2020-09-09 02:26:32 +00:00
package apiv1
import (
2020-09-11 02:09:46 +00:00
"crypto"
"crypto/x509"
2020-09-09 02:26:32 +00:00
"github.com/pkg/errors"
2020-10-23 22:04:09 +00:00
"github.com/smallstep/certificates/kms"
2020-09-09 02:26:32 +00:00
)
// Options represents the configuration options used to select and configure the
// CertificateAuthorityService (CAS) to use.
type Options struct {
// The type of the CAS to use.
Type string ` json:"type" `
// Path to the credentials file used in CloudCAS
CredentialsFile string ` json:"credentialsFile" `
2020-09-11 02:09:46 +00:00
// CertificateAuthority reference. In CloudCAS the format is
// `projects/*/locations/*/certificateAuthorities/*`.
2020-10-20 01:44:27 +00:00
CertificateAuthority string ` json:"certificateAuthority" `
2020-09-11 02:09:46 +00:00
2020-12-28 23:12:37 +00:00
// Certificate and signer are the issuer certificate,along with any other bundled certificates to be returned in the chain for consumers, and signer used in SoftCAS.
2020-09-11 02:09:46 +00:00
// They are configured in ca.json crt and key properties.
2020-12-24 04:41:10 +00:00
CertificateChain [ ] * x509 . Certificate
2021-02-25 23:32:21 +00:00
Signer crypto . Signer ` json:"-" `
Decrypter crypto . Decrypter ` json:"-" `
2020-10-23 22:04:09 +00:00
// IsCreator is set to true when we're creating a certificate authority. Is
// used to skip some validations when initializing a CertificateAuthority.
IsCreator bool ` json:"-" `
// KeyManager is the KMS used to generate keys in SoftCAS.
KeyManager kms . KeyManager ` json:"-" `
// Project and Location are parameters used in CloudCAS to create a new
// certificate authority.
Project string ` json:"-" `
Location string ` json:"-" `
2020-09-09 02:26:32 +00:00
}
// Validate checks the fields in Options.
func ( o * Options ) Validate ( ) error {
2020-09-11 02:09:46 +00:00
var typ Type
2020-09-09 02:26:32 +00:00
if o == nil {
2020-09-11 02:09:46 +00:00
typ = Type ( SoftCAS )
} else {
typ = Type ( o . Type )
2020-09-09 02:26:32 +00:00
}
2020-09-11 02:09:46 +00:00
// Check that the type can be loaded.
if _ , ok := LoadCertificateAuthorityServiceNewFunc ( typ ) ; ! ok {
return errors . Errorf ( "unsupported cas type %s" , typ )
2020-09-09 02:26:32 +00:00
}
return nil
}
2020-09-10 23:19:18 +00:00
2020-09-21 22:11:25 +00:00
// Is returns if the options have the given type.
func ( o * Options ) Is ( t Type ) bool {
2020-09-10 23:19:18 +00:00
if o == nil {
2020-09-11 02:09:46 +00:00
return t . String ( ) == SoftCAS
2020-09-10 23:19:18 +00:00
}
return Type ( o . Type ) . String ( ) == t . String ( )
}