ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2025-02-21 09:11:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add support for multiple certificate directories (#47)

Browse Source
This commit is contained in:
Tom D 2019-07-03 10:07:16 -07:00 committed by GitHub
parent 372fcf25d0
commit 5c6b9242df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
verifier/ekcert.go
View File

@ -56,25 +56,27 @@ func (v *EKVerifier) VerifyEKCert(certBytes []byte) (*pb.EkcertVerificationResul
}
// NewEKVerifier returns an EKVerifier initialized using the certificates in the specified
// directory. Directories are resolved recursively.
// directories. Directories are resolved recursively.
// The specified directory should be structured in the forms:
// <XXXX>/RootCA/<cert>.{der,cer,crt)
// <XXXX>/IntermediateCA/<cert>.{der,cer,crt)
func NewEKVerifier(certsPath string) (*EKVerifier, error) {
func NewEKVerifier(certsPath []string) (*EKVerifier, error) {
roots := x509.NewCertPool()
intermediates := x509.NewCertPool()
root, err := ioutil.ReadDir(certsPath)
if err != nil {
return nil, err
}
for _, f := range root {
if !f.IsDir() {
continue
}
if err := readCertificates(filepath.Join(certsPath, f.Name()), roots, intermediates); err != nil {
for _, dir := range certsPath {
root, err := ioutil.ReadDir(dir)
if err != nil {
return nil, err
}
for _, f := range root {
if !f.IsDir() {
continue
}
if err := readCertificates(filepath.Join(dir, f.Name()), roots, intermediates); err != nil {
return nil, err
}
}
}
return &EKVerifier{
@ -85,11 +87,13 @@ func NewEKVerifier(certsPath string) (*EKVerifier, error) {
func readCertificates(dir string, roots, intermediates *x509.CertPool) error {
rootFiles, err := ioutil.ReadDir(filepath.Join(dir, "RootCA"))
if err != nil {
if err != nil && !os.IsNotExist(err) {
return err
}
if err := parseCertsToPool(filepath.Join(dir, "RootCA"), rootFiles, roots); err != nil {
return err
if err == nil {
if err := parseCertsToPool(filepath.Join(dir, "RootCA"), rootFiles, roots); err != nil {
return err
}
}
intermediateFiles, err := ioutil.ReadDir(filepath.Join(dir, "IntermediateCA"))
if err != nil {