func (app *AdminApp) SignCSRForNode(node *node.Node, caId, tag string) {
logger.Info("Getting CSR for node")
csrContainerJson, err := app.fs.api.PopOutgoing(node.Data.Body.Id, "csrs")
checkAppFatal("Couldn't get a csr: %s", err)
csrContainer, err := document.NewContainer(csrContainerJson)
checkAppFatal("Couldn't create container from json: %s", err)
err = node.Verify(csrContainer)
checkAppFatal("Couldn't verify CSR: %s", err)
csrJson := csrContainer.Data.Body
csr, err := x509.NewCSR(csrJson)
checkAppFatal("Couldn't create csr from json: %s", err)
logger.Info("Setting CSR name from node")
csr.Data.Body.Name = node.Data.Body.Name
ca := app.GetCA(caId)
logger.Info("Creating certificate")
cert, err := ca.Sign(csr)
checkAppFatal("Couldn't sign csr: %s", err)
logger.Info("Tagging cert")
cert.Data.Body.Tags = append(cert.Data.Body.Tags, tag)
logger.Info("Signing cert")
certContainer, err := document.NewContainer(nil)
checkAppFatal("Couldn't create cert container: %s", err)
certContainer.Data.Options.Source = app.entities.org.Data.Body.Id
certContainer.Data.Body = cert.Dump()
err = app.entities.org.Sign(certContainer)
checkAppFatal("Couldn't sign cert container: %s", err)
logger.Info("Pushing certificate to node")
err = app.fs.api.PushIncoming(node.Data.Body.Id, "certs", certContainer.Dump())
checkAppFatal("Couldn't push cert to node: %s", err)
}
func (cont *OrgController) SignCSR(node *node.Node, caId, tag string) error {
logger.Debug("signing CSR for node")
logger.Tracef("received node with id '%s', ca id '%s' and tag '%s'", node.Id(), caId, tag)
logger.Debugf("popping outgoing CSr from node '%s'", node.Id())
csrContainerJson, err := cont.env.api.PopOutgoing(node.Data.Body.Id, "csrs")
if err != nil {
return err
}
logger.Debug("creating new CSR container")
csrContainer, err := document.NewContainer(csrContainerJson)
if err != nil {
return err
}
logger.Debug("verifying CSR container with node")
if err := node.Verify(csrContainer); err != nil {
return err
}
logger.Debug("creating CSR from JSON")
csrJson := csrContainer.Data.Body
csr, err := x509.NewCSR(csrJson)
if err != nil {
return err
}
csr.Data.Body.Name = node.Data.Body.Name
ca, err := cont.GetCA(caId)
if err != nil {
return err
}
logger.Debugf("Signing CSR with ca '%s'", caId)
cert, err := ca.Sign(csr, false)
if err != nil {
return err
}
logger.Debug("tagging certificate")
cert.Data.Body.Tags = append(cert.Data.Body.Tags, tag)
logger.Debug("creating certificate container")
certContainer, err := document.NewContainer(nil)
if err != nil {
return err
}
org := cont.env.controllers.org.org
certContainer.Data.Options.Source = org.Id()
certContainer.Data.Body = cert.Dump()
logger.Debug("signing certificate container with org")
if err := org.Sign(certContainer); err != nil {
return err
}
logger.Debug("pushing certificate to node")
if err := cont.env.api.PushIncoming(node.Data.Body.Id, "certs", certContainer.Dump()); err != nil {
return err
}
index, err := cont.GetIndex()
if err != nil {
return err
}
if err := index.AddCertTags(cert.Data.Body.Id, cert.Data.Body.Tags); err != nil {
return err
}
if err := cont.SaveIndex(index); err != nil {
return err
}
logger.Trace("returning nil error")
return nil
}