It("does not return an error when cert and key are valid", func() {
err := certificateValidator.Validate("some-command-name", certFilePath, keyFilePath, "")
Expect(err).NotTo(HaveOccurred())
})
It("does not return an error when cert, key, and chain are valid", func() {
err := certificateValidator.Validate("some-command-name", certFilePath, keyFilePath, chainFilePath)
Expect(err).NotTo(HaveOccurred())
})
It("returns an error if cert and key are not provided", func() {
err := certificateValidator.Validate("some-command-name", "", "", "")
expectedErr := multierror.NewMultiError("some-command-name")
expectedErr.Add(errors.New("--cert is required"))
expectedErr.Add(errors.New("--key is required"))
Expect(err).To(Equal(expectedErr))
})
It("returns an error if the cert key file does not exist", func() {
err := certificateValidator.Validate("some-command-name", "/some/fake/cert/path", "/some/fake/key/path", "")
expectedErr := multierror.NewMultiError("some-command-name")
expectedErr.Add(errors.New(`certificate file not found: "/some/fake/cert/path"`))
expectedErr.Add(errors.New(`key file not found: "/some/fake/key/path"`))
Expect(err).To(Equal(expectedErr))
})
func (c CertificateValidator) Validate(command, certPath, keyPath, chainPath string) error {
var err error
var certificateData []byte
var keyData []byte
var chainData []byte
validateErrors := multierror.NewMultiError(command)
if certificateData, err = c.validateFileAndFormat("certificate", "--cert", certPath); err != nil {
validateErrors.Add(err)
}
if keyData, err = c.validateFileAndFormat("key", "--key", keyPath); err != nil {
validateErrors.Add(err)
}
if chainPath != "" {
if chainData, err = c.validateFileAndFormat("chain", "--chain", chainPath); err != nil {
validateErrors.Add(err)
}
}
if validateErrors.Length() > 0 {
return validateErrors
}
privateKey, err := c.parsePrivateKey(keyData)
if err != nil {
validateErrors.Add(err)
}
certificate, err := c.parseCertificate(certificateData)
if err != nil {
validateErrors.Add(err)
}
var certPool *x509.CertPool
if chainPath != "" {
certPool, err = c.parseChain(chainData)
if err != nil {
validateErrors.Add(err)
}
}
if privateKey != nil && certificate != nil {
if err := c.validateCertAndKey(certificate, privateKey); err != nil {
validateErrors.Add(err)
}
}
if certPool != nil && certificate != nil {
if err := c.validateCertAndChain(certificate, certPool); err != nil {
validateErrors.Add(err)
}
}
if validateErrors.Length() > 0 {
return validateErrors
}
return nil
}