package hsm import ( "log" "git.cacert.org/cacert-gosigner/pkg/config" "github.com/ThalesIgnite/crypto11" ) func EnsureCAKeysAndCertificates(p11Context *crypto11.Context, conf *config.SignerConfig) error { var err error for _, root := range conf.CAs { root.Certificate, root.KeyPair, err = GetRootCACertificate(p11Context, conf.Global, root) if err != nil { return err } log.Printf("got root CA certificate:\n Subject %s\n Issuer %s\n Valid from %s until %s\n Serial %s", root.Certificate.Subject, root.Certificate.Issuer, root.Certificate.NotBefore, root.Certificate.NotAfter, root.Certificate.SerialNumber) for _, intermediary := range root.SubCAs { err := setupIntermediaries(p11Context, conf.Global, intermediary, root) if err != nil { return err } } } return nil } func setupIntermediaries(p11Context *crypto11.Context, settings *config.Settings, intermediary, parent *config.CaCertificateEntry) error { var err error intermediary.Parent = parent intermediary.Certificate, intermediary.KeyPair, err = GetIntermediaryCACertificate(p11Context, settings, intermediary) if err != nil { return err } log.Printf("got intermediary CA certificate:\n Subject %s\n Issuer %s\n Valid from %s until %s\n Serial %s", intermediary.Certificate.Subject, intermediary.Certificate.Issuer, intermediary.Certificate.NotBefore, intermediary.Certificate.NotAfter, intermediary.Certificate.SerialNumber) for _, sub := range intermediary.SubCAs { err := setupIntermediaries(p11Context, settings, sub, intermediary) if err != nil { return err } } return nil }