MCPcopy
hub / github.com/openziti/ziti / toBoltEntityForCreate

Method toBoltEntityForCreate

controller/model/ca_model.go:88–171  ·  view source on GitHub ↗
(tx *bbolt.Tx, env Env)

Source from the content-addressed store, hash-verified

86}
87
88func (entity *Ca) toBoltEntityForCreate(tx *bbolt.Tx, env Env) (*db.Ca, error) {
89 if entity.IdentityNameFormat == "" {
90 entity.IdentityNameFormat = DefaultCaIdentityNameFormat
91 }
92
93 if entity.ExternalIdClaim != nil {
94 if entity.ExternalIdClaim.Matcher == db.ExternalIdClaimMatcherScheme && entity.ExternalIdClaim.Location != db.ExternalIdClaimLocSanUri {
95 return nil, apierror.NewBadRequestFieldError(*errorz.NewFieldError("scheme matcher can only be used with URI locations", "matcher", entity.ExternalIdClaim.Matcher))
96 }
97 }
98
99 var fp string
100
101 if entity.CertPem != "" {
102 blocks, err := cert.PemChain2Blocks(entity.CertPem)
103
104 if err != nil {
105 return nil, errorz.NewFieldError(err.Error(), "certPem", entity.CertPem)
106 }
107
108 if len(blocks) == 0 {
109 return nil, errorz.NewFieldError("at least one leaf certificate must be supplied", "certPem", entity.CertPem)
110 }
111
112 certs, err := cert.Blocks2Certs(blocks)
113
114 if err != nil {
115 return nil, errorz.NewFieldError(err.Error(), "certPem", entity.CertPem)
116 }
117
118 leaf := certs[0]
119
120 if !leaf.IsCA {
121 //return nil, &response.ApiError{
122 // Code: response.CertificateIsNotCaCode,
123 // Message: response.CertificateIsNotCaMessage,
124 // HttpStatusCode: http.StatusBadRequest,
125 //}
126 return nil, errors.New("certificate is not a CA")
127 }
128 fp = cert.NewFingerprintGenerator().FromCert(certs[0])
129 }
130
131 if fp == "" {
132 return nil, fmt.Errorf("invalid certificate, could not parse PEM body")
133 }
134
135 query := fmt.Sprintf(`fingerprint = "%v"`, fp)
136 queryResults, _, err := env.GetStores().Ca.QueryIds(tx, query)
137
138 if err != nil {
139 return nil, err
140 }
141 if len(queryResults) > 0 {
142 return nil, errorz.NewFieldError(fmt.Sprintf("certificate already used as CA %s", queryResults[0]), "certPem", entity.CertPem)
143 }
144
145 boltEntity := &db.Ca{

Callers

nothing calls this directly

Calls 9

NewBadRequestFieldErrorFunction · 0.92
PemChain2BlocksFunction · 0.92
Blocks2CertsFunction · 0.92
NewFingerprintGeneratorFunction · 0.92
NewFunction · 0.92
ErrorMethod · 0.65
NewMethod · 0.65
FromCertMethod · 0.65
GetStoresMethod · 0.65

Tested by

no test coverage detected