78 lines
2.4 KiB
Go
78 lines
2.4 KiB
Go
|
package mgmt
|
||
|
|
||
|
import (
|
||
|
"github.com/smallstep/certificates/authority/config"
|
||
|
"github.com/smallstep/certificates/authority/provisioner"
|
||
|
)
|
||
|
|
||
|
// AuthConfig represents the Authority Configuration.
|
||
|
type AuthConfig struct {
|
||
|
//*cas.Options `json:"cas"`
|
||
|
ID string `json:"id"`
|
||
|
ASN1DN *config.ASN1DN `json:"template,omitempty"`
|
||
|
Provisioners []*Provisioner `json:"-"`
|
||
|
Admins []*Admin `json:"-"`
|
||
|
Claims *Claims `json:"claims,omitempty"`
|
||
|
Backdate string `json:"backdate,omitempty"`
|
||
|
Status StatusType `json:"status,omitempty"`
|
||
|
}
|
||
|
|
||
|
func NewDefaultAuthConfig() *AuthConfig {
|
||
|
return &AuthConfig{
|
||
|
Claims: &Claims{
|
||
|
X509: &X509Claims{
|
||
|
Durations: &Durations{
|
||
|
Min: config.GlobalProvisionerClaims.MinTLSDur.String(),
|
||
|
Max: config.GlobalProvisionerClaims.MaxTLSDur.String(),
|
||
|
Default: config.GlobalProvisionerClaims.DefaultTLSDur.String(),
|
||
|
},
|
||
|
},
|
||
|
SSH: &SSHClaims{
|
||
|
UserDurations: &Durations{
|
||
|
Min: config.GlobalProvisionerClaims.MinUserSSHDur.String(),
|
||
|
Max: config.GlobalProvisionerClaims.MaxUserSSHDur.String(),
|
||
|
Default: config.GlobalProvisionerClaims.DefaultUserSSHDur.String(),
|
||
|
},
|
||
|
HostDurations: &Durations{
|
||
|
Min: config.GlobalProvisionerClaims.MinHostSSHDur.String(),
|
||
|
Max: config.GlobalProvisionerClaims.MaxHostSSHDur.String(),
|
||
|
Default: config.GlobalProvisionerClaims.DefaultHostSSHDur.String(),
|
||
|
},
|
||
|
},
|
||
|
DisableRenewal: config.DefaultDisableRenewal,
|
||
|
},
|
||
|
Backdate: config.DefaultBackdate.String(),
|
||
|
Status: StatusActive,
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// ToCertificates converts a mgmt AuthConfig to configuration that can be
|
||
|
// directly used by the `step-ca` process. Resources are normalized and
|
||
|
// initialized.
|
||
|
func (ac *AuthConfig) ToCertificates() (*config.AuthConfig, error) {
|
||
|
claims, err := ac.Claims.ToCertificates()
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
backdate, err := provisioner.NewDuration(ac.Backdate)
|
||
|
if err != nil {
|
||
|
return nil, WrapErrorISE(err, "error converting backdate %s to duration", ac.Backdate)
|
||
|
}
|
||
|
var provs []provisioner.Interface
|
||
|
for _, p := range ac.Provisioners {
|
||
|
authProv, err := p.ToCertificates()
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
provs = append(provs, authProv)
|
||
|
}
|
||
|
return &config.AuthConfig{
|
||
|
AuthorityID: ac.ID,
|
||
|
Provisioners: provs,
|
||
|
Template: ac.ASN1DN,
|
||
|
Claims: claims,
|
||
|
DisableIssuedAtCheck: false,
|
||
|
Backdate: backdate,
|
||
|
}, nil
|
||
|
}
|