Beispiel #1
0
func checkForIsCa(name string, sec *keyStore.KeyStore) error {
	if !sec.IsCA() {
		return errors.New("It is not possible to generate a new certificate for service '%v' with a caretakerd certificate that is not a CA. "+
			"Use trusted access for service '%v', configure caretakerd to generate its own certificate or provide a CA enabled certificate for caretakerd.", name, name)
	}
	return nil
}
Beispiel #2
0
func newGenerateToEnvironmentInstance(conf Config, name string, ks *keyStore.KeyStore) (*Access, error) {
	if err := checkForIsCa(name, ks); err != nil {
		return nil, err
	}
	pem, cert, err := ks.GeneratePem(name)
	if err != nil {
		return nil, errors.New("Could not generate pem for '%v'.", name).CausedBy(err)
	}
	return &Access{
		t:          GenerateToEnvironment,
		permission: conf.Permission,
		name:       name,
		pem:        pem,
		cert:       cert,
	}, nil
}
Beispiel #3
0
func newTrustedInstance(conf Config, name string, ks *keyStore.KeyStore) (*Access, error) {
	if len(ks.CA()) == 0 {
		return nil, errors.New("If there is valid caFile configured %v access could not work.", Trusted)
	}
	var cert *x509.Certificate
	if !conf.PemFile.IsTrimmedEmpty() {
		var err error
		cert, err = keyStore.LoadCertificateFromFile(conf.PemFile.String())
		if err != nil {
			return nil, errors.New("Could not load certificate from pemFile %v of service %v.", conf.PemFile, name)
		}
	}
	return &Access{
		t:          Trusted,
		permission: conf.Permission,
		name:       name,
		cert:       cert,
	}, nil
}
Beispiel #4
0
// NewAccess creates a new instance of Access using the given configuration.
func NewAccess(conf Config, name string, ks *keyStore.KeyStore) (*Access, error) {
	err := conf.Validate()
	if err != nil {
		return nil, err
	}
	if !ks.IsEnabled() {
		return newNoneInstance(name)
	}
	switch conf.Type {
	case None:
		return newNoneInstance(name)
	case Trusted:
		return newTrustedInstance(conf, name, ks)
	case GenerateToEnvironment:
		return newGenerateToEnvironmentInstance(conf, name, ks)
	case GenerateToFile:
		return newGenerateToFileInstance(conf, name, ks)
	}
	return nil, errors.New("Unknown access type %v.", conf.Type)
}
Beispiel #5
0
func newGenerateToFileInstance(conf Config, name string, ks *keyStore.KeyStore) (*Access, error) {
	if err := checkForIsCa(name, ks); err != nil {
		return nil, err
	}
	pem, cert, err := ks.GeneratePem(name)
	if err != nil {
		return nil, errors.New("Could not generate pem for '%v'.", name).CausedBy(err)
	}
	file, err := generateFileForPem(conf, pem)
	if err != nil {
		return nil, errors.New("Could not generate pem file for '%v'.", name).CausedBy(err)
	}
	return &Access{
		t:                 GenerateToFile,
		permission:        conf.Permission,
		name:              name,
		pem:               pem,
		cert:              cert,
		temporaryFilename: &file,
	}, nil
}