(tx *bbolt.Tx, env Env)
| 86 | } |
| 87 | |
| 88 | func (entity *Ca) toBoltEntityForCreate(tx *bbolt.Tx, env Env) (*db.Ca, error) { |
| 89 | if entity.IdentityNameFormat == "" { |
| 90 | entity.IdentityNameFormat = DefaultCaIdentityNameFormat |
| 91 | } |
| 92 | |
| 93 | if entity.ExternalIdClaim != nil { |
| 94 | if entity.ExternalIdClaim.Matcher == db.ExternalIdClaimMatcherScheme && entity.ExternalIdClaim.Location != db.ExternalIdClaimLocSanUri { |
| 95 | return nil, apierror.NewBadRequestFieldError(*errorz.NewFieldError("scheme matcher can only be used with URI locations", "matcher", entity.ExternalIdClaim.Matcher)) |
| 96 | } |
| 97 | } |
| 98 | |
| 99 | var fp string |
| 100 | |
| 101 | if entity.CertPem != "" { |
| 102 | blocks, err := cert.PemChain2Blocks(entity.CertPem) |
| 103 | |
| 104 | if err != nil { |
| 105 | return nil, errorz.NewFieldError(err.Error(), "certPem", entity.CertPem) |
| 106 | } |
| 107 | |
| 108 | if len(blocks) == 0 { |
| 109 | return nil, errorz.NewFieldError("at least one leaf certificate must be supplied", "certPem", entity.CertPem) |
| 110 | } |
| 111 | |
| 112 | certs, err := cert.Blocks2Certs(blocks) |
| 113 | |
| 114 | if err != nil { |
| 115 | return nil, errorz.NewFieldError(err.Error(), "certPem", entity.CertPem) |
| 116 | } |
| 117 | |
| 118 | leaf := certs[0] |
| 119 | |
| 120 | if !leaf.IsCA { |
| 121 | //return nil, &response.ApiError{ |
| 122 | // Code: response.CertificateIsNotCaCode, |
| 123 | // Message: response.CertificateIsNotCaMessage, |
| 124 | // HttpStatusCode: http.StatusBadRequest, |
| 125 | //} |
| 126 | return nil, errors.New("certificate is not a CA") |
| 127 | } |
| 128 | fp = cert.NewFingerprintGenerator().FromCert(certs[0]) |
| 129 | } |
| 130 | |
| 131 | if fp == "" { |
| 132 | return nil, fmt.Errorf("invalid certificate, could not parse PEM body") |
| 133 | } |
| 134 | |
| 135 | query := fmt.Sprintf(`fingerprint = "%v"`, fp) |
| 136 | queryResults, _, err := env.GetStores().Ca.QueryIds(tx, query) |
| 137 | |
| 138 | if err != nil { |
| 139 | return nil, err |
| 140 | } |
| 141 | if len(queryResults) > 0 { |
| 142 | return nil, errorz.NewFieldError(fmt.Sprintf("certificate already used as CA %s", queryResults[0]), "certPem", entity.CertPem) |
| 143 | } |
| 144 | |
| 145 | boltEntity := &db.Ca{ |
nothing calls this directly
no test coverage detected