Add certificate signature verifier

micromdm · Jun 17, 2021 · fb68ac0 · fb68ac0
1 parent ac30b74
commit fb68ac0
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/certverify/pool.go b/certverify/pool.go
@@ -5,7 +5,7 @@ import (
 	"errors"
 )
 
-// Verifier is a simple certificate verifier
+// PoolVerifier is a simple certificate verifier
 type PoolVerifier struct {
 	verifyOpts x509.VerifyOptions
 }

diff --git a/certverify/signature.go b/certverify/signature.go
@@ -0,0 +1,28 @@
+package certverify
+
+import (
+	"crypto/x509"
+	"errors"
+)
+
+// SignatureVerifier is a simple certificate verifier
+type SignatureVerifier struct {
+	ca *x509.Certificate
+}
+
+// NewSignatureVerifier creates a new Verifier
+func NewSignatureVerifier(rootPEM []byte) (*SignatureVerifier, error) {
+	ca, err := x509.ParseCertificate(rootPEM)
+	if err != nil {
+		return nil, err
+	}
+	return &SignatureVerifier{ca: ca}, nil
+}
+
+// Verify checks only the signature of the certificate against the CA
+func (v *SignatureVerifier) Verify(cert *x509.Certificate) error {
+	if cert == nil {
+		return errors.New("missing MDM certificate")
+	}
+	return cert.CheckSignatureFrom(v.ca)
+}