certificates/authority/provisioner/provisioner.go
2019-03-06 18:36:35 -08:00

134 lines
3.5 KiB
Go

package provisioner
import (
"crypto/x509"
"encoding/json"
"strings"
"github.com/pkg/errors"
)
// Interface is the interface that all provisioner types must implement.
type Interface interface {
GetID() string
GetName() string
GetType() Type
GetEncryptedKey() (kid string, key string, ok bool)
Init(config Config) error
Authorize(token string) ([]SignOption, error)
AuthorizeRenewal(cert *x509.Certificate) error
AuthorizeRevoke(token string) error
}
// Type indicates the provisioner Type.
type Type int
const (
// TypeJWK is used to indicate the JWK provisioners.
TypeJWK Type = 1
// TypeOIDC is used to indicate the OIDC provisioners.
TypeOIDC Type = 2
)
// Config defines the default parameters used in the initialization of
// provisioners.
type Config struct {
// Claims are the default claims.
Claims Claims
// Audiences are the audiences used in the default provisioner, (JWK).
Audiences []string
}
type provisioner struct {
Type string `json:"type"`
}
// Provisioner implements the provisioner.Interface on a base provisioner. It
// also implements custom marshalers and unmarshalers so different provisioners
// can be represented in a configuration type.
type Provisioner struct {
base Interface
}
// New creates a new provisioner from the base provisioner.
func New(base Interface) *Provisioner {
return &Provisioner{
base: base,
}
}
// Base returns the base type of the provisioner.
func (p *Provisioner) Base() Interface {
return p.base
}
// GetID returns the base provisioner unique ID. This identifier is used as the
// key in a provisioner.Collection.
func (p *Provisioner) GetID() string {
return p.base.GetID()
}
// GetEncryptedKey returns the base provisioner encrypted key if it's defined.
func (p *Provisioner) GetEncryptedKey() (string, string, bool) {
return p.base.GetEncryptedKey()
}
// GetName returns the name of the provisioner
func (p *Provisioner) GetName() string {
return p.base.GetName()
}
// GetType return the provisioners type.
func (p *Provisioner) GetType() Type {
return p.base.GetType()
}
// Init initializes the base provisioner with the given claims.
func (p *Provisioner) Init(c Config) error {
return p.base.Init(c)
}
// Authorize validates the given token on the base provisioner returning a list
// of options to validate the signing request.
func (p *Provisioner) Authorize(token string) ([]SignOption, error) {
return p.base.Authorize(token)
}
// AuthorizeRenewal checks if the base provisioner authorizes the renewal.
func (p *Provisioner) AuthorizeRenewal(cert *x509.Certificate) error {
return p.base.AuthorizeRenewal(cert)
}
// AuthorizeRevoke checks on the base provisioner if the given token has revoke
// access.
func (p *Provisioner) AuthorizeRevoke(token string) error {
return p.base.AuthorizeRevoke(token)
}
// MarshalJSON implements the json.Marshaler interface on the Provisioner type.
func (p *Provisioner) MarshalJSON() ([]byte, error) {
return json.Marshal(p.base)
}
// UnmarshalJSON implements the json.Unmarshaler interface on the Provisioner
// type.
func (p *Provisioner) UnmarshalJSON(data []byte) error {
var typ provisioner
if err := json.Unmarshal(data, &typ); err != nil {
return errors.Errorf("error unmarshaling provisioner")
}
switch strings.ToLower(typ.Type) {
case "jwk":
p.base = &JWK{}
case "oidc":
p.base = &OIDC{}
default:
return errors.Errorf("provisioner type %s not supported", typ.Type)
}
if err := json.Unmarshal(data, &p.base); err != nil {
return errors.Errorf("error unmarshaling provisioner")
}
return nil
}