MCPcopy Index your code
hub / github.com/smallstep/cli / validateIssuerKey

Function validateIssuerKey

command/certificate/sign.go:400–431  ·  view source on GitHub ↗

validateIssuerKey makes sure the issuer and key matches.

(crt *x509.Certificate, signer crypto.Signer)

Source from the content-addressed store, hash-verified

398
399// validateIssuerKey makes sure the issuer and key matches.
400func validateIssuerKey(crt *x509.Certificate, signer crypto.Signer) error {
401 switch pub := crt.PublicKey.(type) {
402 case *rsa.PublicKey:
403 pk, ok := signer.Public().(*rsa.PublicKey)
404 if !ok {
405 return errors.New("private key type does not match issuer public key type")
406 }
407 if !pub.Equal(pk) {
408 return errors.New("private key does not match issuer public key")
409 }
410 case *ecdsa.PublicKey:
411 pk, ok := signer.Public().(*ecdsa.PublicKey)
412 if !ok {
413 return errors.New("private key type does not match issuer public key type")
414 }
415 if !pub.Equal(pk) {
416 return errors.New("private key does not match issuer public key")
417 }
418 case ed25519.PublicKey:
419 pk, ok := signer.Public().(ed25519.PublicKey)
420 if !ok {
421 return errors.New("private key type does not match issuer public key type")
422 }
423 if !pub.Equal(pk) {
424 return errors.New("private key does not match issuer public key")
425 }
426 default:
427 return errors.New("unknown public key algorithm")
428 }
429
430 return nil
431}
432
433// validateIssuer makes sure the issuer can sign the certificate request.
434func validateIssuer(crt *x509.Certificate, profile string, maxPathLen int) error {

Callers 1

signActionFunction · 0.85

Calls 1

PublicMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…