Allow multiple certificates per file in x509_cert input (#6695)

influxdata · Nov 25, 2019 · c53d538 · c53d538
1 parent c16b760
commit c53d538
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 10 deletions.
diff --git a/plugins/inputs/x509_cert/x509_cert.go b/plugins/inputs/x509_cert/x509_cert.go
@@ -2,6 +2,7 @@
 package x509_cert
 
 import (
+	"bytes"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
@@ -96,18 +97,24 @@ func (c *X509Cert) getCert(u *url.URL, timeout time.Duration) ([]*x509.Certifica
 		if err != nil {
 			return nil, err
 		}
+		var certs []*x509.Certificate
+		for {
+			block, rest := pem.Decode(bytes.TrimSpace(content))
+			if block == nil {
+				return nil, fmt.Errorf("failed to parse certificate PEM")
+			}
 
-		block, _ := pem.Decode(content)
-		if block == nil {
-			return nil, fmt.Errorf("failed to parse certificate PEM")
-		}
-
-		cert, err := x509.ParseCertificate(block.Bytes)
-		if err != nil {
-			return nil, err
+			cert, err := x509.ParseCertificate(block.Bytes)
+			if err != nil {
+				return nil, err
+			}
+			certs = append(certs, cert)
+			if rest == nil || len(rest) == 0 {
+				break
+			}
+			content = rest
 		}
-
-		return []*x509.Certificate{cert}, nil
+		return certs, nil
 	default:
 		return nil, fmt.Errorf("unsuported scheme '%s' in location %s", u.Scheme, u.String())
 	}

diff --git a/plugins/inputs/x509_cert/x509_cert_test.go b/plugins/inputs/x509_cert/x509_cert_test.go
@@ -141,6 +141,14 @@ func TestGatherLocal(t *testing.T) {
 		{name: "not a certificate", mode: 0640, content: "test", error: true},
 		{name: "wrong certificate", mode: 0640, content: wrongCert, error: true},
 		{name: "correct certificate", mode: 0640, content: pki.ReadServerCert()},
+		{name: "correct certificate and extra trailing space", mode: 0640, content: pki.ReadServerCert() + " "},
+		{name: "correct certificate and extra leading space", mode: 0640, content: " " + pki.ReadServerCert()},
+		{name: "correct multiple certificates", mode: 0640, content: pki.ReadServerCert() + pki.ReadCACert()},
+		{name: "correct certificate and wrong certificate", mode: 0640, content: pki.ReadServerCert() + "\n" + wrongCert, error: true},
+		{name: "correct certificate and not a certificate", mode: 0640, content: pki.ReadServerCert() + "\ntest", error: true},
+		{name: "correct multiple certificates and extra trailing space", mode: 0640, content: pki.ReadServerCert() + pki.ReadServerCert() + " "},
+		{name: "correct multiple certificates and extra leading space", mode: 0640, content: " " + pki.ReadServerCert() + pki.ReadServerCert()},
+		{name: "correct multiple certificates and extra middle space", mode: 0640, content: pki.ReadServerCert() + " " + pki.ReadServerCert()},
 	}
 
 	for _, test := range tests {