예제 #1
0
파일: csr.go 프로젝트: pki-io/controller
func (cont *CSRController) GetCSR(id string) (*x509.CSR, error) {
	logger.Debug("getting CSR")
	logger.Tracef("received CSR id '%s'", id)

	logger.Debug("getting CSR from org")
	csrContainerJson, err := cont.env.api.GetPrivate(cont.env.controllers.org.OrgId(), id)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating new container")
	csrContainer, err := document.NewContainer(csrContainerJson)
	if err != nil {
		return nil, err
	}

	logger.Debug("decrypting container")
	csrJson, err := cont.env.controllers.org.org.VerifyThenDecrypt(csrContainer)
	if err != nil {
		return nil, err
	}

	logger.Debug("loading CSR json")
	csr, err := x509.NewCSR(csrJson)
	if err != nil {
		return nil, err
	}

	logger.Trace("returning CSR")
	return csr, nil
}
예제 #2
0
파일: adminApp.go 프로젝트: jawher/admin
func (app *AdminApp) LoadOrgEntity() {
	logger.Info("Loading org entity")
	var err error

	orgId := app.config.org.Data.Id
	app.fs.api.Authenticate(orgId, "")

	orgPublicJson, err := app.fs.home.Read(orgId)
	checkAppFatal("Couldn't read org public entity: %s", err)

	app.entities.org, err = entity.New(orgPublicJson)
	checkAppFatal("Could not create org entity: %s", err)

	orgEntity, err := app.fs.api.LoadPrivate(orgId)
	checkAppFatal("Couldn't load org entity: %s", err)

	orgContainer, err := document.NewContainer(orgEntity)
	checkAppFatal("Could not load org container: %s", err)

	err = app.entities.org.Verify(orgContainer)
	checkAppFatal("Could not verify org: %s", err)

	decryptedOrgJson, err := app.entities.admin.Decrypt(orgContainer)
	checkAppFatal("Could not decrypt container: %s", err)

	app.entities.org, err = entity.New(decryptedOrgJson)
	checkAppFatal("Could not create org entity: %s", err)
}
예제 #3
0
func (cont *CertificateController) GetCert(id string) (*x509.Certificate, error) {
	logger.Debug("getting certificate")
	logger.Tracef("received certificate id '%s'", id)

	logger.Debugf("getting private file '%s' from org", id)
	certContainerJson, err := cont.env.api.GetPrivate(cont.env.controllers.org.org.Data.Body.Id, id)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating new container")
	certContainer, err := document.NewContainer(certContainerJson)
	if err != nil {
		return nil, err
	}

	logger.Debug("decrypting container")
	certJson, err := cont.env.controllers.org.org.VerifyThenDecrypt(certContainer)
	if err != nil {
		return nil, err
	}

	logger.Debug("loading certificate json")
	cert, err := x509.NewCertificate(certJson)
	if err != nil {
		return nil, err
	}

	logger.Trace("returning nil error")
	return cert, nil
}
예제 #4
0
파일: ca.go 프로젝트: pki-io/controller
func (cont *CAController) GetCA(id string) (*x509.CA, error) {
	logger.Debugf("getting CA")
	logger.Tracef("received id '%s", id)

	logger.Debugf("getting CA json '%s' for org '%s'", id, cont.env.controllers.org.OrgId())
	caContainerJson, err := cont.env.api.GetPrivate(cont.env.controllers.org.OrgId(), id)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating new container from json")
	caContainer, err := document.NewContainer(caContainerJson)
	if err != nil {
		return nil, err
	}

	logger.Debug("decrypting container")
	caJson, err := cont.env.controllers.org.org.VerifyThenDecrypt(caContainer)
	if err != nil {
		return nil, err
	}

	logger.Debug("loading CA json to struct")
	ca, err := x509.NewCA(caJson)
	if err != nil {
		return nil, err
	}

	logger.Trace("returning CA")
	return ca, nil
}
예제 #5
0
파일: nodeApp.go 프로젝트: jawher/admin
func (app *NodeApp) LoadNodeIndex() {
	logger.Info("Loading node index")
	var err error

	if app.entities.node == nil {
		checkAppFatal("Node not found in app: %s", err)
	}

	nodeConfig, err := app.config.node.GetNode(app.entities.node.Data.Body.Name)
	checkAppFatal("Could not get id for node: %s", err)

	indexJson, err := app.fs.api.GetPrivate(app.entities.node.Data.Body.Id, nodeConfig.Index)
	checkAppFatal("Could not get index container: %s", err)

	indexContainer, err := document.NewContainer(indexJson)
	checkAppFatal("Could not load index container: %s", err)

	err = app.entities.node.Verify(indexContainer)
	checkAppFatal("Could not verify index: %s", err)

	decryptedIndexJson, err := app.entities.node.Decrypt(indexContainer)
	checkAppFatal("Could not decrypt container: %s", err)

	app.index.node, err = index.NewNode(decryptedIndexJson)
	checkAppFatal("Could not create index: %s", err)
}
예제 #6
0
파일: org.go 프로젝트: pki-io/controller
func (cont *OrgController) GetCA(id string) (*x509.CA, error) {
	logger.Debug("getting CA")
	logger.Tracef("received CA id '%s'", id)

	org := cont.env.controllers.org.org
	caContainerJson, err := cont.env.api.GetPrivate(org.Id(), id)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating CA container")
	caContainer, err := document.NewContainer(caContainerJson)
	if err != nil {
		return nil, err
	}

	logger.Debug("verifying and decrypting CA container")
	caJson, err := org.VerifyThenDecrypt(caContainer)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating new CA from JSON")
	ca, err := x509.NewCA(caJson)
	if err != nil {
		return nil, err
	}

	logger.Trace("returning CA")
	return ca, nil
}
예제 #7
0
파일: adminApp.go 프로젝트: jawher/admin
func (app *AdminApp) SignCSRForNode(node *node.Node, caId, tag string) {
	logger.Info("Getting CSR for node")
	csrContainerJson, err := app.fs.api.PopOutgoing(node.Data.Body.Id, "csrs")
	checkAppFatal("Couldn't get a csr: %s", err)

	csrContainer, err := document.NewContainer(csrContainerJson)
	checkAppFatal("Couldn't create container from json: %s", err)

	err = node.Verify(csrContainer)
	checkAppFatal("Couldn't verify CSR: %s", err)

	csrJson := csrContainer.Data.Body
	csr, err := x509.NewCSR(csrJson)
	checkAppFatal("Couldn't create csr from json: %s", err)

	logger.Info("Setting CSR name from node")
	csr.Data.Body.Name = node.Data.Body.Name

	ca := app.GetCA(caId)

	logger.Info("Creating certificate")
	cert, err := ca.Sign(csr)
	checkAppFatal("Couldn't sign csr: %s", err)

	logger.Info("Tagging cert")
	cert.Data.Body.Tags = append(cert.Data.Body.Tags, tag)

	logger.Info("Signing cert")
	certContainer, err := document.NewContainer(nil)
	checkAppFatal("Couldn't create cert container: %s", err)

	certContainer.Data.Options.Source = app.entities.org.Data.Body.Id
	certContainer.Data.Body = cert.Dump()
	err = app.entities.org.Sign(certContainer)
	checkAppFatal("Couldn't sign cert container: %s", err)

	logger.Info("Pushing certificate to node")
	err = app.fs.api.PushIncoming(node.Data.Body.Id, "certs", certContainer.Dump())
	checkAppFatal("Couldn't push cert to node: %s", err)
}
예제 #8
0
파일: adminApp.go 프로젝트: jawher/admin
func (app *AdminApp) RegisterNextNode() {
	orgId := app.entities.org.Data.Body.Id

	regJson, err := app.fs.api.PopIncoming("registration")
	checkAppFatal("Can't pop registration: %s", err)

	container, err := document.NewContainer(regJson)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "registration", regJson)
		checkAppFatal("Can't load registration: %s", err)
	}
	pairingId := container.Data.Options.SignatureInputs["key-id"]
	logger.Infof("Reading pairing key: %s", pairingId)
	pairingKey := app.index.org.Data.Body.PairingKeys[pairingId]

	logger.Info("Verifying and decrypting node registration")
	nodeJson, err := app.entities.org.VerifyAuthenticationThenDecrypt(container, pairingKey.Key)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "registration", regJson)
		checkAppFatal("Couldn't verify then decrypt registration: %s", err)
	}

	node, err := node.New(nodeJson)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "registration", regJson)
		checkAppFatal("Couldn't create node from registration: %s", err)
	}

	logger.Info("Adding node to index")
	app.index.org.AddEntityTags(node.Data.Body.Id, pairingKey.Tags)
	app.index.org.AddNode(node.Data.Body.Name, node.Data.Body.Id)

	logger.Info("Encrypting and signing node for Org")
	nodeContainer, err := app.entities.org.EncryptThenSignString(node.Dump(), nil)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "registration", regJson)
		checkAppFatal("Couldn't encrypt then sign node: %s", err)
	}

	if err := app.fs.api.SendPrivate(orgId, node.Data.Body.Id, nodeContainer.Dump()); err != nil {
		checkAppFatal("Could not save node: %s", err)
	}

	for _, tag := range pairingKey.Tags {
		logger.Infof("Looking for CAs for tag %s", tag)
		for _, caId := range app.index.org.Data.Body.Tags.CAForward[tag] {
			logger.Infof("Found CA %s", caId)
			app.SignCSRForNode(node, caId, tag)
		}
	}

}
예제 #9
0
파일: adminApp.go 프로젝트: jawher/admin
func (app *AdminApp) GetCA(id string) *x509.CA {
	logger.Info("Getting CA")
	caContainerJson, err := app.fs.api.GetPrivate(app.entities.org.Data.Body.Id, id)
	caContainer, err := document.NewContainer(caContainerJson)
	checkAppFatal("Couldn't create container from json: %s", err)

	caJson, err := app.entities.org.VerifyThenDecrypt(caContainer)
	checkAppFatal("Couldn't verify and decrypt ca container: %s", err)

	ca, err := x509.NewCA(caJson)
	checkAppFatal("Couldn't create ca: %s", err)
	return ca
}
예제 #10
0
파일: nodeApp.go 프로젝트: jawher/admin
func (app *NodeApp) GetCertificate(id string) *x509.Certificate {
	certContainerJson, err := app.fs.api.GetPrivate(app.entities.node.Data.Body.Id, id)
	checkAppFatal("Could not load cert container json: %s", err)

	certContainer, err := document.NewContainer(certContainerJson)
	checkAppFatal("Could not load cert container: %s", err)

	certJson, err := app.entities.node.VerifyThenDecrypt(certContainer)
	checkAppFatal("Could not verify and decrypt: %s", err)

	cert, err := x509.NewCertificate(certJson)
	checkAppFatal("Could not load cert: %s", err)
	return cert
}
예제 #11
0
파일: nodeApp.go 프로젝트: jawher/admin
func (app *NodeApp) ProcessNextCert() {
	certContainerJson, err := app.fs.api.PopIncoming("certs")
	checkAppFatal("Can't pop cert: %s", err)

	certContainer, err := document.NewContainer(certContainerJson)
	checkAppFatal("Can't create cert container: %s", err)

	err = app.entities.org.Verify(certContainer)
	checkAppFatal("Cert didn't verify: %s", err)

	cert, err := x509.NewCertificate(certContainer.Data.Body)
	checkAppFatal("Can't load certificate: %s", err)

	csrContainerJson, err := app.fs.api.GetPrivate(app.entities.node.Data.Body.Id, cert.Data.Body.Id)
	checkAppFatal("Couldn't load csr file: %s", err)

	csrContainer, err := document.NewContainer(csrContainerJson)
	checkAppFatal("Couldn't load CSR container: %s", err)

	csrJson, err := app.entities.node.VerifyThenDecrypt(csrContainer)
	checkAppFatal("Couldn't verify and decrypt container: %s", err)

	csr, err := x509.NewCSR(csrJson)
	checkAppFatal("Couldn't load csr: %s", err)

	// Set the private key from the csr
	cert.Data.Body.PrivateKey = csr.Data.Body.PrivateKey

	updatedCertContainer, err := app.entities.node.EncryptThenSignString(cert.Dump(), nil)
	checkAppFatal("Could not encrypt then sign cert: %s", err)

	err = app.fs.api.SendPrivate(app.entities.node.Data.Body.Id, cert.Data.Body.Id, updatedCertContainer.Dump())
	checkAppFatal("Could save cert: %s", err)

	err = app.index.node.AddCertTags(cert.Data.Body.Id, cert.Data.Body.Tags)
	checkAppFatal("Could not add cert tags: %s", err)
}
예제 #12
0
파일: adminApp.go 프로젝트: jawher/admin
func (app *AdminApp) ProcessNextInvite() {
	orgId := app.entities.org.Data.Body.Id

	inviteJson, err := app.fs.api.PopIncoming("invite")
	checkAppFatal("Can't pop invite: %s", err)

	container, err := document.NewContainer(inviteJson)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "invite", inviteJson)
		checkAppFatal("Can't load invite: %s", err)
	}

	inviteId := container.Data.Options.SignatureInputs["key-id"]
	logger.Infof("Reading invite key: %s", inviteId)
	inviteKey, err := app.index.org.GetInviteKey(inviteId)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "invite", inviteJson)
		checkAppFatal("Couldn't get invite key: %s", err)
	}

	logger.Info("Verifying and decrypting admin invite")
	adminJson, err := app.entities.org.VerifyAuthenticationThenDecrypt(container, inviteKey.Key)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "invite", inviteJson)
		checkAppFatal("Couldn't verify then decrypt invite: %s", err)
	}

	admin, err := entity.New(adminJson)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "invite", inviteJson)
		checkAppFatal("Couldn't load admin entity: %s", err)
	}

	err = app.index.org.AddAdmin(admin.Data.Body.Name, admin.Data.Body.Id)
	checkAppFatal("Couldn't add admin to index: %s", err)

	app.SendOrgEntity()
	//app.entities.org.EncryptThenSignString(app.entities.org.Dump(), app.GetAdminEntities())

	orgContainer, err := app.entities.admin.EncryptThenAuthenticateString(app.entities.org.DumpPublic(), inviteId, inviteKey.Key)
	checkAppFatal("Couldn't encrypt and authenticate org public: %s", err)

	err = app.fs.api.PushIncoming(admin.Data.Body.Id, "invite", orgContainer.Dump())
	checkAppFatal("Could not push org container: %s", err)

	// Delete invite ID
}
예제 #13
0
파일: adminApp.go 프로젝트: jawher/admin
func (app *AdminApp) GetNode(name string) *node.Node {
	nodeId, err := app.index.org.GetNode(name)
	checkAppFatal("Couldn't get node config: %s", err)

	nodeContainerJson, err := app.fs.api.GetPrivate(app.entities.org.Data.Body.Id, nodeId)
	checkAppFatal("Couldn't get node container: %s", err)

	nodeContainer, err := document.NewContainer(nodeContainerJson)
	checkAppFatal("Could not load node container: %s", err)

	nodeJson, err := app.entities.org.VerifyThenDecrypt(nodeContainer)
	checkAppFatal("Couldn't get verify then decrypt node: %s", err)

	nde, err := node.New(nodeJson)
	checkAppFatal("Couldn't create node: %s", err)
	return nde
}
예제 #14
0
파일: adminApp.go 프로젝트: jawher/admin
func (app *AdminApp) LoadOrgIndex() {
	var err error

	orgIndexId := app.config.org.Data.Index
	indexJson, err := app.fs.api.GetPrivate(app.entities.org.Data.Body.Id, orgIndexId)

	indexContainer, err := document.NewContainer(indexJson)
	checkAppFatal("Could not load index container: %s", err)

	err = app.entities.org.Verify(indexContainer)
	checkAppFatal("Could not verify index: %s", err)

	decryptedIndexJson, err := app.entities.org.Decrypt(indexContainer)
	checkAppFatal("Could not decrypt container: %s", err)

	app.index.org, err = index.NewOrg(decryptedIndexJson)
	checkAppFatal("Could not create index: %s", err)
}
예제 #15
0
파일: adminApp.go 프로젝트: jawher/admin
func (app *AdminApp) CompleteInvite(inviteId, inviteKey string) {
	err := app.fs.api.Authenticate(app.entities.admin.Data.Body.Id, "")
	checkAppFatal("Couldn't authenticate to API: %s", err)

	orgContainerJson, err := app.fs.api.PopIncoming("invite")
	checkAppFatal("Can't pop invite: %s", err)

	orgContainer, err := document.NewContainer(orgContainerJson)
	checkAppFatal("Can't create org container: %s", err)

	orgJson, err := app.entities.admin.VerifyAuthenticationThenDecrypt(orgContainer, inviteKey)
	checkAppFatal("Couldn't verify invite: %s", err)

	app.entities.org, err = entity.New(orgJson)
	checkAppFatal("Couldn't create org entitiy: %s", err)

	app.SaveOrgEntityPublic()
}
예제 #16
0
파일: node.go 프로젝트: pki-io/controller
func (cont *NodeController) GetNode(name string) (*node.Node, error) {
	logger.Debug("getting node")
	logger.Tracef("received name '%s'", name)

	org := cont.env.controllers.org.org

	index, err := cont.env.controllers.org.GetIndex()
	if err != nil {
		return nil, err
	}

	nodeId, err := index.GetNode(name)
	if err != nil {
		return nil, err
	}

	logger.Debugf("getting node '%s' from org", nodeId)
	nodeContainerJson, err := cont.env.api.GetPrivate(org.Id(), nodeId)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating new node container")
	nodeContainer, err := document.NewContainer(nodeContainerJson)
	if err != nil {
		return nil, err
	}

	logger.Debug("verifying and decrypting node container")
	nodeJson, err := org.VerifyThenDecrypt(nodeContainer)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating new node struct")
	n, err := node.New(nodeJson)
	if err != nil {
		return nil, err
	}

	logger.Trace("returning node")
	return n, nil
}
예제 #17
0
파일: org.go 프로젝트: pki-io/controller
func (cont *OrgController) LoadPrivateOrg() error {
	logger.Debug("loading private org")

	orgId := cont.config.Data.Id

	logger.Debugf("loading private org with id '%s'", orgId)
	orgEntity, err := cont.env.api.GetPrivate(orgId, orgId)
	if err != nil {
		return err
	}

	logger.Debug("creating new org container")
	container, err := document.NewContainer(orgEntity)
	if err != nil {
		return err
	}

	logger.Debug("verifying container")
	err = cont.org.Verify(container)
	if err != nil {
		return err
	}

	logger.Debug("decrypting container")
	decryptedOrgJson, err := cont.env.controllers.admin.admin.Decrypt(container)
	if err != nil {
		return err
	}

	logger.Debug("creating org struct")
	cont.org, err = entity.New(decryptedOrgJson)
	if err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
예제 #18
0
파일: org.go 프로젝트: pki-io/controller
func (cont *OrgController) GetIndex() (*index.OrgIndex, error) {
	logger.Debug("getting org index")

	orgIndexId := cont.config.Data.Index
	logger.Debugf("getting org index with id '%s'", orgIndexId)
	indexJson, err := cont.env.api.GetPrivate(cont.org.Id(), orgIndexId)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating container for index")
	indexContainer, err := document.NewContainer(indexJson)
	if err != nil {
		return nil, err
	}

	logger.Debug("verifying container")
	err = cont.org.Verify(indexContainer)
	if err != nil {
		return nil, err
	}

	logger.Debug("decrypting container")
	decryptedIndexJson, err := cont.org.Decrypt(indexContainer)
	if err != nil {
		return nil, err
	}

	logger.Debug("creating new index struct from JSON")
	index, err := index.NewOrg(decryptedIndexJson)
	if err != nil {
		return nil, err
	}

	logger.Trace("returning index")
	return index, nil
}
예제 #19
0
파일: org.go 프로젝트: pki-io/controller
func (cont *OrgController) RegisterNextNode() error {
	logger.Debug("registering next node")

	org := cont.env.controllers.org.org

	logger.Debug("popping next registration from org")
	regJson, err := cont.env.api.PopIncoming(org.Id(), "registration")
	if err != nil {
		return err
	}

	logger.Debug("creating new registration container")
	container, err := document.NewContainer(regJson)
	if err != nil {
		logger.Warn("unable to create container from registration json. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	pairingId := container.Data.Options.SignatureInputs["key-id"]
	logger.Debugf("reading pairing key for '%s'", pairingId)

	index, err := cont.GetIndex()
	if err != nil {
		return err
	}

	pairingKey, ok := index.Data.Body.PairingKeys[pairingId]
	if !ok {
		logger.Warn("unable to find pairing key. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		logger.Trace("returning nil error")
		return nil
	}

	logger.Debug("verifying and decrypting node registration")
	nodeJson, err := org.VerifyAuthenticationThenDecrypt(container, pairingKey.Key)
	if err != nil {
		logger.Warn("unable to decrypt node registration. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	logger.Debug("creating new node from JSON")
	node, err := node.New(nodeJson)
	if err != nil {
		logger.Warn("unable to create node. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	index.AddEntityTags(node.Data.Body.Id, pairingKey.Tags)
	index.AddNode(node.Data.Body.Name, node.Data.Body.Id)

	logger.Debug("encrypting and signing node for org")
	nodeContainer, err := org.EncryptThenSignString(node.Dump(), nil)
	if err != nil {
		logger.Warn("unable to encrypt node for org. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	logger.Debug("sending node to org")
	if err := cont.env.api.SendPrivate(org.Id(), node.Data.Body.Id, nodeContainer.Dump()); err != nil {
		logger.Warn("Unable to send node to org. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	for _, tag := range pairingKey.Tags {
		logger.Debugf("looking for CAs for tag '%s'", tag)
		for _, caId := range index.Data.Body.Tags.CAForward[tag] {
			logger.Debugf("found CA '%s'", caId)
			if err := cont.SignCSR(node, caId, tag); err != nil {
				return err
			}
		}
	}

	if err := cont.SaveIndex(index); err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
예제 #20
0
파일: org.go 프로젝트: pki-io/controller
func (cont *OrgController) SignCSR(node *node.Node, caId, tag string) error {
	logger.Debug("signing CSR for node")
	logger.Tracef("received node with id '%s', ca id '%s' and tag '%s'", node.Id(), caId, tag)

	logger.Debugf("popping outgoing CSr from node '%s'", node.Id())
	csrContainerJson, err := cont.env.api.PopOutgoing(node.Data.Body.Id, "csrs")
	if err != nil {
		return err
	}

	logger.Debug("creating new CSR container")
	csrContainer, err := document.NewContainer(csrContainerJson)
	if err != nil {
		return err
	}

	logger.Debug("verifying CSR container with node")
	if err := node.Verify(csrContainer); err != nil {
		return err
	}

	logger.Debug("creating CSR from JSON")
	csrJson := csrContainer.Data.Body
	csr, err := x509.NewCSR(csrJson)
	if err != nil {
		return err
	}

	csr.Data.Body.Name = node.Data.Body.Name

	ca, err := cont.GetCA(caId)
	if err != nil {
		return err
	}

	logger.Debugf("Signing CSR with ca '%s'", caId)
	cert, err := ca.Sign(csr, false)
	if err != nil {
		return err
	}

	logger.Debug("tagging certificate")
	cert.Data.Body.Tags = append(cert.Data.Body.Tags, tag)

	logger.Debug("creating certificate container")
	certContainer, err := document.NewContainer(nil)
	if err != nil {
		return err
	}

	org := cont.env.controllers.org.org
	certContainer.Data.Options.Source = org.Id()
	certContainer.Data.Body = cert.Dump()

	logger.Debug("signing certificate container with org")
	if err := org.Sign(certContainer); err != nil {
		return err
	}

	logger.Debug("pushing certificate to node")
	if err := cont.env.api.PushIncoming(node.Data.Body.Id, "certs", certContainer.Dump()); err != nil {
		return err
	}

	index, err := cont.GetIndex()
	if err != nil {
		return err
	}

	if err := index.AddCertTags(cert.Data.Body.Id, cert.Data.Body.Tags); err != nil {
		return err
	}

	if err := cont.SaveIndex(index); err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
예제 #21
0
파일: admin.go 프로젝트: pki-io/controller
func (cont *AdminController) ProcessNextInvite() error {

	org := cont.env.controllers.org.org

	index, err := cont.env.controllers.org.GetIndex()
	if err != nil {
		return err
	}

	inviteJson, err := cont.env.api.PopIncoming(org.Id(), "invite")
	if err != nil {
		return err
	}

	container, err := document.NewContainer(inviteJson)
	if err != nil {
		cont.env.api.PushIncoming(org.Id(), "invite", inviteJson)
		return err
	}

	inviteId := container.Data.Options.SignatureInputs["key-id"]
	logger.Debugf("Reading invite key: %s", inviteId)
	inviteKey, err := index.GetInviteKey(inviteId)
	if err != nil {
		cont.env.api.PushIncoming(org.Id(), "invite", inviteJson)
		return err
	}

	logger.Debug("Verifying and decrypting admin invite")
	adminJson, err := org.VerifyAuthenticationThenDecrypt(container, inviteKey.Key)
	if err != nil {
		cont.env.api.PushIncoming(org.Id(), "invite", inviteJson)
		return err
	}

	admin, err := entity.New(adminJson)
	if err != nil {
		cont.env.api.PushIncoming(org.Id(), "invite", inviteJson)
		return err
	}

	if err := index.AddAdmin(admin.Data.Body.Name, admin.Data.Body.Id); err != nil {
		return err
	}

	if err := cont.env.controllers.org.SaveIndex(index); err != nil {
		return err
	}

	if err := cont.SendOrgEntity(); err != nil {
		return err
	}

	orgContainer, err := cont.admin.EncryptThenAuthenticateString(org.DumpPublic(), inviteId, inviteKey.Key)
	if err != nil {
		return err
	}

	if err := cont.env.api.PushIncoming(admin.Data.Body.Id, "invite", orgContainer.Dump()); err != nil {
		return err
	}

	// Delete invite ID

	return nil
}
예제 #22
0
파일: runCert.go 프로젝트: jawher/admin
func certNew(argv map[string]interface{}) (err error) {
	// TODO - this whole function needs to be refactored
	name := ArgString(argv["<name>"], nil)
	exportFile := ArgString(argv["--export"], nil)
	expiry := ArgInt(argv["--expiry"], 365)

	caName := ArgString(argv["--ca"], "")

	dnLocality := ArgString(argv["--dn-l"], "")
	dnState := ArgString(argv["--dn-st"], "")
	dnOrg := ArgString(argv["--dn-o"], "")
	dnOrgUnit := ArgString(argv["--dn-ou"], "")
	dnCountry := ArgString(argv["--dn-c"], "")
	dnStreet := ArgString(argv["--dn-street"], "")
	dnPostal := ArgString(argv["--dn-postal"], "")

	// TODO - This should really be in a certificate function
	subject := pkix.Name{CommonName: name}

	if dnLocality != "" {
		subject.Locality = []string{dnLocality}
	}
	if dnState != "" {
		subject.Province = []string{dnState}
	}
	if dnOrg != "" {
		subject.Organization = []string{dnOrg}
	}
	if dnOrgUnit != "" {
		subject.OrganizationalUnit = []string{dnOrgUnit}
	}
	if dnCountry != "" {
		subject.Country = []string{dnCountry}
	}
	if dnStreet != "" {
		subject.StreetAddress = []string{dnStreet}
	}
	if dnPostal != "" {
		subject.PostalCode = []string{dnPostal}
	}

	cert, err := x509.NewCertificate(nil)
	checkAppFatal("Couldn't create new certificate: %s", err)

	cert.Data.Body.Name = name
	cert.Data.Body.Expiry = expiry

	var files []ExportFile
	certFile := fmt.Sprintf("%s-cert.pem", cert.Data.Body.Name)
	keyFile := fmt.Sprintf("%s-key.pem", cert.Data.Body.Name)

	caFile := fmt.Sprintf("%s-cacert.pem", cert.Data.Body.Name)
	if caName == "" {
		// Self-signed
		err := cert.Generate(nil, &subject)
		checkAppFatal("Couldn't generate certificate: %s", err)

		files = append(files, ExportFile{Name: caFile, Mode: 0644, Content: []byte(cert.Data.Body.Certificate)})
	} else {
		app := NewAdminApp()
		app.Load()
		app.LoadOrgIndex()

		caId, err := app.index.org.GetCA(caName)
		checkUserFatal("Couldn't find CA '%s'%.0s", caName, err)

		caContainerJson, err := app.fs.api.GetPrivate(app.entities.org.Data.Body.Id, caId)
		caContainer, err := document.NewContainer(caContainerJson)
		checkAppFatal("Couldn't create container from json: %s", err)

		caJson, err := app.entities.org.VerifyThenDecrypt(caContainer)
		checkAppFatal("Couldn't verify and decrypt ca container: %s", err)

		ca, err := x509.NewCA(caJson)
		checkAppFatal("Couldn't create ca: %s", err)

		err = cert.Generate(ca, &subject)
		checkAppFatal("Couldn't generate certificate: %s", err)
		files = append(files, ExportFile{Name: caFile, Mode: 0644, Content: []byte(ca.Data.Body.Certificate)})
	}

	files = append(files, ExportFile{Name: certFile, Mode: 0644, Content: []byte(cert.Data.Body.Certificate)})
	files = append(files, ExportFile{Name: keyFile, Mode: 0600, Content: []byte(cert.Data.Body.PrivateKey)})

	if caName == "" {
	} else {
	}

	logger.Infof("Export to '%s'", exportFile)
	Export(files, exportFile)

	return nil
}
예제 #23
0
파일: node.go 프로젝트: pki-io/controller
func (cont *NodeController) ProcessNextCert() error {
	logger.Debug("processing next certificate")

	logger.Debug("getting next incoming certificate JSON")
	certContainerJson, err := cont.env.api.PopIncoming(cont.node.Data.Body.Id, "certs")
	if err != nil {
		return err
	}

	logger.Debug("creating certificate container from JSON")
	certContainer, err := document.NewContainer(certContainerJson)
	if err != nil {
		return err
	}

	logger.Debug("verifying container is signed by org")
	if err := cont.env.controllers.org.org.Verify(certContainer); err != nil {
		return err
	}

	logger.Debug("creating new certificate struct")
	cert, err := x509.NewCertificate(certContainer.Data.Body)
	if err != nil {
		return err
	}

	logger.Debugf("getting matching CSR for id '%s'", cert.Data.Body.Id)
	csrContainerJson, err := cont.env.api.GetPrivate(cont.node.Data.Body.Id, cert.Data.Body.Id)
	if err != nil {
		return err
	}

	logger.Debug("creating CSR container")
	csrContainer, err := document.NewContainer(csrContainerJson)
	if err != nil {
		return err
	}

	logger.Debug("verifying and decryping CSR container")
	csrJson, err := cont.node.VerifyThenDecrypt(csrContainer)
	if err != nil {
		return err
	}

	logger.Debug("creating CSR struct from JSON")
	csr, err := x509.NewCSR(csrJson)
	if err != nil {
		return err
	}

	logger.Debug("setting new ID for certificate")
	cert.Data.Body.Id = x509.NewID()

	logger.Debug("setting certificate private key from CSR")
	cert.Data.Body.PrivateKey = csr.Data.Body.PrivateKey

	logger.Debug("encrypting and signing certificate for node")
	updatedCertContainer, err := cont.node.EncryptThenSignString(cert.Dump(), nil)
	if err != nil {
		return err
	}

	logger.Debug("saving encrypted certificate for node")
	if err := cont.env.api.SendPrivate(cont.node.Data.Body.Id, cert.Data.Body.Id, updatedCertContainer.Dump()); err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
예제 #24
0
파일: admin.go 프로젝트: pki-io/controller
func (cont *AdminController) Complete(params *AdminParams) error {

	var err error
	logger.Tracef("received params: %s", params)

	logger.Debug("validating parameters")

	if err := cont.env.LoadLocalFs(); err != nil {
		return err
	}

	if err := cont.env.LoadHomeFs(); err != nil {
		return err
	}

	if err := cont.env.LoadAPI(); err != nil {
		return err
	}

	logger.Debug("Initializing org controller")
	if cont.env.controllers.org == nil {
		if cont.env.controllers.org, err = NewOrg(cont.env); err != nil {
			return err
		}
	}

	if err := cont.env.controllers.org.LoadConfig(); err != nil {
		return err
	}

	if err := cont.LoadConfig(); err != nil {
		return err
	}

	if err := cont.LoadAdmin(); err != nil {
		return err
	}

	orgContainerJson, err := cont.env.api.PopIncoming(cont.admin.Data.Body.Id, "invite")
	if err != nil {
		return err
	}

	orgContainer, err := document.NewContainer(orgContainerJson)
	if err != nil {
		return err
	}

	orgJson, err := cont.admin.VerifyAuthenticationThenDecrypt(orgContainer, *params.InviteKey)
	if err != nil {
		return err
	}

	org, err := entity.New(orgJson)
	if err != nil {
		return err
	}

	logger.Debug("Saving public org to home")
	if err := cont.env.fs.home.Write(org.Data.Body.Id, org.DumpPublic()); err != nil {
		return err
	}

	return nil
}