func()

in pkg/mesh/certs.go [116:172]

• 49 lines of code
• 13 McCabe index (conditional complexity)

func (kr *KRun) InitRoots(ctx context.Context, outDir string) error {
	rootFile := filepath.Join(outDir, WorkloadRootCAs)
	if outDir != "" {
		rootCertPEM, err := ioutil.ReadFile(rootFile)
		if err == nil {
			block, rest := pem.Decode(rootCertPEM)

			var blockBytes []byte
			for block != nil {
				blockBytes = append(blockBytes, block.Bytes...)
				block, rest = pem.Decode(rest)
			}

			rootCAs, err := x509.ParseCertificates(blockBytes)
			if err != nil {
				return err
			}
			for _, c := range rootCAs {
				kr.TrustedCertPool.AddCert(c)
			}
			return nil
		}
	}

	// File not found - extract it from mesh env, and save it.
	// This includes Citadel root (if active in the mesh) or other roots.
	roots := ""
	for k, v := range kr.MeshEnv {
		if strings.HasPrefix(k, "CAROOT") {
			roots = roots + "\n" + v
		}
	}
	block, rest := pem.Decode([]byte(roots))
	var blockBytes []byte
	for block != nil {
		blockBytes = append(blockBytes, block.Bytes...)
		block, rest = pem.Decode(rest)
	}

	rootCAs, err := x509.ParseCertificates(blockBytes)
	if err != nil {
		return err
	}
	for _, c := range rootCAs {
		kr.TrustedCertPool.AddCert(c)
	}

	if outDir != "" {
		os.MkdirAll(outDir, 0660)
		err = ioutil.WriteFile(rootFile, []byte(roots), 0644)
		if err != nil {
			return err
		}
	}

	return nil
}