MCPcopy
hub / github.com/caddyserver/caddy / verifyKeysMatch

Function verifyKeysMatch

modules/caddypki/crypto.go:127–158  ·  view source on GitHub ↗

verifyKeysMatch verifies that the public key in the [x509.Certificate] matches the public key of the [crypto.Signer].

(crt *x509.Certificate, signer crypto.Signer)

Source from the content-addressed store, hash-verified

125// verifyKeysMatch verifies that the public key in the [x509.Certificate] matches
126// the public key of the [crypto.Signer].
127func verifyKeysMatch(crt *x509.Certificate, signer crypto.Signer) error {
128 switch pub := crt.PublicKey.(type) {
129 case *rsa.PublicKey:
130 pk, ok := signer.Public().(*rsa.PublicKey)
131 if !ok {
132 return fmt.Errorf("private key type %T does not match issuer public key type %T", signer.Public(), pub)
133 }
134 if !pub.Equal(pk) {
135 return errors.New("private key does not match issuer public key")
136 }
137 case *ecdsa.PublicKey:
138 pk, ok := signer.Public().(*ecdsa.PublicKey)
139 if !ok {
140 return fmt.Errorf("private key type %T does not match issuer public key type %T", signer.Public(), pub)
141 }
142 if !pub.Equal(pk) {
143 return errors.New("private key does not match issuer public key")
144 }
145 case ed25519.PublicKey:
146 pk, ok := signer.Public().(ed25519.PublicKey)
147 if !ok {
148 return fmt.Errorf("private key type %T does not match issuer public key type %T", signer.Public(), pub)
149 }
150 if !pub.Equal(pk) {
151 return errors.New("private key does not match issuer public key")
152 }
153 default:
154 return fmt.Errorf("unsupported key type: %T", pub)
155 }
156
157 return nil
158}

Callers 1

LoadMethod · 0.85

Calls 1

EqualMethod · 0.45

Tested by

no test coverage detected