-
Notifications
You must be signed in to change notification settings - Fork 12
/
verify.go
48 lines (38 loc) · 876 Bytes
/
verify.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package pki
import (
"crypto/x509"
)
// VerifyError is an error type returned when the
// certificate does not pass validation
type VerifyError struct {
msg string
}
func (vf VerifyError) Error() string {
return vf.msg
}
// NewVerifyError returns a VerifyError
func NewVerifyError(msg string) VerifyError {
return VerifyError{msg: msg}
}
// IsVerifyError returns true if the error
// has type VerifyError
func IsVerifyError(err error) bool {
switch err.(type) {
case VerifyError:
return true
}
return false
}
// Verify validates that the given certificate is valid and signed by the given root
func Verify(certificate, root *x509.Certificate) error {
roots := x509.NewCertPool()
roots.AddCert(root)
opts := x509.VerifyOptions{
Roots: roots,
}
_, err := certificate.Verify(opts)
if err != nil {
return NewVerifyError(err.Error())
}
return nil
}