...
Source file
src/crypto/x509/cert_pool.go
1
2
3
4
5 package x509
6
7 import (
8 "encoding/pem"
9 "errors"
10 "runtime"
11 )
12
13
14 type CertPool struct {
15 bySubjectKeyId map[string][]int
16 byName map[string][]int
17 certs []*Certificate
18 }
19
20
21 func NewCertPool() *CertPool {
22 return &CertPool{
23 bySubjectKeyId: make(map[string][]int),
24 byName: make(map[string][]int),
25 }
26 }
27
28
29
30
31
32 func SystemCertPool() (*CertPool, error) {
33 if runtime.GOOS == "windows" {
34
35 return nil, errors.New("crypto/x509: system root pool is not available on Windows")
36 }
37
38 return loadSystemRoots()
39 }
40
41
42
43
44
45 func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int, errCert *Certificate, err error) {
46 if s == nil {
47 return
48 }
49 var candidates []int
50
51 if len(cert.AuthorityKeyId) > 0 {
52 candidates = s.bySubjectKeyId[string(cert.AuthorityKeyId)]
53 }
54 if len(candidates) == 0 {
55 candidates = s.byName[string(cert.RawIssuer)]
56 }
57
58 for _, c := range candidates {
59 if err = cert.CheckSignatureFrom(s.certs[c]); err == nil {
60 parents = append(parents, c)
61 } else {
62 errCert = s.certs[c]
63 }
64 }
65
66 return
67 }
68
69 func (s *CertPool) contains(cert *Certificate) bool {
70 if s == nil {
71 return false
72 }
73
74 candidates := s.byName[string(cert.RawSubject)]
75 for _, c := range candidates {
76 if s.certs[c].Equal(cert) {
77 return true
78 }
79 }
80
81 return false
82 }
83
84
85 func (s *CertPool) AddCert(cert *Certificate) {
86 if cert == nil {
87 panic("adding nil Certificate to CertPool")
88 }
89
90
91 if s.contains(cert) {
92 return
93 }
94
95 n := len(s.certs)
96 s.certs = append(s.certs, cert)
97
98 if len(cert.SubjectKeyId) > 0 {
99 keyId := string(cert.SubjectKeyId)
100 s.bySubjectKeyId[keyId] = append(s.bySubjectKeyId[keyId], n)
101 }
102 name := string(cert.RawSubject)
103 s.byName[name] = append(s.byName[name], n)
104 }
105
106
107
108
109
110
111
112 func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) {
113 for len(pemCerts) > 0 {
114 var block *pem.Block
115 block, pemCerts = pem.Decode(pemCerts)
116 if block == nil {
117 break
118 }
119 if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
120 continue
121 }
122
123 cert, err := ParseCertificate(block.Bytes)
124 if err != nil {
125 continue
126 }
127
128 s.AddCert(cert)
129 ok = true
130 }
131
132 return
133 }
134
135
136
137 func (s *CertPool) Subjects() [][]byte {
138 res := make([][]byte, len(s.certs))
139 for i, c := range s.certs {
140 res[i] = c.RawSubject
141 }
142 return res
143 }
144
View as plain text