mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Renamed RenewOrRekey to Rekey

Browse source
This commit is contained in:
dharanikumar-s 2020-07-08 11:47:59 +05:30
parent fe73154a20
commit dfda497929
5 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
api/api.go
View file

@ -36,7 +36,7 @@ type Authority interface {
Root(shasum string) (*x509.Certificate, error) Root(shasum string) (*x509.Certificate, error)
Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
Renew(peer *x509.Certificate) ([]*x509.Certificate, error) Renew(peer *x509.Certificate) ([]*x509.Certificate, error)
RenewOrRekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) Rekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
LoadProvisionerByCertificate(*x509.Certificate) (provisioner.Interface, error) LoadProvisionerByCertificate(*x509.Certificate) (provisioner.Interface, error)
LoadProvisionerByID(string) (provisioner.Interface, error) LoadProvisionerByID(string) (provisioner.Interface, error)
GetProvisioners(cursor string, limit int) (provisioner.List, string, error) GetProvisioners(cursor string, limit int) (provisioner.List, string, error)

2
api/api_test.go
View file

@ -613,7 +613,7 @@ func (m *mockAuthority) Renew(cert *x509.Certificate) ([]*x509.Certificate, erro
return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err
} }
func (m *mockAuthority) RenewOrRekey(oldcert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) { func (m *mockAuthority) Rekey(oldcert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) {
if m.renewOrRekey != nil { if m.renewOrRekey != nil {
return m.renewOrRekey(oldcert, pk) return m.renewOrRekey(oldcert, pk)
} }

2
api/rekey.go
View file

@ -43,7 +43,7 @@ func (h *caHandler) Rekey(w http.ResponseWriter, r *http.Request) {
return return
} }
certChain, err := h.Authority.RenewOrRekey(r.TLS.PeerCertificates[0], body.CsrPEM.CertificateRequest.PublicKey) certChain, err := h.Authority.Rekey(r.TLS.PeerCertificates[0], body.CsrPEM.CertificateRequest.PublicKey)
if err != nil { if err != nil {
WriteError(w, errs.Wrap(http.StatusInternalServerError, err, "cahandler.Rekey")) WriteError(w, errs.Wrap(http.StatusInternalServerError, err, "cahandler.Rekey"))
return return

16
authority/tls.go
View file

@ -139,16 +139,16 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
// Renew creates a new Certificate identical to the old certificate, except // Renew creates a new Certificate identical to the old certificate, except
// with a validity window that begins 'now'. // with a validity window that begins 'now'.
func (a *Authority) Renew(oldCert *x509.Certificate) ([]*x509.Certificate, error) { func (a *Authority) Renew(oldCert *x509.Certificate) ([]*x509.Certificate, error) {
return a.RenewOrRekey(oldCert, oldCert.PublicKey) return a.Rekey(oldCert, oldCert.PublicKey)
} }
// Func is used for renewing or rekeying based on the public key passed. // Func is used for renewing or rekeying based on the public key passed.
func (a *Authority) RenewOrRekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) { func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) {
opts := []interface{}{errs.WithKeyVal("serialNumber", oldCert.SerialNumber.String())} opts := []interface{}{errs.WithKeyVal("serialNumber", oldCert.SerialNumber.String())}
// Check step provisioner extensions // Check step provisioner extensions
if err := a.authorizeRenew(oldCert); err != nil { if err := a.authorizeRenew(oldCert); err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.RenewOrRekey", opts...) return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey", opts...)
} }
// Durations // Durations
@ -201,7 +201,7 @@ func (a *Authority) RenewOrRekey(oldCert *x509.Certificate, pk crypto.PublicKey)
pubBytes, err := x509.MarshalPKIXPublicKey(pk) pubBytes, err := x509.MarshalPKIXPublicKey(pk)
if err != nil { if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, return nil, errs.Wrap(http.StatusInternalServerError, err,
"authority.RenewOrRekey; error marshaling public key", opts...) "authority.Rekey; error marshaling public key", opts...)
} }
hash := sha1.Sum(pubBytes) hash := sha1.Sum(pubBytes)
skiExtension := pkix.Extension{ skiExtension := pkix.Extension{
@ -214,23 +214,23 @@ func (a *Authority) RenewOrRekey(oldCert *x509.Certificate, pk crypto.PublicKey)
leaf, err := x509util.NewLeafProfileWithTemplate(newCert, a.x509Issuer, a.x509Signer) leaf, err := x509util.NewLeafProfileWithTemplate(newCert, a.x509Issuer, a.x509Signer)
if err != nil { if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.RenewOrRekey", opts...) return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey", opts...)
} }
crtBytes, err := leaf.CreateCertificate() crtBytes, err := leaf.CreateCertificate()
if err != nil { if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, return nil, errs.Wrap(http.StatusInternalServerError, err,
"authority.RenewOrRekey; error renewing certificate from existing server certificate", opts...) "authority.Rekey; error renewing certificate from existing server certificate", opts...)
} }
serverCert, err := x509.ParseCertificate(crtBytes) serverCert, err := x509.ParseCertificate(crtBytes)
if err != nil { if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, return nil, errs.Wrap(http.StatusInternalServerError, err,
"authority.RenewOrRekey; error parsing new server certificate", opts...) "authority.Rekey; error parsing new server certificate", opts...)
} }
if err = a.db.StoreCertificate(serverCert); err != nil { if err = a.db.StoreCertificate(serverCert); err != nil {
if err != db.ErrNotImplemented { if err != db.ErrNotImplemented {
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.RenewOrRekey; error storing certificate in db", opts...) return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey; error storing certificate in db", opts...)
} }
} }

10
authority/tls_test.go
View file

@ -370,7 +370,7 @@ ZYtQ9Ot36qc=
} }
} }
func TestAuthority_RenewOrRekey(t *testing.T) { func TestAuthority_Rekey(t *testing.T) {
pub, _, err := keys.GenerateDefaultKeyPair() pub, _, err := keys.GenerateDefaultKeyPair()
assert.FatalError(t, err) assert.FatalError(t, err)
pub1, _, err := keys.GenerateDefaultKeyPair() pub1, _, err := keys.GenerateDefaultKeyPair()
@ -430,14 +430,14 @@ func TestAuthority_RenewOrRekey(t *testing.T) {
return &renewTest{ return &renewTest{
auth: _a, auth: _a,
cert: cert, cert: cert,
err: errors.New("authority.RenewOrRekey; error renewing certificate from existing server certificate"), err: errors.New("authority.Rekey; error renewing certificate from existing server certificate"),
code: http.StatusInternalServerError, code: http.StatusInternalServerError,
}, nil }, nil
}, },
"fail-unauthorized": func() (*renewTest, error) { "fail-unauthorized": func() (*renewTest, error) {
return &renewTest{ return &renewTest{
cert: certNoRenew, cert: certNoRenew,
err: errors.New("authority.RenewOrRekey: authority.authorizeRenew: jwk.AuthorizeRenew; renew is disabled for jwk provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"), err: errors.New("authority.Rekey: authority.authorizeRenew: jwk.AuthorizeRenew; renew is disabled for jwk provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"),
code: http.StatusUnauthorized, code: http.StatusUnauthorized,
}, nil }, nil
}, },
@ -480,9 +480,9 @@ func TestAuthority_RenewOrRekey(t *testing.T) {
var certChain []*x509.Certificate var certChain []*x509.Certificate
if tc.auth != nil { if tc.auth != nil {
certChain, err = tc.auth.RenewOrRekey(tc.cert, pub1) certChain, err = tc.auth.Rekey(tc.cert, pub1)
} else { } else {
certChain, err = a.RenewOrRekey(tc.cert, pub1) certChain, err = a.Rekey(tc.cert, pub1)
} }
if err != nil { if err != nil {
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) { if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {