func SubmitAndInstall(keys *tao.Keys, csr *CSR) {
verbose.Printf("Obtaining certificate from CA (may take a while)\n")
resp, err := Submit(keys, csr)
options.FailIf(err, "can't obtain X509 certificate from CA")
if len(resp) == 0 {
options.Fail(nil, "no x509 certificates returned from CA")
}
// Add the certs to our keys...
keys.Cert["default"] = resp[0]
for i, c := range resp {
name := "ca"
if i > 0 {
name = fmt.Sprintf("ca-%d", i)
}
keys.Cert[name] = c
}
if keys.X509Path("default") != "" {
err = keys.SaveCerts()
}
options.FailIf(err, "can't save X509 certificates")
chain := keys.CertChain("default")
verbose.Printf("Obtained certfificate chain of length %d:\n", len(chain))
for i, cert := range chain {
verbose.Printf(" Cert[%d] Subject: %s\n", i, x509txt.RDNString(cert.Subject))
}
if Warn {
fmt.Println("Note: You may need to install root CA's key into the browser.")
}
}
// LoadKeys loads and https key and cert from a directory. This is meant to be
// called from user-facing apps.
func LoadKeys(kdir string) *tao.Keys {
// TODO(kwalsh) merge x509 load/save code into keys.go
keys, err := tao.LoadOnDiskTaoSealedKeys(tao.Signing, tao.Parent(), kdir, tao.SealPolicyDefault)
options.FailIf(err, "can't load tao-sealed HTTPS/TLS keys")
chain := keys.CertChain("default")
verbose.Printf("Using existing certfificate chain of length %d:\n", len(chain))
for i, cert := range chain {
verbose.Printf(" Cert[%d] Subject: %s\n", i, x509txt.RDNString(cert.Subject))
}
return keys
}