1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

//! Parse the PEM file format.

use std::io::ErrorKind;

use rustls_pemfile::{read_one, Item};

/// Parse the certificates from PEM.
pub fn parse_certs(
    rd: &mut dyn std::io::BufRead,
) -> Result<Vec<rustls::Certificate>, std::io::Error> {
    let mut certs = Vec::new();

    loop {
        match read_one(rd)? {
            None => return Ok(certs),
            Some(Item::X509Certificate(cert)) => certs.push(rustls::Certificate(cert)),
            _ => {}
        }
    }
}

/// Parse the signle private key from PEM (PKCS8).
pub fn parse_key(rd: &mut dyn std::io::BufRead) -> Result<rustls::PrivateKey, std::io::Error> {
    let key = loop {
        match read_one(rd)? {
            None => {
                return Err(std::io::Error::new(
                    ErrorKind::NotFound,
                    "no key found in the given data".to_string(),
                ))
            }
            Some(Item::RSAKey(key)) | Some(Item::PKCS8Key(key)) | Some(Item::ECKey(key)) => {
                break key
            }
            _ => {}
        }
    };

    // Assert there are no more keys present in the data.
    loop {
        match read_one(rd)? {
            None => break,
            Some(Item::RSAKey(_)) | Some(Item::PKCS8Key(_)) | Some(Item::ECKey(_)) => {
                return Err(std::io::Error::new(
                    ErrorKind::InvalidInput,
                    "more than one key".to_string(),
                ))
            }
            _ => {}
        }
    }

    Ok(rustls::PrivateKey(key))
}