TrueCloudLab/certificates
16
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Add provisioners endpoints.

Browse source
This commit is contained in:
Mariano Cano 2018-10-08 19:06:30 -07:00
parent c284a2c0ab
commit ff67c17893
1 changed files with 38 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
api/api.go
View file

@ -13,6 +13,7 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/smallstep/cli/crypto/tlsutil" "github.com/smallstep/cli/crypto/tlsutil"
"github.com/smallstep/cli/crypto/x509util" "github.com/smallstep/cli/crypto/x509util"
"github.com/smallstep/cli/jose"
) )
// Minimum and maximum validity of an end-entity (not root or intermediate) certificate. // Minimum and maximum validity of an end-entity (not root or intermediate) certificate.
@ -45,6 +46,8 @@ type Authority interface {
Root(shasum string) (*x509.Certificate, error) Root(shasum string) (*x509.Certificate, error)
Sign(cr *x509.CertificateRequest, opts SignOptions, claims ...Claim) (*x509.Certificate, *x509.Certificate, error) Sign(cr *x509.CertificateRequest, opts SignOptions, claims ...Claim) (*x509.Certificate, *x509.Certificate, error)
Renew(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) Renew(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)
GetProvisioners() (map[string]*jose.JSONWebKeySet, error)
GetEncryptedKey(kid string) (string, error)
} }
// Certificate wraps a *x509.Certificate and adds the json.Marshaler interface. // Certificate wraps a *x509.Certificate and adds the json.Marshaler interface.
@ -169,6 +172,18 @@ type SignRequest struct {
NotBefore time.Time `json:"notBefore"` NotBefore time.Time `json:"notBefore"`
} }
// ProvisionersResponse is the response object that returns the map of
// provisioners.
type ProvisionersResponse struct {
Provisioners map[string]*jose.JSONWebKeySet `json:"provisioners"`
}
// ProvisionerKeyResponse is the response object that returns the encryptoed key
// of a provisioner.
type ProvisionerKeyResponse struct {
Key string `json:"key"`
}
// Validate checks the fields of the SignRequest and returns nil if they are ok // Validate checks the fields of the SignRequest and returns nil if they are ok
// or an error if something is wrong. // or an error if something is wrong.
func (s *SignRequest) Validate() error { func (s *SignRequest) Validate() error {
@ -233,6 +248,8 @@ func (h *caHandler) Route(r Router) {
r.MethodFunc("GET", "/root/{sha}", h.Root) r.MethodFunc("GET", "/root/{sha}", h.Root)
r.MethodFunc("POST", "/sign", h.Sign) r.MethodFunc("POST", "/sign", h.Sign)
r.MethodFunc("POST", "/renew", h.Renew) r.MethodFunc("POST", "/renew", h.Renew)
r.MethodFunc("GET", "/provisioners", h.Provisioners)
r.MethodFunc("GET", "/provisioners/{kid}/encrypted-key", h.ProvisionerKey)
} }
// Health is an HTTP handler that returns the status of the server. // Health is an HTTP handler that returns the status of the server.
@ -315,3 +332,24 @@ func (h *caHandler) Renew(w http.ResponseWriter, r *http.Request) {
TLSOptions: h.Authority.GetTLSOptions(), TLSOptions: h.Authority.GetTLSOptions(),
}) })
} }
// Provisioners returns the list of provisioners configured in the authority.
func (h *caHandler) Provisioners(w http.ResponseWriter, r *http.Request) {
p, err := h.Authority.GetProvisioners()
if err != nil {
WriteError(w, InternalServerError(err))
return
}
JSON(w, &ProvisionersResponse{p})
}
// ProvisionerKey returns the encrypted key of a provisioner by it's key id.
func (h *caHandler) ProvisionerKey(w http.ResponseWriter, r *http.Request) {
kid := chi.URLParam(r, "kid")
key, err := h.Authority.GetEncryptedKey(kid)
if err != nil {
WriteError(w, NotFound(err))
return
}
JSON(w, &ProvisionerKeyResponse{key})
}