy of its input with all spaces, tab and
51 // newline characters removed.
52 func removeWhitespace(data []byte) []byte {
53 result := make([]byte, len(data))
54 n := 0
55
56 for _, b := range data {
57 if b == ' ' || b == '\t' || b == '\r' || b == '\n' {
58 continue
59 }
60 result[n] = b
61 n++
62 }
63
64 return result[0:n]
65 }
66
67 var pemStart = []byte("\n-----BEGIN ")
68 var pemEnd = []byte("\n-----END ")
69 var pemEndOfLine = []byte("-----")
70
71 // Decode will find the next PEM formatted block (certificate, private key
72 // etc) in the input. It returns that block and the remainder of the input. If
73 // no PEM data is found, p is nil and the whole of the input is returned in
74 // rest.
75 func Decode(data []byte) (p *Block, rest []byte) {
76 // pemStart begins with a newline. However, at the very beginning of
77 // the byte array, we'll accept the start string without it.
78 rest = data
79 if bytes.HasPrefix(data, pemStart[1:]) {
80 rest = rest[len(pemStart)-1 : len(data)]
81 } else if i := bytes.Index(data, pemStart); i >= 0 {
82 rest = rest[i+len(pemStart) : len(data)]
83 } else {
84 return nil, data
85 }
86
87 typeLine, rest := getLine(rest)
88 if !bytes.HasSuffix(typeLine, pemEndOfLine) {
89 return decodeError(data, rest)
90 }
91 typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)]
92
93 p = &Block{
94 Headers: make(map[string]string),
95 Type: string(typeLine),
96 }
97
98 for {
99 // This loop terminates because getLine's second result is
100 // always smaller than its argument.
101 if len(rest) == 0 {
102 return nil, data
103 }
104 line, next := getLine(rest)
105
106 i := bytes.Index(line, []byte{':'})
107 if i == -1 {
108 break
109 }
110
111 // TODO(agl): need to cope with values that spread across lines.
112 key, val := line[0:i], line[i+1:]
113 key = bytes.TrimSpace(key)
114 val = bytes.TrimSpace(val)
115 p.Headers[string(key)] = string(val)
116 rest = next
117 }
118
119 i := bytes.Index(rest, pemEnd)
120 if i < 0 {
121 return decodeError(data, rest)
122 }
123 base64Data := removeWhitespace(rest[0:i])
124
125 p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data)))
126 n, err := base64.StdEncoding.Decode(p.Bytes, base64Data)
127 if err != nil {
128 return decodeError(data, rest)
129 }
130 p.Bytes = p.Bytes[0:n]
131
132 _, rest = getLine(rest[i+len(pemEnd):])
133
134 return
135 }
136
137 func decodeError(data, rest []byte) (*Block, []byte) {
138 // If we get here then we have rejected a likely looking, but
139 // ultimately invalid PEM block. We need to start over from a new
140 // position. We have consumed the preamble line and will have consumed
141 // any lines which could be header lines. However, a valid preamble
142 // line is not a valid header line, therefore we cannot have consumed
143 // the preamble line for the any subsequent block. Thus, we will always
144 // find any valid block, no matter what bytes precede it.
145 //
146 // For example, if the input is
147 //
148 // -----BEGIN MALFORMED BLOCK-----
149 // junk that may look like header lines
150 // or data lines, but no END line
151 //
152 // -----BEGIN ACTUAL BLOCK-----
153 // realdata
154 // -----END ACTUAL BLOCK-----
155 //
156 // we've failed to parse using the first BEGIN line
157 // and now will try again, using the second BEGIN line.
158 p, rest := Decode(rest)
159 if p == nil {
160 rest = data
161 }
162 return p, rest
163 }
164
165 const pemLineLength = 64
166
167 type lineBreaker struct {
168 line [pemLineLength]byte
169 used int
170 out io.Writer
171 }
172
173 func (l *lineBreaker) Write(b []byte) (n int, err error) {
174 if l.used+len(b) < pemLineLength {
175 copy(l.line[l.used:], b)
176 l.used += len(b)
177 return len(b), nil
178 }
179
180 n, err = l.out.Write(l.line[0:l.used])
181 if err != nil {
182 return
183 }
184 excess := pemLineLength - l.used
185 l.used = 0
186
187 n, err = l.out.Write(b[0:excess])
188 if err != nil {
189 return
190 }
191
192 n, err = l.out.Write([]byte{'\n'})
193 if err != nil {
194 return
195 }
196
197 return l.Write(b[excess:])
198 }
199
200 func (l *lineBreaker) Close() (err error) {
201 if l.used > 0 {
202 _, err = l.out.Write(l.line[0:l.used])
203 if err != nil {
204 return
205 }
206 _, err = l.out.Write([]byte{'\n'})
207 }
208
209 return
210 }
211
212 func Encode(out io.Writer, b *Block) (err error) {
213 _, err = out.Write(pemStart[1:])
214 if err != nil {
215 return
216 }
217 _, err = out.Write([]byte(b.Type + "-----\n"))
218 if err != nil {
219 return
220 }
221
222 if len(b.Headers) > 0 {
223 for k, v := range b.Headers {
224 _, err = out.Write([]byte(k + ": " + v + "\n"))
225 if err != nil {
226 return
227 }
228 }
229 _, err = out.Write([]byte{'\n'})
230 if err != nil {
231 return
232 }
233 }
234
235 var breaker lineBreaker
236 breaker.out = out
237
238 b64 := base64.NewEncoder(base64.StdEncoding, &breaker)
239 _, err = b64.Write(b.Bytes)
240 if err != nil {
241 return
242 }
243 b64.Close()
244 breaker.Close()
245
246 _, err = out.Write(pemEnd[1:])
247 if err != nil {
248 return
249 }
250 _, err = out.Write([]byte(b.Type + "-----\n"))
251 return
252 }
253
254 func EncodeToMemory(b *Block) []byte {
255 var buf bytes.Buffer
256 Encode(&buf, b)
257 return buf.Bytes()
258 }