func (cont *CSRController) Update(params *CSRParams) error { logger.Debug("updating CSR") logger.Tracef("received params: %s", params) if err := params.ValidateName(true); err != nil { return err } if err := cont.env.LoadAdminEnv(); err != nil { return err } index, err := cont.env.controllers.org.GetIndex() if err != nil { return err } csrId, err := index.GetCSR(*params.Name) if err != nil { return err } csr, err := cont.GetCSR(csrId) if err != nil { return err } if *params.CsrFile != "" { ok, err := fs.Exists(*params.CsrFile) if err != nil { return err } if !ok { logger.Warnf("CSR file '%s' does not exist", *params.CsrFile) return nil } logger.Debugf("reading CSR file '%s'", *params.CsrFile) csrPem, err := fs.ReadFile(*params.CsrFile) if err != nil { return err } // TODO - better validation of pem logger.Debug("decoding CSR file PEM") _, err = x509.PemDecodeX509CSR([]byte(csrPem)) if err != nil { return err } csr.Data.Body.CSR = csrPem } if *params.KeyFile != "" { ok, err := fs.Exists(*params.KeyFile) if err != nil { return err } if !ok { logger.Warnf("key file '%s' does not exist", *params.KeyFile) return nil } logger.Debugf("reading key file '%s'", *params.KeyFile) keyPem, err := fs.ReadFile(*params.KeyFile) if err != nil { return err } logger.Debug("decoding key file PEM") key, err := crypto.PemDecodePrivate([]byte(keyPem)) if err != nil { return err } keyType, err := crypto.GetKeyType(key) if err != nil { return err } csr.Data.Body.KeyType = string(keyType) csr.Data.Body.PrivateKey = keyPem } if *params.Tags != "" { cont.ResetCSRTags(csrId, *params.Tags) } err = cont.SaveCSR(csr) if err != nil { return err } logger.Trace("returning nil error") return nil }
func (cont *CSRController) New(params *CSRParams) (*x509.CSR, error) { logger.Debug("creating new CSR") logger.Tracef("received params: %s", params) if err := params.ValidateName(true); err != nil { return nil, err } if err := cont.env.LoadAdminEnv(); err != nil { return nil, err } // TODO - This should really be in a CSR function subject := pkix.Name{CommonName: *params.Name} if *params.DnLocality != "" { subject.Locality = []string{*params.DnLocality} } if *params.DnState != "" { subject.Province = []string{*params.DnState} } if *params.DnOrg != "" { subject.Organization = []string{*params.DnOrg} } if *params.DnOrgUnit != "" { subject.OrganizationalUnit = []string{*params.DnOrgUnit} } if *params.DnCountry != "" { subject.Country = []string{*params.DnCountry} } if *params.DnStreet != "" { subject.StreetAddress = []string{*params.DnStreet} } if *params.DnPostal != "" { subject.PostalCode = []string{*params.DnPostal} } logger.Debug("creating CSR struct") csr, err := x509.NewCSR(nil) if err != nil { return nil, err } csr.Data.Body.Id = x509.NewID() csr.Data.Body.Name = *params.Name if *params.CsrFile == "" && *params.KeyFile == "" { csr.Data.Body.KeyType = *params.KeyType logger.Debug("generating CSR and key") csr.Generate(&subject) } else { if *params.CsrFile == "" { return nil, fmt.Errorf("CSR PEM file must be provided if importing") } logger.Debugf("importing CSR from '%s'", *params.CsrFile) ok, err := fs.Exists(*params.CsrFile) if err != nil { return nil, err } if !ok { logger.Warnf("CSR file '%s' does not exist", *params.CsrFile) logger.Tracef("returning nil error") return nil, nil } logger.Debug("reading file") csrPem, err := fs.ReadFile(*params.CsrFile) if err != nil { return nil, err } logger.Debug("decoding CSR PEM") _, err = x509.PemDecodeX509CSR([]byte(csrPem)) if err != nil { return nil, err } csr.Data.Body.CSR = csrPem if *params.KeyFile != "" { logger.Debugf("importing private key file from '%s'", *params.KeyFile) ok, err := fs.Exists(*params.KeyFile) if err != nil { return nil, err } if !ok { logger.Warnf("key file '%s' does not exist", *params.KeyFile) logger.Trace("returning nil error") return nil, nil } logger.Debugf("reading key file") keyPem, err := fs.ReadFile(*params.KeyFile) if err != nil { return nil, err } logger.Debug("decoding private key PEM") key, err := crypto.PemDecodePrivate([]byte(keyPem)) if err != nil { return nil, err } keyType, err := crypto.GetKeyType(key) if err != nil { return nil, err } csr.Data.Body.KeyType = string(keyType) csr.Data.Body.PrivateKey = keyPem } } if *params.StandaloneFile == "" { err = cont.SaveCSR(csr) if err != nil { return nil, err } var tags string if *params.Tags == "NAME" { tags = *params.Name } else { tags = *params.Tags } err = cont.AddCSRToOrgIndex(csr, tags) if err != nil { return nil, err } } return csr, nil }