package authority import ( "crypto/x509" "net/http" "github.com/pkg/errors" ) // Root returns the certificate corresponding to the given SHA sum argument. func (a *Authority) Root(sum string) (*x509.Certificate, error) { val, ok := a.certificates.Load(sum) if !ok { return nil, &apiError{errors.Errorf("certificate with fingerprint %s was not found", sum), http.StatusNotFound, context{}} } crt, ok := val.(*x509.Certificate) if !ok { return nil, &apiError{errors.Errorf("stored value is not a *x509.Certificate"), http.StatusInternalServerError, context{}} } return crt, nil } // GetRootCertificate returns the server root certificate. func (a *Authority) GetRootCertificate() *x509.Certificate { return a.rootX509Certs[0] } // GetRootCertificates returns the server root certificates. func (a *Authority) GetRootCertificates() []*x509.Certificate { return a.rootX509Certs } // GetRoots returns all the root certificates for this CA. func (a *Authority) GetRoots(peer *x509.Certificate) (federation []*x509.Certificate, err error) { // Check step provisioner extensions if err := a.authorizeRenewal(peer); err != nil { return nil, err } return a.rootX509Certs, nil } // GetFederation returns all the root certificates in the federation. func (a *Authority) GetFederation(peer *x509.Certificate) (federation []*x509.Certificate, err error) { // Check step provisioner extensions if err := a.authorizeRenewal(peer); err != nil { return nil, err } a.certificates.Range(func(k, v interface{}) bool { crt, ok := v.(*x509.Certificate) if !ok { federation = nil err = &apiError{errors.Errorf("stored value is not a *x509.Certificate"), http.StatusInternalServerError, context{}} return false } federation = append(federation, crt) return true }) return }