alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fix certificate type identification

Browse source
This commit is contained in:
Mariano Cano 2022-02-16 18:09:20 -08:00
parent b3316c4a56
commit d424159200
1 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
cas/vaultcas/vaultcas.go
View file

@ -1,7 +1,6 @@
package vaultcas package vaultcas
import ( import (
"bytes"
"context" "context"
"crypto/sha256" "crypto/sha256"
"crypto/x509" "crypto/x509"
@ -162,12 +161,12 @@ func getCertificateAndChain(certb certutil.CertBundle) (*Certificate, error) {
continue continue
} }
used[cert.SerialNumber.String()] = true used[cert.SerialNumber.String()] = true
if cert.IsCA && bytes.Equal(cert.RawIssuer, cert.RawSubject) { if isRoot(cert) {
root = cert root = cert
} else if !cert.IsCA { } else if cert.BasicConstraintsValid && cert.IsCA {
leaf = cert
} else {
intermediates = append(intermediates, cert) intermediates = append(intermediates, cert)
} else {
leaf = cert
} }
} }
} }
@ -402,3 +401,11 @@ func unmarshalMap(m map[string]interface{}, v interface{}) error {
return json.Unmarshal(b, v) return json.Unmarshal(b, v)
} }
// isRoot returns true if the given certificate is a root certificate.
func isRoot(cert *x509.Certificate) bool {
if cert.BasicConstraintsValid && cert.IsCA {
return cert.CheckSignatureFrom(cert) == nil
}
return false
}