FEAT: allow to decode *.crt files stored in PKIX format

Oldes · Oldes · commit 15eaec4cf2a9 · 2021-01-21T11:57:43.000+01:00
diff --git a/src/mezz/codec-crt.reb b/src/mezz/codec-crt.reb
@@ -98,8 +98,15 @@ register-codec [
 
 		func [
 			data [binary! block!]
-			/local version serialNumber issuer subject validity
+			/local pkix version serialNumber issuer subject validity
 		][
+			try [all [
+				; as there seems to be no standard, the *.crt file
+				; may be actually in pkix format, so try it first...
+				pkix: codecs/pkix/decode data
+				pkix/label = "CERTIFICATE"
+				data: pkix/binary
+			]]
 			if binary? data [ data: der-codec/decode data ]
 			if all [
 				2 = length? data
diff --git a/src/tests/units/codecs-test.r3 b/src/tests/units/codecs-test.r3
@@ -180,6 +180,12 @@ if find codecs 'crt [
 			--assert "Google Internet Authority G3" = try [cert/issuer/commonName]
 			--assert block? try [key: cert/public-key/rsaEncryption]
 			--assert #{010001} = try [key/2]
+			
+		--test-- "Load Docker's CRT file"
+			--assert object? cert: load %units/files/apiserver.crt
+			--assert "kubernetes" = try [cert/issuer/commonName]
+			--assert block? try [key: cert/public-key/rsaEncryption]
+			--assert #{010001} = try [key/2]
 	===end-group===
 	codecs/crt/verbose: 0
 ]
diff --git a/src/tests/units/files/apiserver.crt b/src/tests/units/files/apiserver.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIIRrdJEntqhjYwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
+AxMKa3ViZXJuZXRlczAeFw0yMTAxMjEwODU5MTRaFw0yMjAxMjEwODU5MTRaMBkx
+FzAVBgNVBAMTDmt1YmUtYXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsl/YxFG8JcMAamzTvzucpnejXJw/LYLsAj3hCcoJ8Jr++F/d6/za
+4fBL4cbaNEx4fbaoqNWnZ0211/tsWo2gmL8chtAVGRtkol7gPK9uL+EdluAkFqbK
+5TyYIDKNtWpOj2DzULWFRVU4WDcmPTm1J49PEJlriWjYJy2nQeGCVdVt6qz0Hbos
+ieCfzsZ5F1IzSnf6VDVp4nhzIVQ2u36CPC1QgunxI45izWEATSeEdDBkT32dA7MP
+BGiJ2lxARg1DS+1CjhoSJcu5Ahp97j9zg85rhLEJNP+7vJvJIR6cGsg/jP9SR3Q5
+hTpqPU0uA9CLoyZk8oWK58+NNmrk8x/ClwIDAQABo4IBHTCCARkwDgYDVR0PAQH/
+BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdIwQYMBaAFBOHp2Zb0I+p
+KFF8AXLTEc7Wb5x1MIHQBgNVHREEgcgwgcWCEmRvY2tlci1mb3ItZGVza3RvcIIK
+a3ViZXJuZXRlc4ISa3ViZXJuZXRlcy5kZWZhdWx0ghZrdWJlcm5ldGVzLmRlZmF1
+bHQuc3ZjgiRrdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWyCGmt1
+YmVybmV0ZXMuZG9ja2VyLmludGVybmFsghJ2bS5kb2NrZXIuaW50ZXJuYWyCCWxv
+Y2FsaG9zdIcECmAAAYcEAAAAAIcEwKhBA4cEfwAAATANBgkqhkiG9w0BAQsFAAOC
+AQEAmnfvEfya9O6zJrabXigYilh7bbzEoUWaziqvHYIHJwWT5OtxfiNfDZoRDS18
+8UZhe4ENiejF+K6eCkdR9FocnGv4p7ntJg99EeZ+mqPHvSsT8Ot5woo66dAzkdXP
+rJntdqUjTKs3xILeMhetScGaBHjkfH0dBUIVppN+a63v03+QIGEsscrQn4tvFjsN
+4px9bu7Its6H/NtRnJS0Y5QzabNliSUiwwUpYy/b55pMcPcWOOsT34h8L+CT4gBM
+M0PaAOaKpXNbfMXv0oEdsapSwvJKDBpz4NRIRDUQIJ18KD8eOR+q8z/itFzV5yEW
+UFiJwX8MYwKFlFj+B5IW9FPYLQ==
+-----END CERTIFICATE-----
