loadCertResource loads a certificate resource from the given issuer's storage location.
(ctx context.Context, issuer Issuer, certNamesKey string)
| 238 | |
| 239 | // loadCertResource loads a certificate resource from the given issuer's storage location. |
| 240 | func (cfg *Config) loadCertResource(ctx context.Context, issuer Issuer, certNamesKey string) (CertificateResource, error) { |
| 241 | certRes := CertificateResource{issuerKey: issuer.IssuerKey()} |
| 242 | |
| 243 | // don't use the Lookup profile because we might be loading a wildcard cert which is rejected by the Lookup profile |
| 244 | normalizedName, err := idna.ToASCII(certNamesKey) |
| 245 | if err != nil { |
| 246 | return CertificateResource{}, fmt.Errorf("converting '%s' to ASCII: %v", certNamesKey, err) |
| 247 | } |
| 248 | |
| 249 | keyBytes, err := cfg.Storage.Load(ctx, StorageKeys.SitePrivateKey(certRes.issuerKey, normalizedName)) |
| 250 | if err != nil { |
| 251 | return CertificateResource{}, err |
| 252 | } |
| 253 | certRes.PrivateKeyPEM = keyBytes |
| 254 | certBytes, err := cfg.Storage.Load(ctx, StorageKeys.SiteCert(certRes.issuerKey, normalizedName)) |
| 255 | if err != nil { |
| 256 | return CertificateResource{}, err |
| 257 | } |
| 258 | certRes.CertificatePEM = certBytes |
| 259 | metaBytes, err := cfg.Storage.Load(ctx, StorageKeys.SiteMeta(certRes.issuerKey, normalizedName)) |
| 260 | if err != nil { |
| 261 | return CertificateResource{}, err |
| 262 | } |
| 263 | err = json.Unmarshal(metaBytes, &certRes) |
| 264 | if err != nil { |
| 265 | return CertificateResource{}, fmt.Errorf("decoding certificate metadata: %v", err) |
| 266 | } |
| 267 | |
| 268 | return certRes, nil |
| 269 | } |
| 270 | |
| 271 | // hashCertificateChain computes the unique hash of certChain, |
| 272 | // which is the chain of DER-encoded bytes. It returns the |