func verifyCertificateChain()

in codelabs/health_data_analysis_codelab/src/uwear/workload.go [237:268]

• 24 lines of code
• 5 McCabe index (conditional complexity)

func verifyCertificateChain(certificates CertificateChain) error {
	// Additional check: Verify that all certificates in the cert chain are valid.
	// Note: The *x509.Certificate Verify method in golang already validates this but for other coding
	// languages it is important to make sure the certificate lifetimes are checked.
	if isCertificateLifetimeValid(certificates.LeafCert) {
		return fmt.Errorf("leaf certificate is not valid")
	}

	if isCertificateLifetimeValid(certificates.IntermediateCert) {
		return fmt.Errorf("intermediate certificate is not valid")
	}
	interPool := x509.NewCertPool()
	interPool.AddCert(certificates.IntermediateCert)

	if isCertificateLifetimeValid(certificates.RootCert) {
		return fmt.Errorf("root certificate is not valid")
	}
	rootPool := x509.NewCertPool()
	rootPool.AddCert(certificates.RootCert)

	_, err := certificates.LeafCert.Verify(x509.VerifyOptions{
		Intermediates: interPool,
		Roots:         rootPool,
		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
	})

	if err != nil {
		return fmt.Errorf("failed to verify certificate chain: %v", err)
	}

	return nil
}