From 6a4723cb2f494853f2d0b89bbcabab3c781e2a2b Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Sun, 8 Mar 2026 17:30:00 +0100 Subject: [PATCH] refactor: move ReadCSRFile --- cmd/cmd_renew.go | 2 +- cmd/cmd_run.go | 2 +- cmd/internal/storage/certificates.go | 35 ++++++++++++++++++++++++++++ cmd/setup.go | 34 --------------------------- 4 files changed, 37 insertions(+), 36 deletions(-) diff --git a/cmd/cmd_renew.go b/cmd/cmd_renew.go index fa3b65939..1487d50e8 100644 --- a/cmd/cmd_renew.go +++ b/cmd/cmd_renew.go @@ -189,7 +189,7 @@ func renewForDomains(ctx context.Context, cmd *cli.Command, lazyClient lzSetUp, } func renewForCSR(ctx context.Context, cmd *cli.Command, lazyClient lzSetUp, certsStorage *storage.CertificatesStorage, hookManager *hook.Manager) error { - csr, err := readCSRFile(cmd.String(flgCSR)) + csr, err := storage.ReadCSRFile(cmd.String(flgCSR)) if err != nil { return fmt.Errorf("could not read CSR file %q: %w", cmd.String(flgCSR), err) } diff --git a/cmd/cmd_run.go b/cmd/cmd_run.go index 4c2a4305b..e57d9023b 100644 --- a/cmd/cmd_run.go +++ b/cmd/cmd_run.go @@ -116,7 +116,7 @@ func obtainCertificate(ctx context.Context, cmd *cli.Command, client *lego.Clien } // read the CSR - csr, err := readCSRFile(cmd.String(flgCSR)) + csr, err := storage.ReadCSRFile(cmd.String(flgCSR)) if err != nil { return nil, err } diff --git a/cmd/internal/storage/certificates.go b/cmd/internal/storage/certificates.go index 0b80ba089..81194e865 100644 --- a/cmd/internal/storage/certificates.go +++ b/cmd/internal/storage/certificates.go @@ -3,6 +3,7 @@ package storage import ( "crypto" "crypto/x509" + "encoding/pem" "fmt" "log/slog" "os" @@ -120,3 +121,37 @@ func ReadCertificateFile(filename string) ([]*x509.Certificate, error) { return certs, nil } + +// ReadCSRFile reads a CSR file. +func ReadCSRFile(filename string) (*x509.CertificateRequest, error) { + bytes, err := os.ReadFile(filename) + if err != nil { + return nil, err + } + + raw := bytes + + // see if we can find a PEM-encoded CSR + var p *pem.Block + + rest := bytes + for { + // decode a PEM block + p, rest = pem.Decode(rest) + + // did we fail? + if p == nil { + break + } + + // did we get a CSR? + if p.Type == "CERTIFICATE REQUEST" || p.Type == "NEW CERTIFICATE REQUEST" { + raw = p.Bytes + } + } + + // no PEM-encoded CSR + // assume we were given a DER-encoded ASN.1 CSR + // (if this assumption is wrong, parsing these bytes will fail) + return x509.ParseCertificateRequest(raw) +} diff --git a/cmd/setup.go b/cmd/setup.go index 4db01980f..000fca195 100644 --- a/cmd/setup.go +++ b/cmd/setup.go @@ -4,7 +4,6 @@ import ( "context" "crypto/x509" "encoding/json" - "encoding/pem" "errors" "fmt" "io" @@ -128,39 +127,6 @@ func checkRetry(ctx context.Context, resp *http.Response, err error) (bool, erro return rt, nil } -func readCSRFile(filename string) (*x509.CertificateRequest, error) { - bytes, err := os.ReadFile(filename) - if err != nil { - return nil, err - } - - raw := bytes - - // see if we can find a PEM-encoded CSR - var p *pem.Block - - rest := bytes - for { - // decode a PEM block - p, rest = pem.Decode(rest) - - // did we fail? - if p == nil { - break - } - - // did we get a CSR? - if p.Type == "CERTIFICATE REQUEST" || p.Type == "NEW CERTIFICATE REQUEST" { - raw = p.Bytes - } - } - - // no PEM-encoded CSR - // assume we were given a DER-encoded ASN.1 CSR - // (if this assumption is wrong, parsing these bytes will fail) - return x509.ParseCertificateRequest(raw) -} - func newObtainRequest(cmd *cli.Command, domains []string) certificate.ObtainRequest { return certificate.ObtainRequest{ Domains: domains,