11
func verifyCertificates() error {
12
_, err := tls.X509KeyPair([]byte(CACertPEM), []byte(CAKeyPEM))
14
return fmt.Errorf("bad CA cert key pair: %v", err)
16
_, err = tls.X509KeyPair([]byte(serverCertPEM), []byte(serverKeyPEM))
18
return fmt.Errorf("bad server cert key pair: %v", err)
20
caCert, err := trivial.ParseCertificate([]byte(CACertPEM))
24
serverCert, err := trivial.ParseCertificate([]byte(serverCertPEM))
28
pool := x509.NewCertPool()
30
opts := x509.VerifyOptions{
34
_, err = serverCert.Verify(opts)
36
return fmt.Errorf("verification failed: %v", err)
42
// if err := verifyCertificates(); err != nil {
9
47
// CACertPEM and CAKeyPEM make up a CA key pair.
10
48
// CACertX509 and CAKeyRSA hold their parsed equivalents.
37
75
-----END RSA PRIVATE KEY-----
39
77
CAKeyRSA = mustParseKeyPEM(CAKeyPEM)
79
// serverCertPEM holds a certificate siged by the above CA cert.
81
-----BEGIN CERTIFICATE-----
82
MIIBfDCCASigAwIBAgIBADALBgkqhkiG9w0BAQUwJjENMAsGA1UEChMEanVqdTEV
83
MBMGA1UEAxMManVqdSB0ZXN0aW5nMB4XDTEyMTEyNDEzMDY1OVoXDTIyMTEyNDEz
84
MTE1OVowGjEMMAoGA1UEChMDaG1tMQowCAYDVQQDEwEqMFkwCwYJKoZIhvcNAQEB
85
A0oAMEcCQF9KBtClwqaJuvhRKNNdsxyrdVTfgNhLTf1DX+Z3iBTpvb8fxihC9xQv
86
voslONe+wL1MQi8QkjUzex1Z7abC+m8CAwEAAaNSMFAwDgYDVR0PAQH/BAQDAgAQ
87
MB0GA1UdDgQWBBRUQs95lLcaqz6iGce/APLVfdw5ZjAfBgNVHSMEGDAWgBRQqPrU
88
s3Mlim0tNfp20ruYuj6LTTALBgkqhkiG9w0BAQUDQQBBBuMUIKFpSVjhm1ybbHnC
89
BP6lvBILWjb6h7f0hFFQQq2Ks8Hr1cwoRNQQFe06qIb7GFhwu6RoY3BDRPAQbZG5
90
-----END CERTIFICATE-----
93
// serverKeyPEM holds the private key for serverCertPEM.
95
-----BEGIN RSA PRIVATE KEY-----
96
MIIBOQIBAAJAX0oG0KXCpom6+FEo012zHKt1VN+A2EtN/UNf5neIFOm9vx/GKEL3
97
FC++iyU4177AvUxCLxCSNTN7HVntpsL6bwIDAQABAkBP3qifspDZLpC9GqnxoJRE
98
76JFJaHFqjkQk6yKbJ5viAUU+rrsKPuU8Sk1oP005QtzofWQKKP8dLZg50dCpDWB
99
AiEAjViPqgn2tYt/64xJDUjOK1fMpY/yiK0aEmXFXTctgX8CIQCslXcTO03XeZpD
100
0WJDDmEeex2gwAJC2SqtH3XOL3EfEQIgaNWmuJdrRHuTBUGnbRLy13LndmStnnHF
101
RJ/3IowqVEECIQCVPzBZdkir1aJdkZ47RR0hwfBuSn3qF2m7i2BSLV7TMQIgR/0Q
102
TgZwrr9JK+c8N+/YQ8zMv85a4POQHZnNHrVKeRQ=
103
-----END RSA PRIVATE KEY-----
42
108
func mustParseCertPEM(pemData string) *x509.Certificate {
43
109
b, _ := pem.Decode([]byte(pemData))
44
110
if b.Type != "CERTIFICATE" {