Esempio n. 1
0
// Stores the certificate in the authorization pending subtree
func (ck *CertKit) SavePending(cert *x509.Certificate) error {
	var err error
	var CertKey string
	var Pem string
	var tgtpath string

	CertKey = certKey(cert)
	Goose.Auth.Logf(3, "User certificate of %s not authorized", CertKey)
	Goose.Auth.Logf(6, "Certificate is %#v", cert)

	tgtpath = ck.Etcdkey + "/pending/" + CertKey

	_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), tgtpath, "", &etcd.SetOptions{Dir: true})
	if err != nil {
		Goose.Auth.Logf(1, "Error creating diretory for pending certificate (%s): %s", tgtpath, err)
		return err
	}

	Pem = string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}))
	Goose.Auth.Logf(6, "Pem Certificate is %#v", Pem)
	err = etcdconfig.SetKey(ck.Etcdcli, tgtpath+"/cert", Pem)
	if err != nil {
		Goose.Auth.Logf(1, "Error saving pending certificate (%s): %s", tgtpath, err)
		return err
	}

	return err
}
Esempio n. 2
0
//Transfer a user certificate from the pending subtree to the trusted subtree (so, enabling this user accesses)
func (ck *CertKit) Trust(id string) error {
	var err error
	var srcpath string
	var tgtpath string
	var etcdData interface{}

	srcpath = ck.Etcdkey + "/pending/" + id
	tgtpath = ck.Etcdkey + "/trusted/" + id

	_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, srcpath+"/cert")
	if err != nil {
		Goose.Auth.Logf(1, "Error retrieving pending user certificate for %s: %s", id, err)
		return err
	}

	Goose.Auth.Logf(6, "etcddata %s: %#v", id, etcdData)

	_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), tgtpath, "", &etcd.SetOptions{Dir: true})
	if err != nil {
		Goose.Auth.Logf(1, "Error setting configuration, creating diretory (%s): %s", tgtpath, err)
		return err
	}

	err = etcdconfig.SetKey(ck.Etcdcli, tgtpath+"/cert", etcdData.(string))
	if err != nil {
		Goose.Auth.Logf(1, "Error saving pending user certificate on trusted subtree for %s: %s", id, err)
		return err
	}

	err = etcdconfig.DeleteConfig(ck.Etcdcli, srcpath)
	if err != nil {
		Goose.Auth.Logf(1, "Error deleting pending user certificate for %s: %s", id, err)
		return err
	}

	return nil
}