func (s *fdbStore) validateCert(certID string, c *fdb.Collection) error {
ss, err := fdb.String(c.Open("url"))
if err != nil {
return err
}
ss = strings.TrimSpace(ss)
if !acmeapi.ValidURL(ss) {
return fmt.Errorf("certificate has invalid URI")
}
actualCertID := determineCertificateID(ss)
if certID != actualCertID {
return fmt.Errorf("cert ID mismatch: %#v != %#v", certID, actualCertID)
}
crt := &Certificate{
URL: ss,
Certificates: nil,
Cached: false,
RevocationDesired: fdb.Exists(c, "revoke"),
Revoked: fdb.Exists(c, "revoked"),
}
fullchain, err := fdb.Bytes(c.Open("fullchain"))
if err == nil {
certs, err := acmeutils.LoadCertificates(fullchain)
if err != nil {
return err
}
xcrt, err := x509.ParseCertificate(certs[0])
if err != nil {
return err
}
keyID := determineKeyIDFromCert(xcrt)
crt.Key = s.keys[keyID]
if crt.Key != nil {
err := c.WriteLink("privkey", fdb.Link{Target: "keys/" + keyID + "/privkey"})
if err != nil {
return err
}
}
crt.Certificates = certs
crt.Cached = true
}
s.certs[certID] = crt
return nil
}
