package mainimport ( "crypto/x509" "encoding/pem" "io/ioutil" "log" "os"

1. package main
2.  
3. import (
4. "crypto/x509"
5. "encoding/pem"
6. "io/ioutil"
7. "log"
8. "os"
9. )
10.  
11. func main() {
12. log.Printf("Usage: verify_certificate SERVER_NAME CERT.pem CHAIN.pem")
13.  
14. serverName := os.Args[1]
15.  
16. certPEM, err := ioutil.ReadFile(os.Args[2])
17. if err != nil {
18. log.Fatal(err)
19. }
20.  
21. rootPEM, err := ioutil.ReadFile(os.Args[3])
22. if err != nil {
23. log.Fatal(err)
24. }
25.  
26. roots := x509.NewCertPool()
27. ok := roots.AppendCertsFromPEM([]byte(rootPEM))
28. if !ok {
29. panic("failed to parse root certificate")
30. }
31.  
32. block, _ := pem.Decode([]byte(certPEM))
33. if block == nil {
34. panic("failed to parse certificate PEM")
35. }
36. cert, err := x509.ParseCertificate(block.Bytes)
37. if err != nil {
38. panic("failed to parse certificate: " + err.Error())
39. }
40.  
41. opts := x509.VerifyOptions{
42. Roots: roots,
43. DNSName: serverName,
44. Intermediates: x509.NewCertPool(),
45. }
46.  
47. if _, err := cert.Verify(opts); err != nil {
48. panic("failed to verify certificate: " + err.Error())
49. }
50.  
51. log.Printf("verification succeeds")
52. }