1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 |
- package cert
- import (
- "crypto/tls"
- "crypto/x509"
- "encoding/pem"
- "time"
- )
- type Artifacts struct {
-
- Key []byte
-
- Cert []byte
-
- CAKey []byte
-
- CACert []byte
-
- ResourceVersion string
- }
- type Generator interface {
-
- Generate(CommonName string) (*Artifacts, error)
-
- SetCA(caKey, caCert []byte)
- }
- func ValidCACert(key, cert, caCert []byte, dnsName string, time time.Time) bool {
- if len(key) == 0 || len(cert) == 0 || len(caCert) == 0 {
- return false
- }
-
- _, err := tls.X509KeyPair(cert, key)
- if err != nil {
- return false
- }
-
- pool := x509.NewCertPool()
- if !pool.AppendCertsFromPEM(caCert) {
- return false
- }
- block, _ := pem.Decode(cert)
- if block == nil {
- return false
- }
- c, err := x509.ParseCertificate(block.Bytes)
- if err != nil {
- return false
- }
- ops := x509.VerifyOptions{
- DNSName: dnsName,
- Roots: pool,
- CurrentTime: time,
- }
- _, err = c.Verify(ops)
- return err == nil
- }
|