Skip to content

Commit 3a8a0f4

Browse files
author
Andrew Hare
committed
fix: VerifyOwnerCertBytes wrapper function
1 parent 75e6c33 commit 3a8a0f4

File tree

2 files changed

+19
-22
lines changed

2 files changed

+19
-22
lines changed

gateway/rest/client.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -296,7 +296,7 @@ func (c *client) verifyPeerCertificate(certificates [][]byte, _ [][]*x509.Certif
296296
return errors.Errorf("tls: invalid certificate chain")
297297
}
298298

299-
prov, err := utils.VerifyOwnerCert(
299+
prov, err := utils.VerifyOwnerCertBytes(
300300
context.Background(),
301301
certificates,
302302
c.host.Hostname(),

gateway/utils/utils.go

Lines changed: 18 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ func NewServerTLSConfig(ctx context.Context, certs []tls.Certificate, cquery cty
2323
InsecureSkipVerify: true, // nolint: gosec
2424
MinVersion: tls.VersionTLS13,
2525
VerifyPeerCertificate: func(certificates [][]byte, _ [][]*x509.Certificate) error {
26-
if _, err := VerifyOwnerCert(ctx, certificates, "", x509.ExtKeyUsageClientAuth, cquery); err != nil {
26+
if _, err := VerifyOwnerCertBytes(ctx, certificates, "", x509.ExtKeyUsageClientAuth, cquery); err != nil {
2727
return err
2828
}
2929
return nil
@@ -33,17 +33,7 @@ func NewServerTLSConfig(ctx context.Context, certs []tls.Certificate, cquery cty
3333
return cfg, nil
3434
}
3535

36-
type cert interface {
37-
*x509.Certificate | []byte
38-
}
39-
40-
func VerifyOwnerCert[T cert](
41-
ctx context.Context,
42-
chain []T,
43-
dnsName string,
44-
usage x509.ExtKeyUsage,
45-
cquery ctypes.QueryClient,
46-
) (sdk.Address, error) {
36+
func VerifyOwnerCertBytes(ctx context.Context, chain [][]byte, dnsName string, usage x509.ExtKeyUsage, cquery ctypes.QueryClient) (sdk.Address, error) {
4737
if len(chain) == 0 {
4838
return nil, nil
4939
}
@@ -52,18 +42,25 @@ func VerifyOwnerCert[T cert](
5242
return nil, errors.Errorf("tls: invalid certificate chain")
5343
}
5444

55-
var c *x509.Certificate
45+
c, err := x509.ParseCertificate(chain[0])
46+
if err != nil {
47+
return nil, fmt.Errorf("tls: failed to parse certificate: %w", err)
48+
}
5649

57-
switch t := any(chain).(type) {
58-
case []*x509.Certificate:
59-
c = t[0]
60-
case [][]byte:
61-
var err error
62-
if c, err = x509.ParseCertificate(t[0]); err != nil {
63-
return nil, fmt.Errorf("tls: failed to parse certificate: %w", err)
64-
}
50+
return VerifyOwnerCert(ctx, []*x509.Certificate{c}, dnsName, usage, cquery)
51+
}
52+
53+
func VerifyOwnerCert(ctx context.Context, chain []*x509.Certificate, dnsName string, usage x509.ExtKeyUsage, cquery ctypes.QueryClient) (sdk.Address, error) {
54+
if len(chain) == 0 {
55+
return nil, nil
56+
}
57+
58+
if len(chain) > 1 {
59+
return nil, errors.Errorf("tls: invalid certificate chain")
6560
}
6661

62+
c := chain[0]
63+
6764
// validation
6865
owner, err := sdk.AccAddressFromBech32(c.Subject.CommonName)
6966
if err != nil {

0 commit comments

Comments
 (0)