cacert-gosigner/pkg/hsm/setup.go

package hsm

import (
	"log"

	"git.cacert.org/cacert-gosigner/pkg/config"
	"github.com/ThalesIgnite/crypto11"
)

func EnsureCAKeysAndCertificates(p11Context *crypto11.Context, conf *config.SignerConfig) error {
	var err error

	for _, root := range conf.CAs {
		root.Certificate, root.KeyPair, err = GetRootCACertificate(p11Context, conf.Global, root)
		if err != nil {
			return err
		}

		log.Printf("got root CA certificate:\n Subject %s\n Issuer %s\n Valid from %s until %s\n Serial %s",
			root.Certificate.Subject,
			root.Certificate.Issuer,
			root.Certificate.NotBefore,
			root.Certificate.NotAfter,
			root.Certificate.SerialNumber)

		for _, intermediary := range root.SubCAs {
			err := setupIntermediaries(p11Context, conf.Global, intermediary, root)
			if err != nil {
				return err
			}
		}
	}

	return nil
}

func setupIntermediaries(p11Context *crypto11.Context, settings *config.Settings, intermediary, parent *config.CaCertificateEntry) error {
	var err error

	intermediary.Parent = parent

	intermediary.Certificate, intermediary.KeyPair, err = GetIntermediaryCACertificate(p11Context, settings, intermediary)
	if err != nil {
		return err
	}

	log.Printf("got intermediary CA certificate:\n Subject %s\n Issuer %s\n Valid from %s until %s\n Serial %s",
		intermediary.Certificate.Subject,
		intermediary.Certificate.Issuer,
		intermediary.Certificate.NotBefore,
		intermediary.Certificate.NotAfter,
		intermediary.Certificate.SerialNumber)

	for _, sub := range intermediary.SubCAs {
		err := setupIntermediaries(p11Context, settings, sub, intermediary)
		if err != nil {
			return err
		}
	}

	return nil
}