@ -25,7 +25,6 @@ import (
"crypto/rsa"
"crypto/x509"
"encoding/asn1"
"encoding/pem"
"errors"
"fmt"
"math/big"
@ -175,16 +174,7 @@ func (c *caFile) loadCertificate(caDirectory string) (*x509.Certificate, error)
return nil , fmt . Errorf ( "could not read %s: %w" , certFile , err )
}
pemData , _ := pem . Decode ( certData )
if pemData == nil {
return nil , fmt . Errorf ( "no PEM data in %s" , certFile )
}
if pemData . Type != "CERTIFICATE" {
return nil , fmt . Errorf ( "no certificate found in %s" , certFile )
}
certificate , err := x509 . ParseCertificate ( pemData . Bytes )
certificate , err := x509 . ParseCertificate ( certData )
if err != nil {
return nil , fmt . Errorf ( "could not parse certificate from %s: %w" , certFile , err )
}
@ -233,9 +223,11 @@ func (a *Access) GetRootCACertificate(label string) (*x509.Certificate, error) {
return certificate , nil
}
keyPair , err = a . getKeyPair ( label , caCert . KeyInfo )
if err != nil {
return nil , err
if a . IsSetupMode ( ) {
keyPair , err = a . getKeyPair ( label , caCert . KeyInfo )
if err != nil {
return nil , err
}
}
if certificate != nil {
@ -244,6 +236,8 @@ func (a *Access) GetRootCACertificate(label string) (*x509.Certificate, error) {
return nil , err
}
caCert . Certificate , caCert . KeyPair = certificate , keyPair
return certificate , nil
}
@ -355,7 +349,7 @@ func (a *Access) GetSubordinateCACertificate(certLabel string) (*x509.Certificat
ExtKeyUsage : caCert . ExtKeyUsage ,
IssuingCertificateURL : [ ] string { sc . BuildIssuerURL ( caCert ) } ,
OCSPServer : [ ] string { sc . BuildOCSPURL ( caCert ) } ,
CRLDistributionPoints : [ ] string { sc . BuildCRLUrl ( c aC ert) } ,
CRLDistributionPoints : [ ] string { sc . BuildCRLUrl ( c ertLabel ) } ,
PolicyIdentifiers : [ ] asn1 . ObjectIdentifier {
// use policy identifiers from http://wiki.cacert.org/OidAllocation
oidCAcertClass3PolicyV1 ,
@ -414,15 +408,10 @@ func (a *Access) generateSubordinateCACertificate(
parent . KeyPair ,
)
if err != nil {
return nil , fmt . Errorf ( "could not create subordinate CA certificate : %w", err )
return nil , fmt . Errorf ( "could not create subordinate CA certificate %s : %w", certLabel , err )
}
certBlock := & pem . Block {
Type : "CERTIFICATE" ,
Bytes : certBytes ,
}
err = certFile . storeCertificate ( a . caDirectory , pem . EncodeToMemory ( certBlock ) )
err = certFile . storeCertificate ( a . caDirectory , certBytes )
if err != nil {
return nil , err
}
@ -590,12 +579,7 @@ func (a *Access) generateRootCACertificate(
return nil , fmt . Errorf ( "could not create root certificate: %w" , err )
}
certBlock := & pem . Block {
Type : "CERTIFICATE" ,
Bytes : certBytes ,
}
if err = certFile . storeCertificate ( a . caDirectory , pem . EncodeToMemory ( certBlock ) ) ; err != nil {
if err = certFile . storeCertificate ( a . caDirectory , certBytes ) ; err != nil {
return nil , err
}