tokenserver/appengine/impl/certchecker/rpc_check_certificate.go - infra/luci/luci-go - Git at Google

 // Copyright 2016 The LUCI Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package certchecker

 import (
 	"context"
 	"crypto/x509"

 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

 	"go.chromium.org/luci/tokenserver/api/admin/v1"
 	"go.chromium.org/luci/tokenserver/appengine/impl/utils"
 )

 // CheckCertificateRPC implements CertificateAuthorities.CheckCertificate
 // RPC method.
 type CheckCertificateRPC struct {
 }

 // CheckCertificate says whether a certificate is valid or not.
 func (r *CheckCertificateRPC) CheckCertificate(c context.Context, req *admin.CheckCertificateRequest) (*admin.CheckCertificateResponse, error) {
 	// Deserialize the cert.
 	der, err := utils.ParsePEM(req.CertPem, "CERTIFICATE")
 	if err != nil {
 		return nil, status.Errorf(codes.InvalidArgument, "can't parse 'cert_pem' - %s", err)
 	}
 	cert, err := x509.ParseCertificate(der)
 	if err != nil {
 		return nil, status.Errorf(codes.InvalidArgument, "can't parse 'cert-pem' - %s", err)
 	}

 	// Find a checker for the CA that signed the cert, check the certificate.
 	checker, err := GetCertChecker(c, cert.Issuer.CommonName)
 	if err == nil {
 		_, err = checker.CheckCertificate(c, cert)
 		if err == nil {
 			return &admin.CheckCertificateResponse{
 				IsValid: true,
 			}, nil
 		}
 	}

 	// Recognize error codes related to CA cert checking. Everything else is
 	// transient errors.
 	if details, ok := err.(Error); ok {
 		return &admin.CheckCertificateResponse{
 			IsValid:       false,
 			InvalidReason: details.Error(),
 		}, nil
 	}
 	return nil, status.Errorf(codes.Internal, "failed to check the certificate - %s", err)
 }
	// Copyright 2016 The LUCI Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package certchecker

	import (
	"context"
	"crypto/x509"

	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"

	"go.chromium.org/luci/tokenserver/api/admin/v1"
	"go.chromium.org/luci/tokenserver/appengine/impl/utils"
	)

	// CheckCertificateRPC implements CertificateAuthorities.CheckCertificate
	// RPC method.
	type CheckCertificateRPC struct {
	}

	// CheckCertificate says whether a certificate is valid or not.
	func (r CheckCertificateRPC) CheckCertificate(c context.Context, req admin.CheckCertificateRequest) (*admin.CheckCertificateResponse, error) {
	// Deserialize the cert.
	der, err := utils.ParsePEM(req.CertPem, "CERTIFICATE")
	if err != nil {
	return nil, status.Errorf(codes.InvalidArgument, "can't parse 'cert_pem' - %s", err)
	}
	cert, err := x509.ParseCertificate(der)
	if err != nil {
	return nil, status.Errorf(codes.InvalidArgument, "can't parse 'cert-pem' - %s", err)
	}

	// Find a checker for the CA that signed the cert, check the certificate.
	checker, err := GetCertChecker(c, cert.Issuer.CommonName)
	if err == nil {
	_, err = checker.CheckCertificate(c, cert)
	if err == nil {
	return &admin.CheckCertificateResponse{
	IsValid: true,
	}, nil
	}
	}

	// Recognize error codes related to CA cert checking. Everything else is
	// transient errors.
	if details, ok := err.(Error); ok {
	return &admin.CheckCertificateResponse{
	IsValid: false,
	InvalidReason: details.Error(),
	}, nil
	}
	return nil, status.Errorf(codes.Internal, "failed to check the certificate - %s", err)
	}