aboutsummaryrefslogtreecommitdiff
path: root/x509util/x509util.go
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-05 19:23:40 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-05 19:23:40 +0100
commit0cd966dd8405df6244db051faf5ebc112e1c5a1e (patch)
tree6fa6e41b335c2d458a7f577420fd192b8a625faf /x509util/x509util.go
parent5ba3cec231989ba1deb5926f8fdcd8caec169821 (diff)
fixed get-entries output and client-side verification
Diffstat (limited to 'x509util/x509util.go')
-rw-r--r--x509util/x509util.go29
1 files changed, 26 insertions, 3 deletions
diff --git a/x509util/x509util.go b/x509util/x509util.go
index b33b4e9..b300ef3 100644
--- a/x509util/x509util.go
+++ b/x509util/x509util.go
@@ -108,9 +108,9 @@ func ParseChain(rest []byte) ([]*x509.Certificate, error) {
return chain, nil
}
-// ParseDerChain parses a list of base64 DER-encoded X.509 certificates, such
-// that the first (zero-index) string is interpretted as an end-entity
-// certificate and the remaining ones as the an intermediate CertPool.
+// ParseDerChain parses a list of DER-encoded X.509 certificates, such that the
+// first (zero-index) string is interpretted as an end-entity certificate and
+// the remaining ones as the an intermediate CertPool.
func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) {
var certificate *x509.Certificate
intermediatePool := x509.NewCertPool()
@@ -132,3 +132,26 @@ func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) {
return certificate, intermediatePool, nil
}
+// ParseDerChainToList parses a list of DER-encoded certificates
+func ParseDerChainToList(chain [][]byte) ([]*x509.Certificate, error) {
+ ret := make([]*x509.Certificate, 0, len(chain))
+ for _, der := range chain {
+ c, err := x509.ParseCertificate(der)
+ if err != nil {
+ return nil, fmt.Errorf("certificate decoding failed: %v", err)
+ }
+ ret = append(ret, c)
+ }
+ return ret, nil
+}
+
+// VerifyChain checks whether the listed certificates are chained such
+// that the first is signed by the second, the second by the third, etc.
+func VerifyChain(chain []*x509.Certificate) error {
+ for i := 0; i < len(chain)-1; i++ {
+ if err := chain[i].CheckSignatureFrom(chain[i+1]); err != nil {
+ return err
+ }
+ }
+ return nil
+}