forked from TrueCloudLab/certificates
Load provisioner from the database instead of the extension.
This commit is contained in:
Mariano Cano
parent
7d6116c3d0
commit
db337debcd
2 changed files with 31 additions and 5 deletions
|
|
@ -13,6 +13,7 @@ import (
|
|||
"github.com/smallstep/certificates/authority/admin"
|
||||
"github.com/smallstep/certificates/authority/config"
|
||||
"github.com/smallstep/certificates/authority/provisioner"
|
||||
"github.com/smallstep/certificates/db"
|
||||
"github.com/smallstep/certificates/errs"
|
||||
"go.step.sm/cli-utils/step"
|
||||
"go.step.sm/cli-utils/ui"
|
||||
|
|
@ -44,13 +45,36 @@ func (a *Authority) GetProvisioners(cursor string, limit int) (provisioner.List,
|
|||
// LoadProvisionerByCertificate returns an interface to the provisioner that
|
||||
// provisioned the certificate.
|
||||
func (a *Authority) LoadProvisionerByCertificate(crt *x509.Certificate) (provisioner.Interface, error) {
|
||||
// Default implementation looks at the provisioner extension.
|
||||
loadProvisioner := func() (provisioner.Interface, error) {
|
||||
p, ok := a.provisioners.LoadByCertificate(crt)
|
||||
if !ok {
|
||||
return nil, admin.NewError(admin.ErrorNotFoundType, "unable to load provisioner from certificate")
|
||||
}
|
||||
return p, nil
|
||||
}
|
||||
|
||||
// Attempt to load the provisioner using the linked db
|
||||
// TODO:(mariano)
|
||||
|
||||
// Attempt to load the provisioner from the db
|
||||
if db, ok := a.db.(interface {
|
||||
GetCertificateData(string) (*db.CertificateData, error)
|
||||
}); ok {
|
||||
if data, err := db.GetCertificateData(crt.SerialNumber.String()); err == nil && data.Provisioner != nil {
|
||||
loadProvisioner = func() (provisioner.Interface, error) {
|
||||
p, ok := a.provisioners.Load(data.Provisioner.ID)
|
||||
if !ok {
|
||||
return nil, admin.NewError(admin.ErrorNotFoundType, "unable to load provisioner from certificate")
|
||||
}
|
||||
return p, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
a.adminMutex.RLock()
|
||||
defer a.adminMutex.RUnlock()
|
||||
p, ok := a.provisioners.LoadByCertificate(crt)
|
||||
if !ok {
|
||||
return nil, admin.NewError(admin.ErrorNotFoundType, "unable to load provisioner from certificate")
|
||||
}
|
||||
return p, nil
|
||||
return loadProvisioner()
|
||||
}
|
||||
|
||||
// LoadProvisionerByToken returns an interface to the provisioner that
|
||||
|
|
|
|||
|
|
@ -347,6 +347,8 @@ func (a *Authority) storeCertificate(prov provisioner.Interface, fullchain []*x5
|
|||
|
||||
// Store certificate in local db
|
||||
switch s := a.db.(type) {
|
||||
case linkedChainStorer:
|
||||
return s.StoreCertificateChain(prov, fullchain...)
|
||||
case certificateChainStorer:
|
||||
return s.StoreCertificateChain(fullchain...)
|
||||
default:
|
||||
|
|
|
|||
Loading…
Reference in a new issue