func (node *nodeImpl) loadEnrollmentCertificate() error {
node.log.Debug("Loading enrollment certificate at [%s]...", node.conf.getEnrollmentCertPath())
pemEnrollCert, err := ioutil.ReadFile(node.conf.getEnrollmentCertPath())
if err != nil {
node.log.Error("Failed loading enrollment certificate [%s].", err.Error())
return err
}
enrollCert, rawEnrollCert, err := utils.PEMtoCertificateAndDER(pemEnrollCert)
if err != nil {
node.log.Error("Failed parsing enrollment certificate [%s].", err.Error())
return err
}
node.enrollCert = enrollCert
pk := node.enrollCert.PublicKey.(*ecdsa.PublicKey)
err = utils.VerifySignCapability(node.enrollPrivKey, pk)
if err != nil {
node.log.Error("Failed checking enrollment certificate against enrollment key [%s].", err.Error())
return err
}
// Set node ID
node.id = utils.Hash(rawEnrollCert)
node.log.Debug("Setting id to [%s].", utils.EncodeBase64(node.id))
return nil
}
func (ks *keyStore) loadCertX509AndDer(alias string) (*x509.Certificate, []byte, error) {
path := ks.conf.getPathForAlias(alias)
ks.log.Debug("Loading certificate [%s] at [%s]...", alias, path)
pem, err := ioutil.ReadFile(path)
if err != nil {
ks.log.Error("Failed loading certificate [%s]: [%s].", alias, err.Error())
return nil, nil, err
}
cert, der, err := utils.PEMtoCertificateAndDER(pem)
if err != nil {
ks.log.Error("Failed parsing certificate [%s]: [%s].", alias, err.Error())
return nil, nil, err
}
return cert, der, nil
}