certificates/ca/identity.go
2019-11-20 11:52:20 -08:00

69 lines
1.7 KiB
Go

package ca
import (
"crypto/tls"
"path/filepath"
"strings"
"github.com/pkg/errors"
"github.com/smallstep/cli/config"
)
// IdentityType represents the different types of identity files.
type IdentityType string
// MutualTLS represents the identity using mTLS
const MutualTLS IdentityType = "mTLS"
// IdentityFile contains the location of the identity file.
var IdentityFile = filepath.Join(config.StepPath(), "config", "identity.json")
// Identity represents the identity file that can be used to authenticate with
// the CA.
type Identity struct {
Type string `json:"type"`
Certificate string `json:"crt"`
Key string `json:"key"`
}
// Kind returns the type for the given identity.
func (i *Identity) Kind() IdentityType {
switch strings.ToLower(i.Type) {
case "mtls":
return MutualTLS
default:
return IdentityType(i.Type)
}
}
// Validate validates the identity object.
func (i *Identity) Validate() error {
switch i.Kind() {
case MutualTLS:
if i.Certificate == "" {
return errors.New("identity.crt cannot be empty")
}
if i.Key == "" {
return errors.New("identity.key cannot be empty")
}
return nil
case "":
return errors.New("identity.type cannot be empty")
default:
return errors.Errorf("unsupported identity type %s", i.Type)
}
}
// Options returns the ClientOptions used for the given identity.
func (i *Identity) Options() ([]ClientOption, error) {
switch i.Kind() {
case MutualTLS:
crt, err := tls.LoadX509KeyPair(i.Certificate, i.Key)
if err != nil {
return nil, errors.Wrap(err, "error creating identity certificate")
}
return []ClientOption{WithCertificate(crt)}, nil
default:
return nil, errors.Errorf("unsupported identity type %s", i.Type)
}
}