forked from TrueCloudLab/certificates
47 lines
1.1 KiB
Go
47 lines
1.1 KiB
Go
package authority
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/smallstep/cli/jose"
|
|
)
|
|
|
|
// GetEncryptedKey returns the JWE key corresponding to the given kid argument.
|
|
func (a *Authority) GetEncryptedKey(kid string) (string, error) {
|
|
val, ok := a.encryptedKeyIndex.Load(kid)
|
|
if !ok {
|
|
return "", &apiError{errors.Errorf("encrypted key with kid %s was not found", kid),
|
|
http.StatusNotFound, context{}}
|
|
}
|
|
|
|
key, ok := val.(string)
|
|
if !ok {
|
|
return "", &apiError{errors.Errorf("stored value is not a string"),
|
|
http.StatusInternalServerError, context{}}
|
|
}
|
|
return key, nil
|
|
}
|
|
|
|
// GetProvisioners returns a map listing each provisioner and the JWK Key Set
|
|
// with their public keys.
|
|
func (a *Authority) GetProvisioners() (map[string]*jose.JSONWebKeySet, error) {
|
|
pks := map[string]*jose.JSONWebKeySet{}
|
|
a.provisionerIDIndex.Range(func(key, val interface{}) bool {
|
|
p, ok := val.(*Provisioner)
|
|
if !ok {
|
|
return false
|
|
}
|
|
ks, found := pks[p.Issuer]
|
|
if found {
|
|
ks.Keys = append(ks.Keys, *p.Key)
|
|
} else {
|
|
ks = new(jose.JSONWebKeySet)
|
|
ks.Keys = []jose.JSONWebKey{*p.Key}
|
|
pks[p.Issuer] = ks
|
|
}
|
|
return true
|
|
})
|
|
return pks, nil
|
|
|
|
}
|