Exemple #1
0
func (app *AdminApp) SignCSRForNode(node *node.Node, caId, tag string) {
	logger.Info("Getting CSR for node")
	csrContainerJson, err := app.fs.api.PopOutgoing(node.Data.Body.Id, "csrs")
	checkAppFatal("Couldn't get a csr: %s", err)

	csrContainer, err := document.NewContainer(csrContainerJson)
	checkAppFatal("Couldn't create container from json: %s", err)

	err = node.Verify(csrContainer)
	checkAppFatal("Couldn't verify CSR: %s", err)

	csrJson := csrContainer.Data.Body
	csr, err := x509.NewCSR(csrJson)
	checkAppFatal("Couldn't create csr from json: %s", err)

	logger.Info("Setting CSR name from node")
	csr.Data.Body.Name = node.Data.Body.Name

	ca := app.GetCA(caId)

	logger.Info("Creating certificate")
	cert, err := ca.Sign(csr)
	checkAppFatal("Couldn't sign csr: %s", err)

	logger.Info("Tagging cert")
	cert.Data.Body.Tags = append(cert.Data.Body.Tags, tag)

	logger.Info("Signing cert")
	certContainer, err := document.NewContainer(nil)
	checkAppFatal("Couldn't create cert container: %s", err)

	certContainer.Data.Options.Source = app.entities.org.Data.Body.Id
	certContainer.Data.Body = cert.Dump()
	err = app.entities.org.Sign(certContainer)
	checkAppFatal("Couldn't sign cert container: %s", err)

	logger.Info("Pushing certificate to node")
	err = app.fs.api.PushIncoming(node.Data.Body.Id, "certs", certContainer.Dump())
	checkAppFatal("Couldn't push cert to node: %s", err)
}
Exemple #2
0
func (cont *OrgController) SignCSR(node *node.Node, caId, tag string) error {
	logger.Debug("signing CSR for node")
	logger.Tracef("received node with id '%s', ca id '%s' and tag '%s'", node.Id(), caId, tag)

	logger.Debugf("popping outgoing CSr from node '%s'", node.Id())
	csrContainerJson, err := cont.env.api.PopOutgoing(node.Data.Body.Id, "csrs")
	if err != nil {
		return err
	}

	logger.Debug("creating new CSR container")
	csrContainer, err := document.NewContainer(csrContainerJson)
	if err != nil {
		return err
	}

	logger.Debug("verifying CSR container with node")
	if err := node.Verify(csrContainer); err != nil {
		return err
	}

	logger.Debug("creating CSR from JSON")
	csrJson := csrContainer.Data.Body
	csr, err := x509.NewCSR(csrJson)
	if err != nil {
		return err
	}

	csr.Data.Body.Name = node.Data.Body.Name

	ca, err := cont.GetCA(caId)
	if err != nil {
		return err
	}

	logger.Debugf("Signing CSR with ca '%s'", caId)
	cert, err := ca.Sign(csr, false)
	if err != nil {
		return err
	}

	logger.Debug("tagging certificate")
	cert.Data.Body.Tags = append(cert.Data.Body.Tags, tag)

	logger.Debug("creating certificate container")
	certContainer, err := document.NewContainer(nil)
	if err != nil {
		return err
	}

	org := cont.env.controllers.org.org
	certContainer.Data.Options.Source = org.Id()
	certContainer.Data.Body = cert.Dump()

	logger.Debug("signing certificate container with org")
	if err := org.Sign(certContainer); err != nil {
		return err
	}

	logger.Debug("pushing certificate to node")
	if err := cont.env.api.PushIncoming(node.Data.Body.Id, "certs", certContainer.Dump()); err != nil {
		return err
	}

	index, err := cont.GetIndex()
	if err != nil {
		return err
	}

	if err := index.AddCertTags(cert.Data.Body.Id, cert.Data.Body.Tags); err != nil {
		return err
	}

	if err := cont.SaveIndex(index); err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}