forked from TrueCloudLab/certificates
Miclain Keffeler
parent
393c43201f
commit
bfd13f1f72
3 changed files with 14 additions and 46 deletions
18
api/sign.go
18
api/sign.go
|
|
@ -12,12 +12,11 @@ import (
|
||||||
|
|
||||||
// SignRequest is the request body for a certificate signature request.
|
// SignRequest is the request body for a certificate signature request.
|
||||||
type SignRequest struct {
|
type SignRequest struct {
|
||||||
CsrPEM CertificateRequest `json:"csr"`
|
CsrPEM CertificateRequest `json:"csr"`
|
||||||
OTT string `json:"ott"`
|
OTT string `json:"ott"`
|
||||||
NotAfter TimeDuration `json:"notAfter,omitempty"`
|
NotAfter TimeDuration `json:"notAfter,omitempty"`
|
||||||
NotBefore TimeDuration `json:"notBefore,omitempty"`
|
NotBefore TimeDuration `json:"notBefore,omitempty"`
|
||||||
AppendedCertsFile string `json:"AppendedCertsFile,omitempty"`
|
TemplateData json.RawMessage `json:"templateData,omitempty"`
|
||||||
TemplateData json.RawMessage `json:"templateData,omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate checks the fields of the SignRequest and returns nil if they are ok
|
// Validate checks the fields of the SignRequest and returns nil if they are ok
|
||||||
|
|
@ -62,10 +61,9 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
opts := provisioner.SignOptions{
|
opts := provisioner.SignOptions{
|
||||||
NotBefore: body.NotBefore,
|
NotBefore: body.NotBefore,
|
||||||
NotAfter: body.NotAfter,
|
NotAfter: body.NotAfter,
|
||||||
TemplateData: body.TemplateData,
|
TemplateData: body.TemplateData,
|
||||||
AppendedCertsFile: body.AppendedCertsFile,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
signOpts, err := h.Authority.AuthorizeSign(body.OTT)
|
signOpts, err := h.Authority.AuthorizeSign(body.OTT)
|
||||||
|
|
|
||||||
|
|
@ -23,11 +23,10 @@ const DefaultCertValidity = 24 * time.Hour
|
||||||
// SignOptions contains the options that can be passed to the Sign method. Backdate
|
// SignOptions contains the options that can be passed to the Sign method. Backdate
|
||||||
// is automatically filled and can only be configured in the CA.
|
// is automatically filled and can only be configured in the CA.
|
||||||
type SignOptions struct {
|
type SignOptions struct {
|
||||||
NotAfter TimeDuration `json:"notAfter"`
|
NotAfter TimeDuration `json:"notAfter"`
|
||||||
NotBefore TimeDuration `json:"notBefore"`
|
NotBefore TimeDuration `json:"notBefore"`
|
||||||
AppendedCertsFile string `json:"AppendedCertsFile"`
|
TemplateData json.RawMessage `json:"templateData"`
|
||||||
TemplateData json.RawMessage `json:"templateData"`
|
Backdate time.Duration `json:"-"`
|
||||||
Backdate time.Duration `json:"-"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignOption is the interface used to collect all extra options used in the
|
// SignOption is the interface used to collect all extra options used in the
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,6 @@ import (
|
||||||
"encoding/asn1"
|
"encoding/asn1"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
|
@ -69,7 +67,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
|
||||||
certModifiers []provisioner.CertificateModifier
|
certModifiers []provisioner.CertificateModifier
|
||||||
certEnforcers []provisioner.CertificateEnforcer
|
certEnforcers []provisioner.CertificateEnforcer
|
||||||
)
|
)
|
||||||
var thecertfile = signOpts.AppendedCertsFile
|
|
||||||
opts := []interface{}{errs.WithKeyVal("csr", csr), errs.WithKeyVal("signOptions", signOpts)}
|
opts := []interface{}{errs.WithKeyVal("csr", csr), errs.WithKeyVal("signOptions", signOpts)}
|
||||||
if err := csr.CheckSignature(); err != nil {
|
if err := csr.CheckSignature(); err != nil {
|
||||||
return nil, errs.Wrap(http.StatusBadRequest, err, "authority.Sign; invalid certificate request", opts...)
|
return nil, errs.Wrap(http.StatusBadRequest, err, "authority.Sign; invalid certificate request", opts...)
|
||||||
|
|
@ -163,35 +161,8 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
|
||||||
"authority.Sign; error storing certificate in db", opts...)
|
"authority.Sign; error storing certificate in db", opts...)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//If the user defined a file to append to in ca.json
|
|
||||||
//log.Fatal(string(thecertfile))
|
|
||||||
if thecertfile != "" {
|
|
||||||
content, err := ioutil.ReadFile(string(thecertfile))
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
block, _ := pem.Decode([]byte(content))
|
|
||||||
if block == nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
certs, err := x509.ParseCertificate(block.Bytes)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
var thecert = make([]*x509.Certificate, len(resp.CertificateChain)+1)
|
|
||||||
for i, aid := range resp.CertificateChain {
|
|
||||||
//log.wr(aid)
|
|
||||||
thecert[i] = aid
|
|
||||||
}
|
|
||||||
thecert[len(resp.CertificateChain)] = certs
|
|
||||||
return append([]*x509.Certificate{resp.Certificate}, thecert...), nil
|
|
||||||
}
|
|
||||||
var thecert = make([]*x509.Certificate, len(resp.CertificateChain))
|
|
||||||
for i, aid := range resp.CertificateChain {
|
|
||||||
thecert[i] = aid
|
|
||||||
}
|
|
||||||
return append([]*x509.Certificate{resp.Certificate}, thecert...), nil
|
|
||||||
|
|
||||||
|
return append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Renew creates a new Certificate identical to the old certificate, except
|
// Renew creates a new Certificate identical to the old certificate, except
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue