func (db *DB) GetCertPaths(cert *certificate.Certificate) (paths certificate.Paths, err error) {
paths.Cert = cert
xcert, err := cert.ToX509()
if err != nil {
return
}
parents, err := db.GetCACertsBySubject(cert.Issuer)
if err != nil {
return
}
for _, parent := range parents {
var (
curPath certificate.Paths
xparent *x509.Certificate
)
curPath.Cert = parent
xparent, err = parent.ToX509()
if err != nil {
return
}
// verify the parent signed the cert, or skip it
if xcert.CheckSignatureFrom(xparent) != nil {
continue
}
// if the parent is self-signed, we have a root, no need to go deeper
if parent.IsSelfSigned() {
paths.Parents = append(paths.Parents, curPath)
continue
}
// if the parent is not self signed, we grab its own parents
curPath, err := db.GetCertPaths(parent)
if err != nil {
continue
}
paths.Parents = append(paths.Parents, curPath)
}
return
}
