Пример #1
0
func (cont *PairingKeyController) GeneratePairingKey() (string, string) {
	logger.Debug("generating pairing key")
	id := x509.NewID()
	key := x509.NewID()

	logger.Trace("returning pairing key")
	return id, key
}
Пример #2
0
func (cont *AdminController) InviteEnv(params *AdminParams) ([2]string, error) {

	logger.Debug("Creating new admin key")
	id := x509.NewID()
	key := x509.NewID()

	logger.Debug("Saving key to index")
	index, err := cont.env.controllers.org.GetIndex()
	if err != nil {
		return [2]string{}, err
	}

	index.AddInviteKey(id, key, *params.Name)

	if err := cont.env.controllers.org.SaveIndex(index); err != nil {
		return [2]string{}, err
	}

	return [2]string{id, key}, nil
}
Пример #3
0
func (cont *OrgController) CreateIndex() (*index.OrgIndex, error) {
	logger.Debug("creating new org index")

	index, err := index.NewOrg(nil)
	if err != nil {
		return nil, err
	}

	index.Data.Body.Id = x509.NewID()
	index.Data.Body.ParentId = cont.org.Id()

	logger.Trace("returning index")
	return index, nil
}
Пример #4
0
func (cont *NodeController) CreateIndex() (*index.NodeIndex, error) {
	logger.Debug("creating node index")

	index, err := index.NewNode(nil)
	if err != nil {
		return nil, err
	}

	index.Data.Body.Id = x509.NewID()
	logger.Debugf("created index with id '%s'", index.Id())

	logger.Trace("returning index")
	return index, nil
}
Пример #5
0
func (cont *NodeController) CreateNode(name string) (*node.Node, error) {
	node, err := node.New(nil)
	if err != nil {
		return nil, err
	}

	node.Data.Body.Name = name
	node.Data.Body.Id = x509.NewID()

	logger.Debug("Generating node keys")
	if err := node.GenerateKeys(); err != nil {
		return nil, err
	}

	return node, nil
}
Пример #6
0
func (cont *NodeController) NewCSR() error {
	logger.Debug("creating new CSR")

	csr, err := x509.NewCSR(nil)
	if err != nil {
		return err
	}

	csr.Data.Body.Id = x509.NewID()
	csr.Data.Body.Name = cont.node.Data.Body.Name
	subject := pkix.Name{CommonName: csr.Data.Body.Name}
	csr.Generate(&subject)

	logger.Debug("creating encrypted CSR container")
	csrContainer, err := cont.node.EncryptThenSignString(csr.Dump(), nil)
	if err != nil {
		return err
	}

	logger.Debug("saving node CSR")
	if err := cont.env.api.SendPrivate(cont.node.Data.Body.Id, csr.Data.Body.Id, csrContainer.Dump()); err != nil {
		return err
	}

	logger.Debug("getting public CSR")
	csrPublic, err := csr.Public()
	if err != nil {
		return err
	}

	logger.Debug("signing public CSR as node")
	csrPublicContainer, err := cont.node.SignString(csrPublic.Dump())
	if err != nil {
		return err
	}

	logger.Debug("putting public CSR in outgoing queue")
	if err := cont.env.api.PushOutgoing(cont.node.Data.Body.Id, "csrs", csrPublicContainer.Dump()); err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
Пример #7
0
func (cont *OrgController) CreateOrg(name string) error {
	logger.Debug("creating org")

	var err error
	cont.org, err = entity.New(nil)
	if err != nil {
		return err
	}

	cont.org.Data.Body.Id = x509.NewID()
	cont.org.Data.Body.Name = name

	logger.Debug("generating keys")
	if err := cont.org.GenerateKeys(); err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
Пример #8
0
func (cont *AdminController) CreateAdmin(name string) error {
	logger.Debug("creating new admin")
	var err error

	// TODO validate name

	logger.Debug("creating new entity")
	cont.admin, err = entity.New(nil)
	if err != nil {
		return err
	}

	cont.admin.Data.Body.Id = x509.NewID()
	cont.admin.Data.Body.Name = name

	logger.Debug("generating keys")
	err = cont.admin.GenerateKeys()
	if err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
Пример #9
0
func (cont *NodeController) ProcessNextCert() error {
	logger.Debug("processing next certificate")

	logger.Debug("getting next incoming certificate JSON")
	certContainerJson, err := cont.env.api.PopIncoming(cont.node.Data.Body.Id, "certs")
	if err != nil {
		return err
	}

	logger.Debug("creating certificate container from JSON")
	certContainer, err := document.NewContainer(certContainerJson)
	if err != nil {
		return err
	}

	logger.Debug("verifying container is signed by org")
	if err := cont.env.controllers.org.org.Verify(certContainer); err != nil {
		return err
	}

	logger.Debug("creating new certificate struct")
	cert, err := x509.NewCertificate(certContainer.Data.Body)
	if err != nil {
		return err
	}

	logger.Debugf("getting matching CSR for id '%s'", cert.Data.Body.Id)
	csrContainerJson, err := cont.env.api.GetPrivate(cont.node.Data.Body.Id, cert.Data.Body.Id)
	if err != nil {
		return err
	}

	logger.Debug("creating CSR container")
	csrContainer, err := document.NewContainer(csrContainerJson)
	if err != nil {
		return err
	}

	logger.Debug("verifying and decryping CSR container")
	csrJson, err := cont.node.VerifyThenDecrypt(csrContainer)
	if err != nil {
		return err
	}

	logger.Debug("creating CSR struct from JSON")
	csr, err := x509.NewCSR(csrJson)
	if err != nil {
		return err
	}

	logger.Debug("setting new ID for certificate")
	cert.Data.Body.Id = x509.NewID()

	logger.Debug("setting certificate private key from CSR")
	cert.Data.Body.PrivateKey = csr.Data.Body.PrivateKey

	logger.Debug("encrypting and signing certificate for node")
	updatedCertContainer, err := cont.node.EncryptThenSignString(cert.Dump(), nil)
	if err != nil {
		return err
	}

	logger.Debug("saving encrypted certificate for node")
	if err := cont.env.api.SendPrivate(cont.node.Data.Body.Id, cert.Data.Body.Id, updatedCertContainer.Dump()); err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
Пример #10
0
func (cont *AdminController) New(params *AdminParams) error {
	logger.Tracef("received params: %s", params)

	var err error

	logger.Debug("Validating parameters")

	if err := params.ValidateName(true); err != nil {
		return err
	}

	logger.Debug("Loading local filesystem")
	if err := cont.env.LoadLocalFs(); err != nil {
		return err
	}

	logger.Debug("Loading home filesystem")
	if err := cont.env.LoadHomeFs(); err != nil {
		return err
	}

	logger.Debug("Loading API")
	if err := cont.env.LoadAPI(); err != nil {
		return err
	}

	logger.Debug("Initializing org controller")
	if cont.env.controllers.org == nil {
		if cont.env.controllers.org, err = NewOrg(cont.env); err != nil {
			return err
		}
	}

	logger.Debug("Loading org config")
	if err := cont.env.controllers.org.LoadConfig(); err != nil {
		return err
	}

	logger.Debug("Creating admin entity")
	cont.admin, err = entity.New(nil)
	if err != nil {
		return nil
	}

	cont.admin.Data.Body.Id = x509.NewID()
	cont.admin.Data.Body.Name = *params.Name

	logger.Debug("Generating admin keys")
	if err := cont.admin.GenerateKeys(); err != nil {
		return err
	}

	if err := cont.SaveAdmin(); err != nil {
		return nil
	}

	if err := cont.LoadConfig(); err != nil {
		return err
	}

	orgId := cont.env.controllers.org.config.Data.Id
	orgName := cont.env.controllers.org.config.Data.Name

	if err := cont.config.AddOrg(orgName, orgId, cont.admin.Id()); err != nil {
		return err
	}

	if err := cont.SaveConfig(); err != nil {
		return err
	}

	if err := cont.SecureSendPublicToOrg(*params.InviteId, *params.InviteKey); err != nil {
		return err
	}

	return nil
}
Пример #11
0
func (cont *CSRController) Sign(params *CSRParams) (*x509.Certificate, error) {
	logger.Debug("signing CSR")
	logger.Tracef("received params: %s", params)

	if err := params.ValidateName(true); err != nil {
		return nil, err
	}

	if err := cont.env.LoadAdminEnv(); err != nil {
		return nil, err
	}

	index, err := cont.env.controllers.org.GetIndex()
	if err != nil {
		return nil, err
	}

	csrId, err := index.GetCSR(*params.Name)
	if err != nil {
		return nil, err
	}

	csr, err := cont.GetCSR(csrId)
	if err != nil {
		return nil, err
	}

	caId, err := index.GetCA(*params.Ca)
	if err != nil {
		return nil, err
	}

	caCont, err := NewCA(cont.env)
	if err != nil {
		return nil, err
	}

	ca, err := caCont.GetCA(caId)
	if err != nil {
		return nil, err
	}

	logger.Debug("signing CSR")
	cert, err := ca.Sign(csr, *params.KeepSubject)

	logger.Debug("setting certificate ID")
	cert.Data.Body.Id = x509.NewID()

	org := cont.env.controllers.org.org
	logger.Debug("encrypting certificate container for org")
	certContainer, err := org.EncryptThenSignString(cert.Dump(), nil)
	if err != nil {
		return nil, err
	}

	logger.Debug("sending encrypted container to org")
	if err := cont.env.api.SendPrivate(org.Data.Body.Id, cert.Data.Body.Id, certContainer.Dump()); err != nil {
		return nil, err
	}

	index.AddCert(cert.Data.Body.Name, cert.Data.Body.Id)
	index.AddCertTags(cert.Data.Body.Id, ParseTags(*params.Tags))

	if err := cont.env.controllers.org.SaveIndex(index); err != nil {
		return nil, err
	}

	logger.Debug("return certificate")
	return cert, nil
}
Пример #12
0
func (cont *CSRController) New(params *CSRParams) (*x509.CSR, error) {
	logger.Debug("creating new CSR")
	logger.Tracef("received params: %s", params)

	if err := params.ValidateName(true); err != nil {
		return nil, err
	}

	if err := cont.env.LoadAdminEnv(); err != nil {
		return nil, err
	}

	// TODO - This should really be in a CSR function
	subject := pkix.Name{CommonName: *params.Name}

	if *params.DnLocality != "" {
		subject.Locality = []string{*params.DnLocality}
	}
	if *params.DnState != "" {
		subject.Province = []string{*params.DnState}
	}
	if *params.DnOrg != "" {
		subject.Organization = []string{*params.DnOrg}
	}
	if *params.DnOrgUnit != "" {
		subject.OrganizationalUnit = []string{*params.DnOrgUnit}
	}
	if *params.DnCountry != "" {
		subject.Country = []string{*params.DnCountry}
	}
	if *params.DnStreet != "" {
		subject.StreetAddress = []string{*params.DnStreet}
	}
	if *params.DnPostal != "" {
		subject.PostalCode = []string{*params.DnPostal}
	}

	logger.Debug("creating CSR struct")
	csr, err := x509.NewCSR(nil)
	if err != nil {
		return nil, err
	}

	csr.Data.Body.Id = x509.NewID()
	csr.Data.Body.Name = *params.Name

	if *params.CsrFile == "" && *params.KeyFile == "" {
		csr.Data.Body.KeyType = *params.KeyType
		logger.Debug("generating CSR and key")
		csr.Generate(&subject)
	} else {
		if *params.CsrFile == "" {
			return nil, fmt.Errorf("CSR PEM file must be provided if importing")
		}

		logger.Debugf("importing CSR from '%s'", *params.CsrFile)
		ok, err := fs.Exists(*params.CsrFile)
		if err != nil {
			return nil, err
		}

		if !ok {
			logger.Warnf("CSR file '%s' does not exist", *params.CsrFile)
			logger.Tracef("returning nil error")
			return nil, nil
		}

		logger.Debug("reading file")
		csrPem, err := fs.ReadFile(*params.CsrFile)
		if err != nil {
			return nil, err
		}

		logger.Debug("decoding CSR PEM")
		_, err = x509.PemDecodeX509CSR([]byte(csrPem))
		if err != nil {
			return nil, err
		}

		csr.Data.Body.CSR = csrPem

		if *params.KeyFile != "" {
			logger.Debugf("importing private key file from '%s'", *params.KeyFile)
			ok, err := fs.Exists(*params.KeyFile)
			if err != nil {
				return nil, err
			}

			if !ok {
				logger.Warnf("key file '%s' does not exist", *params.KeyFile)
				logger.Trace("returning nil error")
				return nil, nil
			}

			logger.Debugf("reading key file")
			keyPem, err := fs.ReadFile(*params.KeyFile)
			if err != nil {
				return nil, err
			}

			logger.Debug("decoding private key PEM")
			key, err := crypto.PemDecodePrivate([]byte(keyPem))
			if err != nil {
				return nil, err
			}

			keyType, err := crypto.GetKeyType(key)
			if err != nil {
				return nil, err
			}

			csr.Data.Body.KeyType = string(keyType)
			csr.Data.Body.PrivateKey = keyPem
		}
	}

	if *params.StandaloneFile == "" {
		err = cont.SaveCSR(csr)
		if err != nil {
			return nil, err
		}

		var tags string
		if *params.Tags == "NAME" {
			tags = *params.Name
		} else {
			tags = *params.Tags
		}

		err = cont.AddCSRToOrgIndex(csr, tags)
		if err != nil {
			return nil, err
		}
	}

	return csr, nil
}
Пример #13
0
func (cont *CertificateController) New(params *CertificateParams) (*x509.Certificate, *x509.CA, error) {
	logger.Debug("creating new certificate")
	logger.Tracef("received params: %s", params)

	if err := params.ValidateName(true); err != nil {
		return nil, nil, err
	}

	if err := cont.env.LoadAdminEnv(); err != nil {
		return nil, nil, err
	}

	// TODO - This should really be in a certificate function
	subject := pkix.Name{CommonName: *params.Name}

	if *params.DnLocality != "" {
		subject.Locality = []string{*params.DnLocality}
	}
	if *params.DnState != "" {
		subject.Province = []string{*params.DnState}
	}
	if *params.DnOrg != "" {
		subject.Organization = []string{*params.DnOrg}
	}
	if *params.DnOrgUnit != "" {
		subject.OrganizationalUnit = []string{*params.DnOrgUnit}
	}
	if *params.DnCountry != "" {
		subject.Country = []string{*params.DnCountry}
	}
	if *params.DnStreet != "" {
		subject.StreetAddress = []string{*params.DnStreet}
	}
	if *params.DnPostal != "" {
		subject.PostalCode = []string{*params.DnPostal}
	}

	logger.Debug("creating certificate struct")
	cert, err := x509.NewCertificate(nil)
	if err != nil {
		return nil, nil, err
	}

	cert.Data.Body.Name = *params.Name
	cert.Data.Body.Expiry = *params.Expiry

	var ca *x509.CA

	if *params.CertFile == "" && *params.KeyFile == "" {
		cert.Data.Body.KeyType = *params.KeyType
		logger.Debug("generating certificate and key")
		if *params.Ca == "" {
			if err := cert.Generate(nil, &subject); err != nil {
				return nil, nil, err
			}
		} else {
			index, err := cont.env.controllers.org.GetIndex()
			if err != nil {
				return nil, nil, err
			}

			caId, err := index.GetCA(*params.Ca)
			if err != nil {
				return nil, nil, err
			}

			ca, err = cont.GetCA(caId)
			if err != nil {
				return nil, nil, err
			}

			logger.Debugf("generating certificate and signing with CA '%s'", caId)
			if err := cert.Generate(ca, &subject); err != nil {
				return nil, nil, err
			}
		}
	} else {
		if *params.CertFile == "" {
			return nil, nil, fmt.Errorf("certificate PEM file must be provided if importing")
		}

		logger.Debugf("importing certificate from '%s'", *params.CertFile)
		ok, err := fs.Exists(*params.CertFile)
		if err != nil {
			return nil, nil, err
		}

		if !ok {
			logger.Warnf("certificate file '%s' does not exist", *params.CertFile)
			return nil, nil, nil
		}

		logger.Debug("reading certificate from file")
		certPem, err := fs.ReadFile(*params.CertFile)
		if err != nil {
			return nil, nil, err
		}

		logger.Debug("decoding certificate PEM")
		importCert, err := x509.PemDecodeX509Certificate([]byte(certPem))
		if err != nil {
			return nil, nil, err
		}

		cert.Data.Body.Id = x509.NewID()
		cert.Data.Body.Certificate = certPem
		certExpiry := int(importCert.NotAfter.Sub(importCert.NotBefore) / (time.Hour * 24))
		cert.Data.Body.Expiry = certExpiry

		if *params.KeyFile != "" {
			logger.Debugf("importing certificate privte key from '%s'", *params.KeyFile)
			ok, err := fs.Exists(*params.KeyFile)
			if err != nil {
				return nil, nil, err
			}

			if !ok {
				logger.Warnf("key file '%s' does not exist", *params.KeyFile)
				return nil, nil, nil
			}

			logger.Debug("reading private key file")
			keyPem, err := fs.ReadFile(*params.KeyFile)
			if err != nil {
				return nil, nil, err
			}

			logger.Debug("decoding private key PEM")
			key, err := crypto.PemDecodePrivate([]byte(keyPem))
			if err != nil {
				return nil, nil, err
			}

			logger.Debug("getting key type")
			keyType, err := crypto.GetKeyType(key)
			if err != nil {
				return nil, nil, err
			}

			cert.Data.Body.KeyType = string(keyType)
			cert.Data.Body.PrivateKey = keyPem
		}
	}

	if *params.StandaloneFile == "" {
		err = cont.SaveCert(cert)
		if err != nil {
			return nil, nil, err
		}

		var tags string
		if *params.Tags == "NAME" {
			tags = *params.Name
		} else {
			tags = *params.Tags
		}

		err = cont.AddCertToOrgIndex(cert, tags)
		if err != nil {
			return nil, nil, err
		}
	}

	logger.Trace("returning certificate")
	return cert, ca, nil
}
Пример #14
0
func (cont *CAController) New(params *CAParams) (*x509.CA, error) {
	logger.Debug("creating new CA")
	logger.Trace("received params [NOT LOGGED]")

	if err := params.ValidateName(true); err != nil {
		return nil, err
	}

	if err := params.ValidateCAExpiry(true); err != nil {
		return nil, err
	}

	if err := params.ValidateCertExpiry(true); err != nil {
		return nil, err
	}

	if err := params.ValidateKeyType(true); err != nil {
		return nil, err
	}

	if err := cont.env.LoadAdminEnv(); err != nil {
		return nil, err
	}

	logger.Debug("creating CA struct")
	ca, err := x509.NewCA(nil)
	if err != nil {
		return nil, err
	}

	ca.Data.Body.Name = *params.Name
	ca.Data.Body.CAExpiry = *params.CaExpiry
	ca.Data.Body.CertExpiry = *params.CertExpiry
	ca.Data.Body.KeyType = *params.KeyType
	ca.Data.Body.DNScope.Locality = *params.DnLocality
	ca.Data.Body.DNScope.Province = *params.DnState
	ca.Data.Body.DNScope.Organization = *params.DnOrg
	ca.Data.Body.DNScope.OrganizationalUnit = *params.DnOrgUnit
	ca.Data.Body.DNScope.Country = *params.DnCountry
	ca.Data.Body.DNScope.StreetAddress = *params.DnStreet
	ca.Data.Body.DNScope.PostalCode = *params.DnPostal

	if *params.CertFile == "" && *params.KeyFile == "" {
		logger.Debug("generating keys")
		ca.GenerateRoot()
	} else {
		if *params.CertFile == "" {
			return nil, fmt.Errorf("certificate PEM file must be provided if importing")
		}

		ok, err := fs.Exists(*params.CertFile)
		if err != nil {
			return nil, err
		}

		if !ok {
			logger.Warnf("certificate file '%s' does not exist", *params.CertFile)
			return nil, nil
		}

		logger.Debugf("reading certificate PEM file '%s", *params.CertFile)
		certPem, err := fs.ReadFile(*params.CertFile)
		if err != nil {
			return nil, err
		}

		logger.Debug("decoding certificate PEM")
		cert, err := x509.PemDecodeX509Certificate([]byte(certPem))
		if err != nil {
			return nil, err
		}

		ca.Data.Body.Id = x509.NewID()
		ca.Data.Body.Certificate = certPem
		ca.Data.Body.CertExpiry = *params.CertExpiry
		caExpiry := int(cert.NotAfter.Sub(cert.NotBefore) / (time.Hour * 24))
		ca.Data.Body.CAExpiry = caExpiry

		if *params.KeyFile != "" {
			ok, err = fs.Exists(*params.KeyFile)
			if err != nil {
				return nil, err
			}

			if !ok {
				logger.Warnf("key file '%s' does not exist", *params.KeyFile)
				return nil, nil
			}

			logger.Debugf("reading private key PEM file '%s'", *params.KeyFile)
			keyPem, err := fs.ReadFile(*params.KeyFile)
			if err != nil {
				return nil, err
			}

			logger.Debug("decoding private key")
			key, err := crypto.PemDecodePrivate([]byte(keyPem))
			if err != nil {
				return nil, err
			}

			logger.Debug("getting key type")
			keyType, err := crypto.GetKeyType(key)
			if err != nil {
				return nil, err
			}

			ca.Data.Body.KeyType = string(keyType)
			ca.Data.Body.PrivateKey = keyPem
		}
	}

	err = cont.SaveCA(ca)
	if err != nil {
		return nil, err
	}

	err = cont.AddCAToOrgIndex(ca, *params.Tags)
	if err != nil {
		return nil, err
	}

	logger.Trace("returning CA")
	return ca, nil
}