func (db *DB) GetCertPaths(cert *certificate.Certificate) (paths certificate.Paths, err error) { paths.Cert = cert xcert, err := cert.ToX509() if err != nil { return } parents, err := db.GetCACertsBySubject(cert.Issuer) if err != nil { return } for _, parent := range parents { var ( curPath certificate.Paths xparent *x509.Certificate ) curPath.Cert = parent xparent, err = parent.ToX509() if err != nil { return } // verify the parent signed the cert, or skip it if xcert.CheckSignatureFrom(xparent) != nil { continue } // if the parent is self-signed, we have a root, no need to go deeper if parent.IsSelfSigned() { paths.Parents = append(paths.Parents, curPath) continue } // if the parent is not self signed, we grab its own parents curPath, err := db.GetCertPaths(parent) if err != nil { continue } paths.Parents = append(paths.Parents, curPath) } return }