(ctx *cli.Context)
| 147 | } |
| 148 | |
| 149 | func verifyAction(ctx *cli.Context) error { |
| 150 | if err := errs.NumberOfArguments(ctx, 1); err != nil { |
| 151 | return err |
| 152 | } |
| 153 | |
| 154 | var ( |
| 155 | crtFile = ctx.Args().Get(0) |
| 156 | host = ctx.String("host") |
| 157 | serverName = ctx.String("servername") |
| 158 | roots = ctx.String("roots") |
| 159 | verifyOCSP = ctx.Bool("verify-ocsp") |
| 160 | ocspEndpoint = ctx.String("ocsp-endpoint") |
| 161 | verifyCRL = ctx.Bool("verify-crl") |
| 162 | crlEndpoint = ctx.String("crl-endpoint") |
| 163 | verbose = ctx.Bool("verbose") |
| 164 | issuerFile = ctx.String("issuing-ca") |
| 165 | insecure = ctx.Bool("insecure") |
| 166 | intermediatePool = x509.NewCertPool() |
| 167 | rootPool *x509.CertPool |
| 168 | cert *x509.Certificate |
| 169 | issuer *x509.Certificate |
| 170 | httpClient *http.Client |
| 171 | ) |
| 172 | |
| 173 | switch addr, isURL, err := trimURL(crtFile); { |
| 174 | case err != nil: |
| 175 | return err |
| 176 | case isURL: |
| 177 | peerCertificates, err := getPeerCertificates(addr, serverName, roots, false) |
| 178 | if err != nil { |
| 179 | return err |
| 180 | } |
| 181 | cert = peerCertificates[0] |
| 182 | for _, pc := range peerCertificates { |
| 183 | intermediatePool.AddCert(pc) |
| 184 | } |
| 185 | default: |
| 186 | crtBytes, err := os.ReadFile(crtFile) |
| 187 | if err != nil { |
| 188 | return errs.FileError(err, crtFile) |
| 189 | } |
| 190 | |
| 191 | var ( |
| 192 | ipems []byte |
| 193 | block *pem.Block |
| 194 | ) |
| 195 | // The first certificate PEM in the file is our leaf Certificate. |
| 196 | // Any certificate after the first is added to the list of Intermediate |
| 197 | // certificates used for path validation. |
| 198 | for len(crtBytes) > 0 { |
| 199 | block, crtBytes = pem.Decode(crtBytes) |
| 200 | if block == nil { |
| 201 | return errors.Errorf("%s contains an invalid PEM block", crtFile) |
| 202 | } |
| 203 | if block.Type != "CERTIFICATE" { |
| 204 | continue |
| 205 | } |
| 206 | if cert == nil { |
nothing calls this directly
no test coverage detected
searching dependent graphs…