diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-05 19:23:40 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-05 19:23:40 +0100 |
commit | 0cd966dd8405df6244db051faf5ebc112e1c5a1e (patch) | |
tree | 6fa6e41b335c2d458a7f577420fd192b8a625faf /x509util | |
parent | 5ba3cec231989ba1deb5926f8fdcd8caec169821 (diff) |
fixed get-entries output and client-side verification
Diffstat (limited to 'x509util')
-rw-r--r-- | x509util/x509util.go | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/x509util/x509util.go b/x509util/x509util.go index b33b4e9..b300ef3 100644 --- a/x509util/x509util.go +++ b/x509util/x509util.go @@ -108,9 +108,9 @@ func ParseChain(rest []byte) ([]*x509.Certificate, error) { return chain, nil } -// ParseDerChain parses a list of base64 DER-encoded X.509 certificates, such -// that the first (zero-index) string is interpretted as an end-entity -// certificate and the remaining ones as the an intermediate CertPool. +// ParseDerChain parses a list of DER-encoded X.509 certificates, such that the +// first (zero-index) string is interpretted as an end-entity certificate and +// the remaining ones as the an intermediate CertPool. func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) { var certificate *x509.Certificate intermediatePool := x509.NewCertPool() @@ -132,3 +132,26 @@ func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) { return certificate, intermediatePool, nil } +// ParseDerChainToList parses a list of DER-encoded certificates +func ParseDerChainToList(chain [][]byte) ([]*x509.Certificate, error) { + ret := make([]*x509.Certificate, 0, len(chain)) + for _, der := range chain { + c, err := x509.ParseCertificate(der) + if err != nil { + return nil, fmt.Errorf("certificate decoding failed: %v", err) + } + ret = append(ret, c) + } + return ret, nil +} + +// VerifyChain checks whether the listed certificates are chained such +// that the first is signed by the second, the second by the third, etc. +func VerifyChain(chain []*x509.Certificate) error { + for i := 0; i < len(chain)-1; i++ { + if err := chain[i].CheckSignatureFrom(chain[i+1]); err != nil { + return err + } + } + return nil +} |