(rootCert *x509.Certificate, rootKey crypto.Signer)
| 378 | } |
| 379 | |
| 380 | func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey crypto.Signer) (interCert *x509.Certificate, interKey crypto.Signer, err error) { |
| 381 | repl := ca.newReplacer() |
| 382 | |
| 383 | interCert, interKey, err = generateIntermediate(repl.ReplaceAll(ca.IntermediateCommonName, ""), rootCert, rootKey, time.Duration(ca.IntermediateLifetime)) |
| 384 | if err != nil { |
| 385 | return nil, nil, fmt.Errorf("generating CA intermediate: %v", err) |
| 386 | } |
| 387 | interCertPEM, err := pemEncodeCert(interCert.Raw) |
| 388 | if err != nil { |
| 389 | return nil, nil, fmt.Errorf("encoding intermediate certificate: %v", err) |
| 390 | } |
| 391 | err = ca.storage.Store(ca.ctx, ca.storageKeyIntermediateCert(), interCertPEM) |
| 392 | if err != nil { |
| 393 | return nil, nil, fmt.Errorf("saving intermediate certificate: %v", err) |
| 394 | } |
| 395 | interKeyPEM, err := certmagic.PEMEncodePrivateKey(interKey) |
| 396 | if err != nil { |
| 397 | return nil, nil, fmt.Errorf("encoding intermediate key: %v", err) |
| 398 | } |
| 399 | err = ca.storage.Store(ca.ctx, ca.storageKeyIntermediateKey(), interKeyPEM) |
| 400 | if err != nil { |
| 401 | return nil, nil, fmt.Errorf("saving intermediate key: %v", err) |
| 402 | } |
| 403 | |
| 404 | return interCert, interKey, nil |
| 405 | } |
| 406 | |
| 407 | func (ca CA) storageKeyCAPrefix() string { |
| 408 | return path.Join("pki", "authorities", certmagic.StorageKeys.Safe(ca.ID)) |
no test coverage detected