MCPcopy Index your code
hub / github.com/smallstep/cli / verifyAction

Function verifyAction

command/certificate/verify.go:149–378  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

147}
148
149func verifyAction(ctx *cli.Context) error {
150 if err := errs.NumberOfArguments(ctx, 1); err != nil {
151 return err
152 }
153
154 var (
155 crtFile = ctx.Args().Get(0)
156 host = ctx.String("host")
157 serverName = ctx.String("servername")
158 roots = ctx.String("roots")
159 verifyOCSP = ctx.Bool("verify-ocsp")
160 ocspEndpoint = ctx.String("ocsp-endpoint")
161 verifyCRL = ctx.Bool("verify-crl")
162 crlEndpoint = ctx.String("crl-endpoint")
163 verbose = ctx.Bool("verbose")
164 issuerFile = ctx.String("issuing-ca")
165 insecure = ctx.Bool("insecure")
166 intermediatePool = x509.NewCertPool()
167 rootPool *x509.CertPool
168 cert *x509.Certificate
169 issuer *x509.Certificate
170 httpClient *http.Client
171 )
172
173 switch addr, isURL, err := trimURL(crtFile); {
174 case err != nil:
175 return err
176 case isURL:
177 peerCertificates, err := getPeerCertificates(addr, serverName, roots, false)
178 if err != nil {
179 return err
180 }
181 cert = peerCertificates[0]
182 for _, pc := range peerCertificates {
183 intermediatePool.AddCert(pc)
184 }
185 default:
186 crtBytes, err := os.ReadFile(crtFile)
187 if err != nil {
188 return errs.FileError(err, crtFile)
189 }
190
191 var (
192 ipems []byte
193 block *pem.Block
194 )
195 // The first certificate PEM in the file is our leaf Certificate.
196 // Any certificate after the first is added to the list of Intermediate
197 // certificates used for path validation.
198 for len(crtBytes) > 0 {
199 block, crtBytes = pem.Decode(crtBytes)
200 if block == nil {
201 return errors.Errorf("%s contains an invalid PEM block", crtFile)
202 }
203 if block.Type != "CERTIFICATE" {
204 continue
205 }
206 if cert == nil {

Callers

nothing calls this directly

Calls 7

trimURLFunction · 0.85
getPeerCertificatesFunction · 0.85
VerifyCRLEndpointFunction · 0.85
VerifyOCSPEndpointFunction · 0.85
VerifyMethod · 0.80
StringMethod · 0.65
CloseMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…