Add certificate requests in the templates.

This commit is contained in:
Mariano Cano 2020-07-09 11:40:37 -07:00
parent ca2fb42d68
commit 28ff122f83
3 changed files with 22 additions and 12 deletions

View file

@ -43,7 +43,7 @@ func NewCertificate(cr *x509.CertificateRequest, opts ...Option) (*Certificate,
return nil, errors.Wrap(err, "error validating certificate request") return nil, errors.Wrap(err, "error validating certificate request")
} }
o, err := new(Options).apply(opts) o, err := new(Options).apply(cr, opts)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -2,6 +2,7 @@ package x509util
import ( import (
"bytes" "bytes"
"crypto/x509"
"io/ioutil" "io/ioutil"
"text/template" "text/template"
@ -15,9 +16,9 @@ type Options struct {
CertBuffer *bytes.Buffer CertBuffer *bytes.Buffer
} }
func (o *Options) apply(opts []Option) (*Options, error) { func (o *Options) apply(cr *x509.CertificateRequest, opts []Option) (*Options, error) {
for _, fn := range opts { for _, fn := range opts {
if err := fn(o); err != nil { if err := fn(cr, o); err != nil {
return o, err return o, err
} }
} }
@ -25,18 +26,19 @@ func (o *Options) apply(opts []Option) (*Options, error) {
} }
// Option is the type used as a variadic argument in NewCertificate. // Option is the type used as a variadic argument in NewCertificate.
type Option func(o *Options) error type Option func(cr *x509.CertificateRequest, o *Options) error
// WithTemplate is an options that executes the given template text with the // WithTemplate is an options that executes the given template text with the
// given data. // given data.
func WithTemplate(text string, data map[string]interface{}) Option { func WithTemplate(text string, data TemplateData) Option {
return func(o *Options) error { return func(cr *x509.CertificateRequest, o *Options) error {
tmpl, err := template.New("template").Funcs(sprig.TxtFuncMap()).Parse(text) tmpl, err := template.New("template").Funcs(sprig.TxtFuncMap()).Parse(text)
if err != nil { if err != nil {
return errors.Wrapf(err, "error parsing template") return errors.Wrapf(err, "error parsing template")
} }
buf := new(bytes.Buffer) buf := new(bytes.Buffer)
data.SetCertificateRequest(cr)
if err := tmpl.Execute(buf, data); err != nil { if err := tmpl.Execute(buf, data); err != nil {
return errors.Wrapf(err, "error executing template") return errors.Wrapf(err, "error executing template")
} }
@ -47,8 +49,8 @@ func WithTemplate(text string, data map[string]interface{}) Option {
// WithTemplateFile is an options that reads the template file and executes it // WithTemplateFile is an options that reads the template file and executes it
// with the given data. // with the given data.
func WithTemplateFile(path string, data map[string]interface{}) Option { func WithTemplateFile(path string, data TemplateData) Option {
return func(o *Options) error { return func(cr *x509.CertificateRequest, o *Options) error {
filename := config.StepAbs(path) filename := config.StepAbs(path)
b, err := ioutil.ReadFile(filename) b, err := ioutil.ReadFile(filename)
if err != nil { if err != nil {
@ -61,6 +63,7 @@ func WithTemplateFile(path string, data map[string]interface{}) Option {
} }
buf := new(bytes.Buffer) buf := new(bytes.Buffer)
data.SetCertificateRequest(cr)
if err := tmpl.Execute(buf, data); err != nil { if err := tmpl.Execute(buf, data); err != nil {
return errors.Wrapf(err, "error executing %s", path) return errors.Wrapf(err, "error executing %s", path)
} }

View file

@ -1,10 +1,13 @@
package x509util package x509util
import "crypto/x509"
const ( const (
UserKey = "User" UserKey = "User"
SubjectKey = "Subject" SubjectKey = "Subject"
SANsKey = "SANs" SANsKey = "SANs"
TokenKey = "Token" TokenKey = "Token"
CertificateRequestKey = "CR"
) )
// TemplateData is an alias for map[string]interface{}. It represents the data // TemplateData is an alias for map[string]interface{}. It represents the data
@ -31,6 +34,10 @@ func (t TemplateData) SetToken(v interface{}) {
t[TokenKey] = v t[TokenKey] = v
} }
func (t TemplateData) SetCertificateRequest(cr *x509.CertificateRequest) {
t[CertificateRequestKey] = newCertificateRequest(cr)
}
const DefaultLeafTemplate = `{ const DefaultLeafTemplate = `{
"subject": {{ toJson .Subject }}, "subject": {{ toJson .Subject }},
"sans": {{ toJson .SANs }}, "sans": {{ toJson .SANs }},