validateIssuerKey makes sure the issuer and key matches.
(crt *x509.Certificate, signer crypto.Signer)
| 398 | |
| 399 | // validateIssuerKey makes sure the issuer and key matches. |
| 400 | func validateIssuerKey(crt *x509.Certificate, signer crypto.Signer) error { |
| 401 | switch pub := crt.PublicKey.(type) { |
| 402 | case *rsa.PublicKey: |
| 403 | pk, ok := signer.Public().(*rsa.PublicKey) |
| 404 | if !ok { |
| 405 | return errors.New("private key type does not match issuer public key type") |
| 406 | } |
| 407 | if !pub.Equal(pk) { |
| 408 | return errors.New("private key does not match issuer public key") |
| 409 | } |
| 410 | case *ecdsa.PublicKey: |
| 411 | pk, ok := signer.Public().(*ecdsa.PublicKey) |
| 412 | if !ok { |
| 413 | return errors.New("private key type does not match issuer public key type") |
| 414 | } |
| 415 | if !pub.Equal(pk) { |
| 416 | return errors.New("private key does not match issuer public key") |
| 417 | } |
| 418 | case ed25519.PublicKey: |
| 419 | pk, ok := signer.Public().(ed25519.PublicKey) |
| 420 | if !ok { |
| 421 | return errors.New("private key type does not match issuer public key type") |
| 422 | } |
| 423 | if !pub.Equal(pk) { |
| 424 | return errors.New("private key does not match issuer public key") |
| 425 | } |
| 426 | default: |
| 427 | return errors.New("unknown public key algorithm") |
| 428 | } |
| 429 | |
| 430 | return nil |
| 431 | } |
| 432 | |
| 433 | // validateIssuer makes sure the issuer can sign the certificate request. |
| 434 | func validateIssuer(crt *x509.Certificate, profile string, maxPathLen int) error { |
no test coverage detected
searching dependent graphs…