client.go

Documentation: github.com/sassoftware/relic/config

     1  //
     2  // Copyright (c) SAS Institute Inc.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  //
    16  
    17  package config
    18  
    19  import "crypto/x509"
    20  
    21  func (cl *ClientConfig) Match(incoming []*x509.Certificate) (bool, error) {
    22  	if cl.certs == nil || len(incoming) == 0 {
    23  		return false, nil
    24  	}
    25  	leaf := incoming[0]
    26  	intermediates := incoming[1:]
    27  	ipool := x509.NewCertPool()
    28  	for _, cert := range intermediates {
    29  		ipool.AddCert(cert)
    30  	}
    31  	_, err := leaf.Verify(x509.VerifyOptions{
    32  		Roots:         cl.certs,
    33  		Intermediates: ipool,
    34  		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
    35  	})
    36  	if err == nil {
    37  		return true, nil
    38  	} else if _, ok := err.(x509.UnknownAuthorityError); ok {
    39  		return false, nil
    40  	}
    41  	return false, err
    42  }
    43
View as plain text