Initial implementation

certs/acme/registration.go

@@ -20,23 +20,35 @@ import (
 
 // A ProviderRegistration contains an ACME provider's registration information. This includes at least the necessary
 // information to register. In case a registration has been performed in the past, the ACME provider's registration
-// token is also included. However the latter may be outdated.
+// key and token is also included. However the latter may be outdated.
 type ProviderRegistration struct {
-	// Provider contains the name (as defined in [Configuration]) of the ACME provider this registration is related to.
-	Provider     string `json:"provider"`
-	Email        string `json:"email"`
-	EncodedKey   string `json:"key"`
+	// Provider contains the name of the ACME provider, this registration is related to.
+	Provider string `json:"provider"`
+	// Email contains the email to use for registering to the ACME provider.
+	Email string `json:"email"`
+	// EncodedKey contains the encoded private key used for registering to the ACME provider.
+	EncodedKey string `json:"key"`
+	// Registration contains the registration token returned from the ACME provider during the registration.
 	Registration *registration.Resource
 }
 
+// GetEmail gets the email to use for registering to the ACME provider.
+//
+// This function is part of [registration.User] interface.
 func (providerRegistration *ProviderRegistration) GetEmail() string {
 	return providerRegistration.Email
 }
 
+// GetRegistration gets the token returned by a previous run registration (may be nil).
+//
+// This function is part of [registration.User] interface.
 func (providerRegistration *ProviderRegistration) GetRegistration() *registration.Resource {
 	return providerRegistration.Registration
 }
 
+// GetPrivateKey gets the private key used for a previous performed registration (may be nil).
+//
+// This function is part of [registration.User] interface.
 func (providerRegistration *ProviderRegistration) GetPrivateKey() crypto.PrivateKey {
 	if providerRegistration.EncodedKey == "" {
 		return nil

certs/acme_test.go

@@ -59,7 +59,7 @@ func loadAndPrepareACMEConfig(t *testing.T, configPath string, tempDir string) *
 		certificates, err := certs.ServerCertificates("tcp", providerUrl.Host)
 		require.NoError(t, err)
 		certificateFile := filepath.Join(tempDir, provider.Name+".pem")
-		err = certs.WriteCertificates(certificateFile, certificates, 0600)
+		err = certs.WriteCertificatesPEM(certificateFile, certificates, 0600)
 		require.NoError(t, err)
 		certificateFiles = append(certificateFiles, certificateFile)
 	}

certs/io.go

@@ -53,8 +53,8 @@ func decodeCertificates(bytes []byte) ([]*x509.Certificate, error) {
 	return decoded, nil
 }
 
-// WriteCertificates writes X.509 certificates to the given file.
-func WriteCertificates(filename string, certificates []*x509.Certificate, perm os.FileMode) error {
+// WriteCertificatesPEM writes X.509 certificates in PEM format to the given file.
+func WriteCertificatesPEM(filename string, certificates []*x509.Certificate, perm os.FileMode) error {
 	encoded := make([]byte, 0)
 	for _, certificate := range certificates {
 		block := &pem.Block{
@@ -66,6 +66,15 @@ func WriteCertificates(filename string, certificates []*x509.Certificate, perm o
 	return os.WriteFile(filename, encoded, perm)
 }
 
+// WriteCertificatesDER writes X.509 certificates in DER format to the given file.
+func WriteCertificatesDER(filename string, certificates []*x509.Certificate, perm os.FileMode) error {
+	encoded := make([]byte, 0)
+	for _, certificate := range certificates {
+		encoded = append(encoded, certificate.Raw...)
+	}
+	return os.WriteFile(filename, encoded, perm)
+}
+
 // FetchCertificates fetches X.509 certificates from the given URL.
 func FetchCertificates(url string) ([]*x509.Certificate, error) {
 	bytes, err := fetchBytes(url)

certs/io_test.go

@@ -7,24 +7,57 @@ package certs_test
 
 import (
 	"crypto/x509/pkix"
+	"os"
 	"testing"
 
 	"github.com/hdecarne-github/go-certstore/certs"
 	"github.com/stretchr/testify/require"
 )
 
 func TestReadPEMCertificates(t *testing.T) {
-	certs, err := certs.ReadCertificates("./testdata/isrgrootx1.pem")
+	certificates, err := certs.ReadCertificates("./testdata/isrgrootx1.pem")
 	require.NoError(t, err)
-	require.NotNil(t, certs)
-	require.Equal(t, 1, len(certs))
+	require.NotNil(t, certificates)
+	require.Equal(t, 1, len(certificates))
 }
 
 func TestReadDERCertificates(t *testing.T) {
-	certs, err := certs.ReadCertificates("./testdata/isrgrootx1.der")
+	certificates, err := certs.ReadCertificates("./testdata/isrgrootx1.der")
 	require.NoError(t, err)
-	require.NotNil(t, certs)
-	require.Equal(t, 1, len(certs))
+	require.NotNil(t, certificates)
+	require.Equal(t, 1, len(certificates))
+}
+
+func TestWritePEMCertificate(t *testing.T) {
+	certificates, err := certs.ReadCertificates("./testdata/isrgrootx1.pem")
+	require.NoError(t, err)
+	file, err := os.CreateTemp("", "PEMCertificate*")
+	require.NoError(t, err)
+	defer func() {
+		os.Remove(file.Name())
+	}()
+	file.Close()
+	err = certs.WriteCertificatesPEM(file.Name(), certificates, 0600)
+	require.NoError(t, err)
+	certificates2, err := certs.ReadCertificates(file.Name())
+	require.NoError(t, err)
+	require.Equal(t, certificates, certificates2)
+}
+
+func TestWriteDERCertificate(t *testing.T) {
+	certificates, err := certs.ReadCertificates("./testdata/isrgrootx1.der")
+	require.NoError(t, err)
+	file, err := os.CreateTemp("", "DERCertificate*")
+	require.NoError(t, err)
+	defer func() {
+		os.Remove(file.Name())
+	}()
+	file.Close()
+	err = certs.WriteCertificatesPEM(file.Name(), certificates, 0600)
+	require.NoError(t, err)
+	certificates2, err := certs.ReadCertificates(file.Name())
+	require.NoError(t, err)
+	require.Equal(t, certificates, certificates2)
 }
 
 func TestFetchPEMCertificates(t *testing.T) {