certificates/authority/admin/api/acme.go

114 lines
3.4 KiB
Go
Raw Normal View History

2021-07-23 13:41:24 +00:00
package api
import (
"net/http"
2021-08-27 12:10:00 +00:00
"github.com/go-chi/chi"
2021-07-23 13:41:24 +00:00
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority/admin"
"go.step.sm/linkedca"
2021-08-27 14:58:04 +00:00
"google.golang.org/protobuf/types/known/timestamppb"
2021-07-23 13:41:24 +00:00
)
// CreateExternalAccountKeyRequest is the type for POST /admin/acme/eab requests
type CreateExternalAccountKeyRequest struct {
ProvisionerName string `json:"provisioner"`
Name string `json:"name"`
2021-07-23 13:41:24 +00:00
}
// Validate validates a new-admin request body.
func (r *CreateExternalAccountKeyRequest) Validate() error {
if r.ProvisionerName == "" {
return admin.NewError(admin.ErrorBadRequestType, "provisioner name cannot be empty")
}
if r.Name == "" {
return admin.NewError(admin.ErrorBadRequestType, "name / reference cannot be empty")
}
return nil
2021-07-23 13:41:24 +00:00
}
// GetExternalAccountKeysResponse is the type for GET /admin/acme/eab responses
type GetExternalAccountKeysResponse struct {
EAKs []*linkedca.EABKey `json:"eaks"`
NextCursor string `json:"nextCursor"`
2021-07-23 13:41:24 +00:00
}
// CreateExternalAccountKey creates a new External Account Binding key
func (h *Handler) CreateExternalAccountKey(w http.ResponseWriter, r *http.Request) {
var body CreateExternalAccountKeyRequest
2021-08-27 14:58:04 +00:00
if err := api.ReadJSON(r.Body, &body); err != nil {
api.WriteError(w, admin.WrapError(admin.ErrorBadRequestType, err, "error reading request body"))
2021-07-23 13:41:24 +00:00
return
}
if err := body.Validate(); err != nil {
api.WriteError(w, err)
return
}
2021-07-23 13:41:24 +00:00
eak, err := h.acmeDB.CreateExternalAccountKey(r.Context(), body.ProvisionerName, body.Name)
2021-07-23 13:41:24 +00:00
if err != nil {
api.WriteError(w, admin.WrapErrorISE(err, "error creating external account key %s", body.Name))
return
}
response := &linkedca.EABKey{
EabKid: eak.ID,
EabHmacKey: eak.KeyBytes,
ProvisionerName: eak.ProvisionerName,
Name: eak.Name,
2021-07-23 13:41:24 +00:00
}
api.ProtoJSONStatus(w, response, http.StatusCreated)
2021-07-23 13:41:24 +00:00
}
2021-08-27 12:10:00 +00:00
// DeleteExternalAccountKey deletes an ACME External Account Key.
func (h *Handler) DeleteExternalAccountKey(w http.ResponseWriter, r *http.Request) {
id := chi.URLParam(r, "id")
if err := h.acmeDB.DeleteExternalAccountKey(r.Context(), id); err != nil {
api.WriteError(w, admin.WrapErrorISE(err, "error deleting ACME EAB Key %s", id))
return
}
api.JSON(w, &DeleteResponse{Status: "ok"})
}
2021-07-23 13:41:24 +00:00
// GetExternalAccountKeys returns a segment of ACME EAB Keys.
func (h *Handler) GetExternalAccountKeys(w http.ResponseWriter, r *http.Request) {
2021-08-27 14:58:04 +00:00
prov := chi.URLParam(r, "prov")
// TODO: support paging properly? It'll probably leak to the DB layer, as we have to loop through all keys
2021-07-23 13:41:24 +00:00
// cursor, limit, err := api.ParseCursor(r)
// if err != nil {
// api.WriteError(w, admin.WrapError(admin.ErrorBadRequestType, err,
// "error parsing cursor and limit from query params"))
// return
// }
2021-08-27 14:58:04 +00:00
keys, err := h.acmeDB.GetExternalAccountKeys(r.Context(), prov)
if err != nil {
api.WriteError(w, admin.WrapErrorISE(err, "error getting external account keys"))
return
}
eaks := make([]*linkedca.EABKey, len(keys))
for i, k := range keys {
eaks[i] = &linkedca.EABKey{
EabKid: k.ID,
EabHmacKey: []byte{},
ProvisionerName: k.ProvisionerName,
Name: k.Name,
Account: k.AccountID,
CreatedAt: timestamppb.New(k.CreatedAt),
BoundAt: timestamppb.New(k.BoundAt),
}
}
nextCursor := ""
api.JSON(w, &GetExternalAccountKeysResponse{
EAKs: eaks,
NextCursor: nextCursor,
})
2021-07-23 13:41:24 +00:00
}