certificates/authority/mgmt/authConfig.go

package mgmt

import (
	"github.com/smallstep/certificates/authority/config"
	"github.com/smallstep/certificates/authority/provisioner"
)

// AuthConfig represents the Authority Configuration.
type AuthConfig struct {
	//*cas.Options         `json:"cas"`
	ID           string         `json:"id"`
	ASN1DN       *config.ASN1DN `json:"template,omitempty"`
	Provisioners []*Provisioner `json:"-"`
	Admins       []*Admin       `json:"-"`
	Claims       *Claims        `json:"claims,omitempty"`
	Backdate     string         `json:"backdate,omitempty"`
	Status       StatusType     `json:"status,omitempty"`
}

func NewDefaultAuthConfig() *AuthConfig {
	return &AuthConfig{
		Claims: &Claims{
			X509: &X509Claims{
				Durations: &Durations{
					Min:     config.GlobalProvisionerClaims.MinTLSDur.String(),
					Max:     config.GlobalProvisionerClaims.MaxTLSDur.String(),
					Default: config.GlobalProvisionerClaims.DefaultTLSDur.String(),
				},
			},
			SSH: &SSHClaims{
				UserDurations: &Durations{
					Min:     config.GlobalProvisionerClaims.MinUserSSHDur.String(),
					Max:     config.GlobalProvisionerClaims.MaxUserSSHDur.String(),
					Default: config.GlobalProvisionerClaims.DefaultUserSSHDur.String(),
				},
				HostDurations: &Durations{
					Min:     config.GlobalProvisionerClaims.MinHostSSHDur.String(),
					Max:     config.GlobalProvisionerClaims.MaxHostSSHDur.String(),
					Default: config.GlobalProvisionerClaims.DefaultHostSSHDur.String(),
				},
			},
			DisableRenewal: config.DefaultDisableRenewal,
		},
		Backdate: config.DefaultBackdate.String(),
		Status:   StatusActive,
	}
}

// ToCertificates converts a mgmt AuthConfig to configuration that can be
// directly used by the `step-ca` process. Resources are normalized and
// initialized.
func (ac *AuthConfig) ToCertificates() (*config.AuthConfig, error) {
	claims, err := ac.Claims.ToCertificates()
	if err != nil {
		return nil, err
	}
	backdate, err := provisioner.NewDuration(ac.Backdate)
	if err != nil {
		return nil, WrapErrorISE(err, "error converting backdate %s to duration", ac.Backdate)
	}
	var provs []provisioner.Interface
	for _, p := range ac.Provisioners {
		authProv, err := p.ToCertificates()
		if err != nil {
			return nil, err
		}
		provs = append(provs, authProv)
	}
	return &config.AuthConfig{
		AuthorityID:          ac.ID,
		Provisioners:         provs,
		Template:             ac.ASN1DN,
		Claims:               claims,
		DisableIssuedAtCheck: false,
		Backdate:             backdate,
	}, nil
}
lots of codes 2021-05-06 06:02:42 +00:00			`package mgmt`

			`import (`
			`"github.com/smallstep/certificates/authority/config"`
			`"github.com/smallstep/certificates/authority/provisioner"`
			`)`

			`// AuthConfig represents the Authority Configuration.`
			`type AuthConfig struct {`
			//*cas.Options `json:"cas"`
			ID string `json:"id"`
			ASN1DN *config.ASN1DN `json:"template,omitempty"`
			Provisioners []*Provisioner `json:"-"`
			Admins []*Admin `json:"-"`
			Claims *Claims `json:"claims,omitempty"`
			Backdate string `json:"backdate,omitempty"`
			Status StatusType `json:"status,omitempty"`
			`}`

			`func NewDefaultAuthConfig() *AuthConfig {`
			`return &AuthConfig{`
			`Claims: &Claims{`
			`X509: &X509Claims{`
			`Durations: &Durations{`
			`Min: config.GlobalProvisionerClaims.MinTLSDur.String(),`
			`Max: config.GlobalProvisionerClaims.MaxTLSDur.String(),`
			`Default: config.GlobalProvisionerClaims.DefaultTLSDur.String(),`
			`},`
			`},`
			`SSH: &SSHClaims{`
			`UserDurations: &Durations{`
			`Min: config.GlobalProvisionerClaims.MinUserSSHDur.String(),`
			`Max: config.GlobalProvisionerClaims.MaxUserSSHDur.String(),`
			`Default: config.GlobalProvisionerClaims.DefaultUserSSHDur.String(),`
			`},`
			`HostDurations: &Durations{`
			`Min: config.GlobalProvisionerClaims.MinHostSSHDur.String(),`
			`Max: config.GlobalProvisionerClaims.MaxHostSSHDur.String(),`
			`Default: config.GlobalProvisionerClaims.DefaultHostSSHDur.String(),`
			`},`
			`},`
			`DisableRenewal: config.DefaultDisableRenewal,`
			`},`
			`Backdate: config.DefaultBackdate.String(),`
			`Status: StatusActive,`
			`}`
			`}`

			`// ToCertificates converts a mgmt AuthConfig to configuration that can be`
			// directly used by the `step-ca` process. Resources are normalized and
			`// initialized.`
			`func (ac AuthConfig) ToCertificates() (config.AuthConfig, error) {`
			`claims, err := ac.Claims.ToCertificates()`
			`if err != nil {`
			`return nil, err`
			`}`
			`backdate, err := provisioner.NewDuration(ac.Backdate)`
			`if err != nil {`
			`return nil, WrapErrorISE(err, "error converting backdate %s to duration", ac.Backdate)`
			`}`
			`var provs []provisioner.Interface`
			`for _, p := range ac.Provisioners {`
			`authProv, err := p.ToCertificates()`
			`if err != nil {`
			`return nil, err`
			`}`
			`provs = append(provs, authProv)`
			`}`
			`return &config.AuthConfig{`
			`AuthorityID: ac.ID,`
			`Provisioners: provs,`
			`Template: ac.ASN1DN,`
			`Claims: claims,`
			`DisableIssuedAtCheck: false,`
			`Backdate: backdate,`
			`}, nil`
			`}`