certificates/authority/admin/api/acme.go

95 lines
2.9 KiB
Go
Raw Normal View History

2021-07-23 13:41:24 +00:00
package api
import (
"net/http"
2021-08-27 12:10:00 +00:00
"github.com/go-chi/chi"
2021-07-23 13:41:24 +00:00
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority/admin"
"go.step.sm/linkedca"
2021-07-23 13:41:24 +00:00
)
// CreateExternalAccountKeyRequest is the type for POST /admin/acme/eab requests
type CreateExternalAccountKeyRequest struct {
ProvisionerName string `json:"provisioner"`
Name string `json:"name"`
2021-07-23 13:41:24 +00:00
}
// Validate validates a new-admin request body.
func (r *CreateExternalAccountKeyRequest) Validate() error {
if r.ProvisionerName == "" {
return admin.NewError(admin.ErrorBadRequestType, "provisioner name cannot be empty")
}
if r.Name == "" {
return admin.NewError(admin.ErrorBadRequestType, "name / reference cannot be empty")
}
return nil
2021-07-23 13:41:24 +00:00
}
// GetExternalAccountKeysResponse is the type for GET /admin/acme/eab responses
type GetExternalAccountKeysResponse struct {
EAKs []*linkedca.EABKey `json:"eaks"`
NextCursor string `json:"nextCursor"`
2021-07-23 13:41:24 +00:00
}
// CreateExternalAccountKey creates a new External Account Binding key
func (h *Handler) CreateExternalAccountKey(w http.ResponseWriter, r *http.Request) {
var body CreateExternalAccountKeyRequest
if err := api.ReadJSON(r.Body, &body); err != nil { // TODO: rewrite into protobuf json (likely)
api.WriteError(w, admin.WrapError(admin.ErrorBadRequestType, err, "error reading request body"))
2021-07-23 13:41:24 +00:00
return
}
if err := body.Validate(); err != nil {
api.WriteError(w, err)
return
}
2021-07-23 13:41:24 +00:00
eak, err := h.acmeDB.CreateExternalAccountKey(r.Context(), body.ProvisionerName, body.Name)
2021-07-23 13:41:24 +00:00
if err != nil {
api.WriteError(w, admin.WrapErrorISE(err, "error creating external account key %s", body.Name))
return
}
response := &linkedca.EABKey{
EabKid: eak.ID,
EabHmacKey: eak.KeyBytes,
ProvisionerName: eak.ProvisionerName,
Name: eak.Name,
2021-07-23 13:41:24 +00:00
}
api.ProtoJSONStatus(w, response, http.StatusCreated)
2021-07-23 13:41:24 +00:00
}
2021-08-27 12:10:00 +00:00
// DeleteExternalAccountKey deletes an ACME External Account Key.
func (h *Handler) DeleteExternalAccountKey(w http.ResponseWriter, r *http.Request) {
id := chi.URLParam(r, "id")
if err := h.acmeDB.DeleteExternalAccountKey(r.Context(), id); err != nil {
api.WriteError(w, admin.WrapErrorISE(err, "error deleting ACME EAB Key %s", id))
return
}
api.JSON(w, &DeleteResponse{Status: "ok"})
}
2021-07-23 13:41:24 +00:00
// GetExternalAccountKeys returns a segment of ACME EAB Keys.
func (h *Handler) GetExternalAccountKeys(w http.ResponseWriter, r *http.Request) {
// cursor, limit, err := api.ParseCursor(r)
// if err != nil {
// api.WriteError(w, admin.WrapError(admin.ErrorBadRequestType, err,
// "error parsing cursor and limit from query params"))
// return
// }
// eaks, nextCursor, err := h.acmeDB.GetExternalAccountKeys(cursor, limit)
// if err != nil {
// api.WriteError(w, admin.WrapErrorISE(err, "error retrieving paginated admins"))
// return
// }
// api.JSON(w, &GetExternalAccountKeysResponse{
// EAKs: eaks,
// NextCursor: nextCursor,
// })
}