From d95210ed7e2b00394fe55abd08c1ebc9252f39a6 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Thu, 5 Nov 2020 19:53:04 +0100
Subject: refactored ParseDerChain()

Could be simplified now that we have a ParseDerChainToList() method.
---
 x509util/x509util.go | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

(limited to 'x509util/x509util.go')

diff --git a/x509util/x509util.go b/x509util/x509util.go
index b300ef3..c005bed 100644
--- a/x509util/x509util.go
+++ b/x509util/x509util.go
@@ -112,24 +112,15 @@ func ParseChain(rest []byte) ([]*x509.Certificate, error) {
 // first (zero-index) string is interpretted as an end-entity certificate and
 // the remaining ones as the an intermediate CertPool.
 func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) {
-	var certificate *x509.Certificate
-	intermediatePool := x509.NewCertPool()
-	for index, der := range chain {
-		c, err := x509.ParseCertificate(der)
-		if err != nil {
-			return nil, nil, fmt.Errorf("certificate decoding failed: %v", err)
-		}
-
-		if index == 0 {
-			certificate = c
-		} else {
-			intermediatePool.AddCert(c)
-		}
+	certificates, err := ParseDerChainToList(chain)
+	if err != nil || len(certificates) == 0 {
+		return nil, nil, err
 	}
-	if certificate == nil {
-		return nil, nil, fmt.Errorf("certificate chain is empty")
+	intermediatePool := x509.NewCertPool()
+	for _, certificate := range certificates[1:] {
+		intermediatePool.AddCert(certificate)
 	}
-	return certificate, intermediatePool, nil
+	return certificates[0], intermediatePool, nil
 }
 
 // ParseDerChainToList parses a list of DER-encoded certificates
-- 
cgit v1.2.3