136 lines
3.1 KiB
Go
136 lines
3.1 KiB
Go
package main
|
|
|
|
import (
|
|
"github.com/gibheer/pkiadm"
|
|
)
|
|
|
|
type (
|
|
// CA is an instance that can sign certificates. When a certificate needs an
|
|
// update, the given CSR is signed by the CA.
|
|
// A CA can be responsible for multiple certificates to sign.
|
|
CA struct {
|
|
ID string
|
|
Type pkiadm.CAType
|
|
Certificate pkiadm.ResourceName
|
|
}
|
|
)
|
|
|
|
func NewCA(id string, caType pkiadm.CAType, cert pkiadm.ResourceName) (*CA, error) {
|
|
ca := &CA{
|
|
ID: id,
|
|
Type: caType,
|
|
Certificate: cert,
|
|
}
|
|
return ca, nil
|
|
}
|
|
|
|
// Return the unique ResourceName
|
|
func (ca *CA) Name() pkiadm.ResourceName {
|
|
return pkiadm.ResourceName{ca.ID, pkiadm.RTCA}
|
|
}
|
|
|
|
// AddDependency registers a depending resource to be retuened by Dependencies()
|
|
// Refresh must trigger a rebuild of the resource.
|
|
func (ca *CA) Refresh(*Storage) error {
|
|
return nil
|
|
}
|
|
|
|
// Return the PEM output of the contained resource.
|
|
func (ca *CA) Pem() ([]byte, error) { return []byte{}, nil }
|
|
func (ca *CA) Checksum() []byte { return []byte{} }
|
|
|
|
// DependsOn must return the resource names it is depending on.
|
|
func (ca *CA) DependsOn() []pkiadm.ResourceName {
|
|
return []pkiadm.ResourceName{
|
|
ca.Certificate,
|
|
}
|
|
}
|
|
|
|
func (ca *CA) Sign(csr *CSR) (*Certificate, error) {
|
|
return nil, nil
|
|
}
|
|
|
|
func (s *Server) CreateCA(inCA pkiadm.CA, res *pkiadm.Result) error {
|
|
s.lock()
|
|
defer s.unlock()
|
|
|
|
ca, err := NewCA(inCA.ID, inCA.Type, inCA.Certificate)
|
|
if err != nil {
|
|
res.SetError(err, "could not create CA '%s'", inCA.ID)
|
|
return nil
|
|
}
|
|
if err := s.storage.AddCA(ca); err != nil {
|
|
res.SetError(err, "could not add CA '%s'", inCA.ID)
|
|
return nil
|
|
}
|
|
return s.store(res)
|
|
}
|
|
|
|
func (s *Server) SetCA(change pkiadm.CAChange, res *pkiadm.Result) error {
|
|
s.lock()
|
|
defer s.unlock()
|
|
|
|
ca, err := s.storage.GetCA(pkiadm.ResourceName{ID: change.CA.ID, Type: pkiadm.RTCA})
|
|
if err != nil {
|
|
res.SetError(err, "could not find CA '%s'", change.CA.ID)
|
|
return nil
|
|
}
|
|
for _, field := range change.FieldList {
|
|
switch field {
|
|
case "type":
|
|
ca.Type = change.CA.Type
|
|
case "certificate":
|
|
ca.Certificate = change.CA.Certificate
|
|
}
|
|
}
|
|
return s.store(res)
|
|
}
|
|
|
|
func (s *Server) DeleteCA(inCA pkiadm.CA, res *pkiadm.Result) error {
|
|
s.lock()
|
|
defer s.unlock()
|
|
|
|
ca, err := s.storage.GetCA(pkiadm.ResourceName{inCA.ID, pkiadm.RTCA})
|
|
if err != nil {
|
|
res.SetError(err, "Could not find ca '%s'", ca.ID)
|
|
return nil
|
|
}
|
|
|
|
if err := s.storage.Remove(ca); err != nil {
|
|
res.SetError(err, "Could not remove ca '%s'", ca.ID)
|
|
return nil
|
|
}
|
|
return s.store(res)
|
|
}
|
|
|
|
func (s *Server) ShowCA(inCA pkiadm.CA, res *pkiadm.ResultCA) error {
|
|
s.lock()
|
|
defer s.unlock()
|
|
|
|
ca, err := s.storage.GetCA(pkiadm.ResourceName{ID: inCA.ID, Type: pkiadm.RTCA})
|
|
if err != nil {
|
|
res.Result.SetError(err, "Could not find private key '%s'", inCA.ID)
|
|
return nil
|
|
}
|
|
res.CAs = []pkiadm.CA{pkiadm.CA{
|
|
ID: ca.ID,
|
|
Type: ca.Type,
|
|
Certificate: ca.Certificate,
|
|
}}
|
|
return nil
|
|
}
|
|
|
|
func (s *Server) ListCA(filter pkiadm.Filter, res *pkiadm.ResultCA) error {
|
|
s.lock()
|
|
defer s.unlock()
|
|
|
|
for _, ca := range s.storage.CAs {
|
|
res.CAs = append(res.CAs, pkiadm.CA{
|
|
ID: ca.ID,
|
|
Type: ca.Type,
|
|
Certificate: ca.Certificate,
|
|
})
|
|
}
|
|
return nil
|
|
}
|