envoyconfig: add virtual host domains for certificates in addition to routes (#3593)

* envoyconfig: add virtual host domains for certificates in addition to routes * Update pkg/cryptutil/certificates.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update pkg/cryptutil/tls.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * comments Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
2025-07-06 03:18:03 +02:00 · 2022-08-31 10:35:45 -06:00 · 2022-08-31 10:35:45 -06:00 · 33794ff316
commit 33794ff316
parent 23c42da8ec
6 changed files with 99 additions and 14 deletions
--- a/pkg/cryptutil/certificates.go
+++ b/pkg/cryptutil/certificates.go
@ -219,6 +219,21 @@ func GenerateSelfSignedCertificate(domain string, configure ...func(*x509.Certif
 	return &cert, nil
 }

+// EncodeCertificate encodes a TLS certificate into PEM compatible byte slices.
+// Returns `nil`, `nil` if there is an error marshaling the PKCS8 private key.
+func EncodeCertificate(cert *tls.Certificate) (pemCertificateBytes, pemKeyBytes []byte, err error) {
+	if cert == nil || len(cert.Certificate) == 0 {
+		return nil, nil, nil
+	}
+	publicKeyBytes := cert.Certificate[0]
+	privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(cert.PrivateKey)
+	if err != nil {
+		return nil, nil, err
+	}
+	return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: publicKeyBytes}),
+		pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privateKeyBytes}), nil
+}
+
 // ParsePEMCertificate parses a PEM encoded certificate block.
 func ParsePEMCertificate(raw []byte) (*x509.Certificate, error) {
 	data := raw