TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Move cas options under authority.

Browse source
This commit is contained in:
Mariano Cano 2020-10-19 18:08:51 -07:00
parent 6838233416
commit ef92a3a6d7
2 changed files with 14 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
authority/authority.go
View file

@ -156,8 +156,8 @@ func (a *Authority) init() error {
// Initialize the X.509 CA Service if it has not been set in the options. // Initialize the X.509 CA Service if it has not been set in the options.
if a.x509CAService == nil { if a.x509CAService == nil {
var options casapi.Options var options casapi.Options
if a.config.CAS != nil { if a.config.AuthorityConfig.Options != nil {
options = *a.config.CAS options = *a.config.AuthorityConfig.Options
} }
// Read intermediate and create X509 signer for default CAS. // Read intermediate and create X509 signer for default CAS.
@ -183,7 +183,7 @@ func (a *Authority) init() error {
// Get root certificate from CAS. // Get root certificate from CAS.
if srv, ok := a.x509CAService.(casapi.CertificateAuthorityGetter); ok { if srv, ok := a.x509CAService.(casapi.CertificateAuthorityGetter); ok {
resp, err := srv.GetCertificateAuthority(&casapi.GetCertificateAuthorityRequest{ resp, err := srv.GetCertificateAuthority(&casapi.GetCertificateAuthorityRequest{
Name: options.Certificateauthority, Name: options.CertificateAuthority,
}) })
if err != nil { if err != nil {
return err return err

17
authority/config.go
View file

@ -55,7 +55,6 @@ type Config struct {
Address string `json:"address"` Address string `json:"address"`
DNSNames []string `json:"dnsNames"` DNSNames []string `json:"dnsNames"`
KMS *kms.Options `json:"kms,omitempty"` KMS *kms.Options `json:"kms,omitempty"`
CAS *cas.Options `json:"cas,omitempty"`
SSH *SSHConfig `json:"ssh,omitempty"` SSH *SSHConfig `json:"ssh,omitempty"`
Logger json.RawMessage `json:"logger,omitempty"` Logger json.RawMessage `json:"logger,omitempty"`
DB *db.Config `json:"db,omitempty"` DB *db.Config `json:"db,omitempty"`
@ -78,8 +77,11 @@ type ASN1DN struct {
CommonName string `json:"commonName,omitempty" step:"commonName"` CommonName string `json:"commonName,omitempty" step:"commonName"`
} }
// AuthConfig represents the configuration options for the authority. // AuthConfig represents the configuration options for the authority. An
// underlaying registration authority can also be configured using the
// cas.Options.
type AuthConfig struct { type AuthConfig struct {
*cas.Options
Provisioners provisioner.List `json:"provisioners"` Provisioners provisioner.List `json:"provisioners"`
Template *ASN1DN `json:"template,omitempty"` Template *ASN1DN `json:"template,omitempty"`
Claims *provisioner.Claims `json:"claims,omitempty"` Claims *provisioner.Claims `json:"claims,omitempty"`
@ -185,8 +187,11 @@ func (c *Config) Validate() error {
return errors.New("dnsNames cannot be empty") return errors.New("dnsNames cannot be empty")
} }
// The default CAS requires root, crt and key. // Options holds the RA/CAS configuration.
if c.CAS.Is(cas.SoftCAS) { ra := c.AuthorityConfig.Options
// The default RA/CAS requires root, crt and key.
if ra.Is(cas.SoftCAS) {
switch { switch {
case c.Root.HasEmpties(): case c.Root.HasEmpties():
return errors.New("root cannot be empty") return errors.New("root cannot be empty")
@ -225,8 +230,8 @@ func (c *Config) Validate() error {
return err return err
} }
// Validate CAS options, nil is ok. // Validate RA/CAS options, nil is ok.
if err := c.CAS.Validate(); err != nil { if err := ra.Validate(); err != nil {
return err return err
} }