alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Adapt api package to new interfaces.

Browse source
This commit is contained in:
Mariano Cano 2019-07-29 12:52:13 -07:00
parent e1cd5ee8c3
commit ba2ba54928
3 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
api/api.go
View file

@ -1,6 +1,7 @@
package api package api
import ( import (
"context"
"crypto/dsa" "crypto/dsa"
"crypto/ecdsa" "crypto/ecdsa"
"crypto/rsa" "crypto/rsa"
@ -29,7 +30,7 @@ type Authority interface {
SSHAuthority SSHAuthority
// NOTE: Authorize will be deprecated in future releases. Please use the // NOTE: Authorize will be deprecated in future releases. Please use the
// context specific Authoirize[Sign|Revoke|etc.] methods. // context specific Authoirize[Sign|Revoke|etc.] methods.
Authorize(ott string) ([]provisioner.SignOption, error) Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error)
AuthorizeSign(ott string) ([]provisioner.SignOption, error) AuthorizeSign(ott string) ([]provisioner.SignOption, error)
GetTLSOptions() *tlsutil.TLSOptions GetTLSOptions() *tlsutil.TLSOptions
Root(shasum string) (*x509.Certificate, error) Root(shasum string) (*x509.Certificate, error)

18
api/api_test.go
View file

@ -23,6 +23,8 @@ import (
"testing" "testing"
"time" "time"
"golang.org/x/crypto/ssh"
"github.com/go-chi/chi" "github.com/go-chi/chi"
"github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority"
"github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/authority/provisioner"
@ -418,7 +420,7 @@ type mockProvisioner struct {
getEncryptedKey func() (string, string, bool) getEncryptedKey func() (string, string, bool)
init func(provisioner.Config) error init func(provisioner.Config) error
authorizeRevoke func(ott string) error authorizeRevoke func(ott string) error
authorizeSign func(ott string) ([]provisioner.SignOption, error) authorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
authorizeRenewal func(*x509.Certificate) error authorizeRenewal func(*x509.Certificate) error
} }
@ -474,9 +476,9 @@ func (m *mockProvisioner) AuthorizeRevoke(ott string) error {
return m.err return m.err
} }
func (m *mockProvisioner) AuthorizeSign(ott string) ([]provisioner.SignOption, error) { func (m *mockProvisioner) AuthorizeSign(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
if m.authorizeSign != nil { if m.authorizeSign != nil {
return m.authorizeSign(ott) return m.authorizeSign(ctx, ott)
} }
return m.ret1.([]provisioner.SignOption), m.err return m.ret1.([]provisioner.SignOption), m.err
} }
@ -495,6 +497,7 @@ type mockAuthority struct {
getTLSOptions func() *tlsutil.TLSOptions getTLSOptions func() *tlsutil.TLSOptions
root func(shasum string) (*x509.Certificate, error) root func(shasum string) (*x509.Certificate, error)
sign func(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error) sign func(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)
singSSH func(key ssh.PublicKey, opts provisioner.SSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
renew func(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) renew func(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)
loadProvisionerByCertificate func(cert *x509.Certificate) (provisioner.Interface, error) loadProvisionerByCertificate func(cert *x509.Certificate) (provisioner.Interface, error)
getProvisioners func(nextCursor string, limit int) (provisioner.List, string, error) getProvisioners func(nextCursor string, limit int) (provisioner.List, string, error)
@ -505,7 +508,7 @@ type mockAuthority struct {
} }
// TODO: remove once Authorize is deprecated. // TODO: remove once Authorize is deprecated.
func (m *mockAuthority) Authorize(ott string) ([]provisioner.SignOption, error) { func (m *mockAuthority) Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
return m.AuthorizeSign(ott) return m.AuthorizeSign(ott)
} }
@ -537,6 +540,13 @@ func (m *mockAuthority) Sign(cr *x509.CertificateRequest, opts provisioner.Optio
return m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate), m.err return m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate), m.err
} }
func (m *mockAuthority) SignSSH(key ssh.PublicKey, opts provisioner.SSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) {
if m.singSSH != nil {
return m.singSSH(key, opts, signOpts...)
}
return m.ret1.(*ssh.Certificate), m.err
}
func (m *mockAuthority) Renew(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) { func (m *mockAuthority) Renew(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) {
if m.renew != nil { if m.renew != nil {
return m.renew(cert) return m.renew(cert)

4
api/ssh.go
View file

@ -1,6 +1,7 @@
package api package api
import ( import (
"context"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"net/http" "net/http"
@ -111,7 +112,8 @@ func (h *caHandler) SignSSH(w http.ResponseWriter, r *http.Request) {
ValidAfter: body.ValidAfter, ValidAfter: body.ValidAfter,
} }
signOpts, err := h.Authority.AuthorizeSign(body.OTT) ctx := provisioner.NewContextWithMethod(context.Background(), provisioner.SignSSHMethod)
signOpts, err := h.Authority.Authorize(ctx, body.OTT)
if err != nil { if err != nil {
WriteError(w, Unauthorized(err)) WriteError(w, Unauthorized(err))
return return