//List certificates from the pending subtree
func (ck *CertKit) GetPending() (map[string]interface{}, error) {
var err error
var etcdData interface{}
if ck.Etcdcli == nil {
err = errors.New("Error no etcd client initialized")
Goose.Auth.Logf(1, "%s", err)
return nil, err
}
if ck.Etcdkey == "" {
err = errors.New("Error no etcd key provided")
Goose.Auth.Logf(1, "%s", err)
return nil, err
}
_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey)
Goose.Auth.Logf(5, "etcdkey: %#v", etcdData)
_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey+"/pending")
if err != nil {
Goose.Auth.Logf(1, "Error retrieving pending users certificates: %s", err)
return nil, err
}
if etcdData == nil {
return map[string]interface{}{}, nil
}
return etcdData.(map[string]interface{}), nil
}
//Transfer a user certificate from the pending subtree to the trusted subtree (so, enabling this user accesses)
func (ck *CertKit) Trust(id string) error {
var err error
var srcpath string
var tgtpath string
var etcdData interface{}
srcpath = ck.Etcdkey + "/pending/" + id
tgtpath = ck.Etcdkey + "/trusted/" + id
_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, srcpath+"/cert")
if err != nil {
Goose.Auth.Logf(1, "Error retrieving pending user certificate for %s: %s", id, err)
return err
}
Goose.Auth.Logf(6, "etcddata %s: %#v", id, etcdData)
_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), tgtpath, "", &etcd.SetOptions{Dir: true})
if err != nil {
Goose.Auth.Logf(1, "Error setting configuration, creating diretory (%s): %s", tgtpath, err)
return err
}
err = etcdconfig.SetKey(ck.Etcdcli, tgtpath+"/cert", etcdData.(string))
if err != nil {
Goose.Auth.Logf(1, "Error saving pending user certificate on trusted subtree for %s: %s", id, err)
return err
}
err = etcdconfig.DeleteConfig(ck.Etcdcli, srcpath)
if err != nil {
Goose.Auth.Logf(1, "Error deleting pending user certificate for %s: %s", id, err)
return err
}
return nil
}
func (ck *CertKit) LoadUserData() error {
var err error
var ClientCert *x509.Certificate
var ClientCertRaw interface{}
var etcdData interface{}
var usrKey string
var usrData interface{}
_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey)
if err != nil {
_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey, "", &etcd.SetOptions{Dir: true})
if err != nil {
Goose.Loader.Logf(1, "Error creating creating base diretory (%s): %s", ck.Etcdkey, err)
return err
}
_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey+"/trusted", "", &etcd.SetOptions{Dir: true})
if err != nil {
Goose.Loader.Logf(1, "Error creating creating trusted users base diretory (%s): %s", ck.Etcdkey+"/trusted", err)
return err
}
_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey+"/pending", "", &etcd.SetOptions{Dir: true})
if err != nil {
Goose.Loader.Logf(1, "Error creating creating pending users base diretory (%s): %s", ck.Etcdkey+"/pending", err)
return err
}
}
_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey+"/pending")
if err != nil {
_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey+"/pending", "", &etcd.SetOptions{Dir: true})
if err != nil {
Goose.Loader.Logf(1, "Error creating creating pending users base diretory (%s): %s", ck.Etcdkey+"/pending", err)
return err
}
}
_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey+"/trusted")
if err != nil {
_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey+"/trusted", "", &etcd.SetOptions{Dir: true})
if err != nil {
Goose.Loader.Logf(1, "Error creating creating trusted users base diretory (%s): %s", ck.Etcdkey+"/trusted", err)
return err
}
}
ck.UserCerts = map[string]*UserDB{}
if etcdData != nil {
for usrKey, usrData = range etcdData.(map[string]interface{}) {
switch usrData.(type) {
case (map[string]interface{}):
ClientCertRaw = usrData.(map[string]interface{})["cert"]
switch ClientCertRaw.(type) {
case string:
ClientCert, _, err = ck.ReadCertFromReader(strings.NewReader(ClientCertRaw.(string)))
if err == nil {
ck.UserCerts[usrKey] = &UserDB{Cert: ClientCert}
} else {
Goose.Loader.Logf(1, "Error decoding certificate for %s: %s", usrKey, err)
}
default:
Goose.Loader.Logf(1, "Error reading certificate for %s: %s", usrKey, err)
}
default:
Goose.Loader.Logf(1, "Error reading user data for %s: %s", usrKey, err)
}
}
}
etcdconfig.OnUpdateTree(ck.Etcdcli, ck.Etcdkey+"/trusted", func(key string, val interface{}, action string) {
Goose.Loader.Logf(2, "Update (%s) on %s|", action, key)
Goose.Loader.Logf(5, "Update (%s) on %s: %#v", action, key, val)
//key = key[len(ck.Etcdkey) + 10:]
Goose.Loader.Logf(2, "Update (%s) on map key %s|", action, key)
switch action {
case "set":
idParts := ck.etcdCertKeyRE.FindStringSubmatch(key)
if len(idParts) > 0 {
key = idParts[1] + "_" + idParts[2]
ClientCert, _, err = ck.ReadCertFromReader(strings.NewReader(val.(string)))
Goose.Loader.Logf(2, "certificate for %s was decoded", idParts[1])
if err == nil {
if _, ok := ck.UserCerts[key]; ok {
ck.UserCerts[key].Cert = ClientCert
Goose.Loader.Logf(2, "certificate for %s was updated", idParts[1])
} else {
ck.UserCerts[key] = &UserDB{Cert: ClientCert}
Goose.Loader.Logf(2, "certificate for %s was created", idParts[1])
}
} else {
Goose.Loader.Logf(1, "Error decoding certificate for %s: %s", key, err)
}
}
case "delete":
idParts := ck.etcdDeleteKeyRE.FindStringSubmatch(key)
if len(idParts) > 0 {
key = idParts[1] + "_" + idParts[2]
delete(ck.UserCerts, key)
Goose.Loader.Logf(2, "certificate for %s was deleted", key)
}
}
})
/*
_, etcdData, err = etcdconfig.GetConfig(etcdhandle, etcdkey + "/pending")
if err != nil {
Goose.Loader.Logf(1,"Error retrieving trusted users certificates: %s", err)
return err
}
ck.PendingCerts = map[string]UserDB{}
for usrKey, usrData = range etcdData {
switch usrData.(type) {
case (map[string]interface{}):
ClientCertRaw = usrData.(map[string]interface{})["cert"]
switch ClientCertRaw.(type) {
case string:
ClientCert, _, err = ck.ReadCertFromReader(strings.NewReader(ClientCertRaw.(string)))
if err == nil {
ck.PendingCerts[usrKey] = UserDB{Cert: ClientCert}
} else {
Goose.Loader.Logf(1,"Error decoding pending certificate for %s: %s", usrKey, err)
}
default:
Goose.Loader.Logf(1,"Error reading pending certificate for %s: %s", usrKey, err)
}
default:
Goose.Loader.Logf(1,"Error reading pending user data for %s: %s", usrKey, err)
}
}
*/
return err
}