69 lines
1.7 KiB
Go
69 lines
1.7 KiB
Go
package ca
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/smallstep/cli/config"
|
|
)
|
|
|
|
// IdentityType represents the different types of identity files.
|
|
type IdentityType string
|
|
|
|
// MutualTLS represents the identity using mTLS
|
|
const MutualTLS IdentityType = "mTLS"
|
|
|
|
// IdentityFile contains the location of the identity file.
|
|
var IdentityFile = filepath.Join(config.StepPath(), "config", "identity.json")
|
|
|
|
// Identity represents the identity file that can be used to authenticate with
|
|
// the CA.
|
|
type Identity struct {
|
|
Type string `json:"type"`
|
|
Certificate string `json:"crt"`
|
|
Key string `json:"key"`
|
|
}
|
|
|
|
// Kind returns the type for the given identity.
|
|
func (i *Identity) Kind() IdentityType {
|
|
switch strings.ToLower(i.Type) {
|
|
case "mtls":
|
|
return MutualTLS
|
|
default:
|
|
return IdentityType(i.Type)
|
|
}
|
|
}
|
|
|
|
// Validate validates the identity object.
|
|
func (i *Identity) Validate() error {
|
|
switch i.Kind() {
|
|
case MutualTLS:
|
|
if i.Certificate == "" {
|
|
return errors.New("identity.crt cannot be empty")
|
|
}
|
|
if i.Key == "" {
|
|
return errors.New("identity.key cannot be empty")
|
|
}
|
|
return nil
|
|
case "":
|
|
return errors.New("identity.type cannot be empty")
|
|
default:
|
|
return errors.Errorf("unsupported identity type %s", i.Type)
|
|
}
|
|
}
|
|
|
|
// Options returns the ClientOptions used for the given identity.
|
|
func (i *Identity) Options() ([]ClientOption, error) {
|
|
switch i.Kind() {
|
|
case MutualTLS:
|
|
crt, err := tls.LoadX509KeyPair(i.Certificate, i.Key)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "error creating identity certificate")
|
|
}
|
|
return []ClientOption{WithCertificate(crt)}, nil
|
|
default:
|
|
return nil, errors.Errorf("unsupported identity type %s", i.Type)
|
|
}
|
|
}
|