util

func ExtractCertificates ¶

func ExtractCertificates(cfInstanceCertContents string) (intermediateCert, identityCert *x509.Certificate, err error)

ExtractCertificates takes the contents of the file at CF_INSTANCE_CERT, which typically are comprised of two certificates. One is the identity certificate, and one is an intermediate CA certificate which is crucial in linking the identity cert back to the configured root certificate. It splits these two certificates apart, and identifies the certificate marked as a CA as the intermediate cert, and the one not marked as a CA as the identity certificate. It may error if the given file contents or certificates aren't as expected.

func NewCFClient ¶

func NewCFClient(config *models.Configuration) (*cfclient.Client, error)

NewCFClient does some work that's needed every time we use the CF client, namely using cleanhttp and configuring it to match the user conf.

func Validate ¶

func Validate(caCerts []string, intermediateCert, identityCert, signingCert *x509.Certificate) error

Validate takes a group of trusted CA certificates, an intermediate certificate, an identity certificate, and a signing certificate, and makes sure they have the following properties:

• The identity certificate is the same as the signing certificate
• The identity certificate chains to at least one trusted CA