2021-02-25 23:32:21 +00:00
|
|
|
package scep
|
|
|
|
|
2021-03-12 14:49:39 +00:00
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"crypto"
|
|
|
|
"crypto/x509"
|
|
|
|
"strings"
|
2021-02-25 23:32:21 +00:00
|
|
|
|
2021-03-12 14:49:39 +00:00
|
|
|
"github.com/smallstep/certificates/cas/apiv1"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Service is a wrapper for crypto.Signer and crypto.Decrypter
|
2021-02-25 23:32:21 +00:00
|
|
|
type Service struct {
|
2021-03-12 14:49:39 +00:00
|
|
|
certificateChain []*x509.Certificate
|
|
|
|
signer crypto.Signer
|
|
|
|
decrypter crypto.Decrypter
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewService(ctx context.Context, opts apiv1.Options) (*Service, error) {
|
|
|
|
|
|
|
|
if err := opts.Validate(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
t := apiv1.Type(strings.ToLower(opts.Type))
|
|
|
|
if t == apiv1.DefaultCAS {
|
|
|
|
t = apiv1.SoftCAS
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: should this become similar to the New CertificateAuthorityService as in x509CAService?
|
|
|
|
return &Service{
|
|
|
|
chain: opts.CertificateChain,
|
|
|
|
signer: opts.Signer,
|
|
|
|
decrypter: opts.Decrypter,
|
|
|
|
}, nil
|
2021-02-25 23:32:21 +00:00
|
|
|
}
|