Example #1
0
func (a *API) sign(w http.ResponseWriter, r *http.Request) {
	var signRequest signer.SignRequest
	if err := json.NewDecoder(r.Body).Decode(&signRequest); err != nil {
		http.Error(w, "invalid signing request", http.StatusBadRequest)
		return
	}

	signer, ok := a.signers[signRequest.Label]
	if !ok {
		http.Error(w, "unable to find signer with specified label", http.StatusBadRequest)
		return
	}

	if !isCSRValid(&signRequest) {
		http.Error(w, "invalid signing request", http.StatusBadRequest)
		return
	}

	cert, err := signer.Sign(signRequest)
	if err != nil {
		http.Error(w, "error signing request", http.StatusInternalServerError)
		return
	}

	certificate := &CertificateResponse{
		Certificate: string(cert),
	}

	if err := json.NewEncoder(w).Encode(certificate); err != nil {
		http.Error(w, "error encoding certificate", http.StatusInternalServerError)
		return
	}
}
Example #2
0
// create a test intermediate cert in PEM
func createInterCert(t *testing.T, csrFile string, policy *config.Signing, profileName string) (certPEM []byte) {
	signer, err := signer.NewSigner(testCAFile, testCAKeyFile, policy)
	if err != nil {
		t.Fatal(err)
	}
	csr, err := ioutil.ReadFile(csrFile)
	if err != nil {
		t.Fatal(err)
	}
	certPEM, err = signer.Sign("cloudflare-inter.com", csr, profileName)
	if err != nil {
		t.Fatal(err)
	}
	return

}
Example #3
0
// signerMain is the main CLI of signer functionality.
// [TODO: zi] Decide whether to drop the argument list and only use flags to specify all the inputs.
func signerMain(args []string) (err error) {
	// Grab values through args only if corresponding flags are absent
	if Config.hostname == "" {
		Config.hostname, args, err = popFirstArgument(args)
		if err != nil {
			return
		}
	}
	if Config.certFile == "" {
		Config.certFile, args, err = popFirstArgument(args)
		if err != nil {
			return
		}
	}

	// Read the certificate and sign it with CA files
	log.Debug("Loading Client certificate: ", Config.certFile)
	clientCert, err := ioutil.ReadFile(Config.certFile)
	if err != nil {
		return
	}

	var policy *config.Signing
	// If there is a config, use its signing policy. Otherwise, leave policy == nil
	// and NewSigner will use DefaultConfig().
	if Config.cfg != nil {
		policy = Config.cfg.Signing
	}

	signer, err := signer.NewSigner(Config.caFile, Config.caKeyFile, policy)
	if err != nil {
		return
	}
	cert, err := signer.Sign(Config.hostname, clientCert, Config.profile)
	if err != nil {
		return
	}
	fmt.Printf("%s", cert)
	return
}