예제 #1
0
//List certificates from the pending subtree
func (ck *CertKit) GetPending() (map[string]interface{}, error) {
	var err error
	var etcdData interface{}

	if ck.Etcdcli == nil {
		err = errors.New("Error no etcd client initialized")
		Goose.Auth.Logf(1, "%s", err)
		return nil, err
	}

	if ck.Etcdkey == "" {
		err = errors.New("Error no etcd key provided")
		Goose.Auth.Logf(1, "%s", err)
		return nil, err
	}

	_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey)
	Goose.Auth.Logf(5, "etcdkey: %#v", etcdData)

	_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey+"/pending")
	if err != nil {
		Goose.Auth.Logf(1, "Error retrieving pending users certificates: %s", err)
		return nil, err
	}

	if etcdData == nil {
		return map[string]interface{}{}, nil
	}

	return etcdData.(map[string]interface{}), nil
}
예제 #2
0
//Transfer a user certificate from the pending subtree to the trusted subtree (so, enabling this user accesses)
func (ck *CertKit) Trust(id string) error {
	var err error
	var srcpath string
	var tgtpath string
	var etcdData interface{}

	srcpath = ck.Etcdkey + "/pending/" + id
	tgtpath = ck.Etcdkey + "/trusted/" + id

	_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, srcpath+"/cert")
	if err != nil {
		Goose.Auth.Logf(1, "Error retrieving pending user certificate for %s: %s", id, err)
		return err
	}

	Goose.Auth.Logf(6, "etcddata %s: %#v", id, etcdData)

	_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), tgtpath, "", &etcd.SetOptions{Dir: true})
	if err != nil {
		Goose.Auth.Logf(1, "Error setting configuration, creating diretory (%s): %s", tgtpath, err)
		return err
	}

	err = etcdconfig.SetKey(ck.Etcdcli, tgtpath+"/cert", etcdData.(string))
	if err != nil {
		Goose.Auth.Logf(1, "Error saving pending user certificate on trusted subtree for %s: %s", id, err)
		return err
	}

	err = etcdconfig.DeleteConfig(ck.Etcdcli, srcpath)
	if err != nil {
		Goose.Auth.Logf(1, "Error deleting pending user certificate for %s: %s", id, err)
		return err
	}

	return nil
}
예제 #3
0
func (ck *CertKit) LoadUserData() error {
	var err error
	var ClientCert *x509.Certificate
	var ClientCertRaw interface{}
	var etcdData interface{}
	var usrKey string
	var usrData interface{}

	_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey)
	if err != nil {
		_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey, "", &etcd.SetOptions{Dir: true})
		if err != nil {
			Goose.Loader.Logf(1, "Error creating creating base diretory (%s): %s", ck.Etcdkey, err)
			return err
		}

		_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey+"/trusted", "", &etcd.SetOptions{Dir: true})
		if err != nil {
			Goose.Loader.Logf(1, "Error creating creating trusted users base diretory (%s): %s", ck.Etcdkey+"/trusted", err)
			return err
		}

		_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey+"/pending", "", &etcd.SetOptions{Dir: true})
		if err != nil {
			Goose.Loader.Logf(1, "Error creating creating pending users base diretory (%s): %s", ck.Etcdkey+"/pending", err)
			return err
		}
	}

	_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey+"/pending")
	if err != nil {
		_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey+"/pending", "", &etcd.SetOptions{Dir: true})
		if err != nil {
			Goose.Loader.Logf(1, "Error creating creating pending users base diretory (%s): %s", ck.Etcdkey+"/pending", err)
			return err
		}
	}

	_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, ck.Etcdkey+"/trusted")
	if err != nil {
		_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), ck.Etcdkey+"/trusted", "", &etcd.SetOptions{Dir: true})
		if err != nil {
			Goose.Loader.Logf(1, "Error creating creating trusted users base diretory (%s): %s", ck.Etcdkey+"/trusted", err)
			return err
		}
	}

	ck.UserCerts = map[string]*UserDB{}

	if etcdData != nil {
		for usrKey, usrData = range etcdData.(map[string]interface{}) {
			switch usrData.(type) {
			case (map[string]interface{}):
				ClientCertRaw = usrData.(map[string]interface{})["cert"]
				switch ClientCertRaw.(type) {
				case string:
					ClientCert, _, err = ck.ReadCertFromReader(strings.NewReader(ClientCertRaw.(string)))
					if err == nil {
						ck.UserCerts[usrKey] = &UserDB{Cert: ClientCert}
					} else {
						Goose.Loader.Logf(1, "Error decoding certificate for %s: %s", usrKey, err)
					}
				default:
					Goose.Loader.Logf(1, "Error reading certificate for %s: %s", usrKey, err)
				}
			default:
				Goose.Loader.Logf(1, "Error reading user data for %s: %s", usrKey, err)
			}
		}
	}

	etcdconfig.OnUpdateTree(ck.Etcdcli, ck.Etcdkey+"/trusted", func(key string, val interface{}, action string) {
		Goose.Loader.Logf(2, "Update (%s) on %s|", action, key)
		Goose.Loader.Logf(5, "Update (%s) on %s: %#v", action, key, val)
		//key = key[len(ck.Etcdkey) + 10:]
		Goose.Loader.Logf(2, "Update (%s) on map key %s|", action, key)
		switch action {
		case "set":
			idParts := ck.etcdCertKeyRE.FindStringSubmatch(key)
			if len(idParts) > 0 {
				key = idParts[1] + "_" + idParts[2]
				ClientCert, _, err = ck.ReadCertFromReader(strings.NewReader(val.(string)))
				Goose.Loader.Logf(2, "certificate for %s was decoded", idParts[1])
				if err == nil {
					if _, ok := ck.UserCerts[key]; ok {
						ck.UserCerts[key].Cert = ClientCert
						Goose.Loader.Logf(2, "certificate for %s was updated", idParts[1])
					} else {
						ck.UserCerts[key] = &UserDB{Cert: ClientCert}
						Goose.Loader.Logf(2, "certificate for %s was created", idParts[1])
					}
				} else {
					Goose.Loader.Logf(1, "Error decoding certificate for %s: %s", key, err)
				}
			}

		case "delete":
			idParts := ck.etcdDeleteKeyRE.FindStringSubmatch(key)
			if len(idParts) > 0 {
				key = idParts[1] + "_" + idParts[2]
				delete(ck.UserCerts, key)
				Goose.Loader.Logf(2, "certificate for %s was deleted", key)
			}
		}
	})

	/*
	   _, etcdData, err = etcdconfig.GetConfig(etcdhandle, etcdkey + "/pending")
	   if err != nil {
	      Goose.Loader.Logf(1,"Error retrieving trusted users certificates: %s", err)
	      return err
	   }

	   ck.PendingCerts = map[string]UserDB{}
	   for usrKey, usrData = range etcdData {
	      switch usrData.(type) {
	         case (map[string]interface{}):
	            ClientCertRaw = usrData.(map[string]interface{})["cert"]
	            switch ClientCertRaw.(type) {
	               case string:
	                  ClientCert, _, err = ck.ReadCertFromReader(strings.NewReader(ClientCertRaw.(string)))
	                  if err == nil {
	                     ck.PendingCerts[usrKey] = UserDB{Cert: ClientCert}
	                  } else {
	                     Goose.Loader.Logf(1,"Error decoding pending certificate for %s: %s", usrKey, err)
	                  }
	               default:
	                  Goose.Loader.Logf(1,"Error reading pending certificate for %s: %s", usrKey, err)
	            }
	         default:
	            Goose.Loader.Logf(1,"Error reading pending user data for %s: %s", usrKey, err)
	      }
	   }
	*/

	return err
}