certificates/cas/stepcas/issuer.go

package stepcas

import (
	"strings"

	"github.com/pkg/errors"
	"github.com/smallstep/certificates/cas/apiv1"
)

// validateCertificateIssuer validates the configuration of the certificate
// issuer.
func validateCertificateIssuer(iss *apiv1.CertificateIssuer) error {
	switch {
	case iss == nil:
		return errors.New("stepCAS 'certificateIssuer' cannot be nil")
	case iss.Type == "":
		return errors.New("stepCAS `certificateIssuer.type` cannot be empty")
	}

	switch strings.ToLower(iss.Type) {
	case "x5c":
		return validateX5CIssuer(iss)
	default:
		return errors.Errorf("stepCAS `certificateIssuer.type` %s is not supported", iss.Type)
	}
}

// validateX5CIssuer validates the configuration of x5c issuer.
func validateX5CIssuer(iss *apiv1.CertificateIssuer) error {
	switch {
	case iss.Certificate == "":
		return errors.New("stepCAS `certificateIssuer.crt` cannot be empty")
	case iss.Key == "":
		return errors.New("stepCAS `certificateIssuer.key` cannot be empty")
	case iss.Provisioner == "":
		return errors.New("stepCAS `certificateIssuer.provisioner` cannot be empty")
	default:
		return nil
	}
}
Add initial implementation of StepCAS. StepCAS allows to configure step-ca as an RA using another step-ca as the main CA. 2021-03-18 02:33:35 +00:00			`package stepcas`

			`import (`
			`"strings"`

			`"github.com/pkg/errors"`
			`"github.com/smallstep/certificates/cas/apiv1"`
			`)`

			`// validateCertificateIssuer validates the configuration of the certificate`
			`// issuer.`
			`func validateCertificateIssuer(iss *apiv1.CertificateIssuer) error {`
			`switch {`
			`case iss == nil:`
			`return errors.New("stepCAS 'certificateIssuer' cannot be nil")`
			`case iss.Type == "":`
			return errors.New("stepCAS `certificateIssuer.type` cannot be empty")
			`}`

			`switch strings.ToLower(iss.Type) {`
			`case "x5c":`
			`return validateX5CIssuer(iss)`
			`default:`
			return errors.Errorf("stepCAS `certificateIssuer.type` %s is not supported", iss.Type)
			`}`
			`}`

			`// validateX5CIssuer validates the configuration of x5c issuer.`
			`func validateX5CIssuer(iss *apiv1.CertificateIssuer) error {`
			`switch {`
			`case iss.Certificate == "":`
			return errors.New("stepCAS `certificateIssuer.crt` cannot be empty")
			`case iss.Key == "":`
			return errors.New("stepCAS `certificateIssuer.key` cannot be empty")
			`case iss.Provisioner == "":`
			return errors.New("stepCAS `certificateIssuer.provisioner` cannot be empty")
			`default:`
			`return nil`
			`}`
			`}`