func (cont *CSRController) Update(params *CSRParams) error {
logger.Debug("updating CSR")
logger.Tracef("received params: %s", params)
if err := params.ValidateName(true); err != nil {
return err
}
if err := cont.env.LoadAdminEnv(); err != nil {
return err
}
index, err := cont.env.controllers.org.GetIndex()
if err != nil {
return err
}
csrId, err := index.GetCSR(*params.Name)
if err != nil {
return err
}
csr, err := cont.GetCSR(csrId)
if err != nil {
return err
}
if *params.CsrFile != "" {
ok, err := fs.Exists(*params.CsrFile)
if err != nil {
return err
}
if !ok {
logger.Warnf("CSR file '%s' does not exist", *params.CsrFile)
return nil
}
logger.Debugf("reading CSR file '%s'", *params.CsrFile)
csrPem, err := fs.ReadFile(*params.CsrFile)
if err != nil {
return err
}
// TODO - better validation of pem
logger.Debug("decoding CSR file PEM")
_, err = x509.PemDecodeX509CSR([]byte(csrPem))
if err != nil {
return err
}
csr.Data.Body.CSR = csrPem
}
if *params.KeyFile != "" {
ok, err := fs.Exists(*params.KeyFile)
if err != nil {
return err
}
if !ok {
logger.Warnf("key file '%s' does not exist", *params.KeyFile)
return nil
}
logger.Debugf("reading key file '%s'", *params.KeyFile)
keyPem, err := fs.ReadFile(*params.KeyFile)
if err != nil {
return err
}
logger.Debug("decoding key file PEM")
key, err := crypto.PemDecodePrivate([]byte(keyPem))
if err != nil {
return err
}
keyType, err := crypto.GetKeyType(key)
if err != nil {
return err
}
csr.Data.Body.KeyType = string(keyType)
csr.Data.Body.PrivateKey = keyPem
}
if *params.Tags != "" {
cont.ResetCSRTags(csrId, *params.Tags)
}
err = cont.SaveCSR(csr)
if err != nil {
return err
}
logger.Trace("returning nil error")
return nil
}
func (cont *CSRController) New(params *CSRParams) (*x509.CSR, error) {
logger.Debug("creating new CSR")
logger.Tracef("received params: %s", params)
if err := params.ValidateName(true); err != nil {
return nil, err
}
if err := cont.env.LoadAdminEnv(); err != nil {
return nil, err
}
// TODO - This should really be in a CSR function
subject := pkix.Name{CommonName: *params.Name}
if *params.DnLocality != "" {
subject.Locality = []string{*params.DnLocality}
}
if *params.DnState != "" {
subject.Province = []string{*params.DnState}
}
if *params.DnOrg != "" {
subject.Organization = []string{*params.DnOrg}
}
if *params.DnOrgUnit != "" {
subject.OrganizationalUnit = []string{*params.DnOrgUnit}
}
if *params.DnCountry != "" {
subject.Country = []string{*params.DnCountry}
}
if *params.DnStreet != "" {
subject.StreetAddress = []string{*params.DnStreet}
}
if *params.DnPostal != "" {
subject.PostalCode = []string{*params.DnPostal}
}
logger.Debug("creating CSR struct")
csr, err := x509.NewCSR(nil)
if err != nil {
return nil, err
}
csr.Data.Body.Id = x509.NewID()
csr.Data.Body.Name = *params.Name
if *params.CsrFile == "" && *params.KeyFile == "" {
csr.Data.Body.KeyType = *params.KeyType
logger.Debug("generating CSR and key")
csr.Generate(&subject)
} else {
if *params.CsrFile == "" {
return nil, fmt.Errorf("CSR PEM file must be provided if importing")
}
logger.Debugf("importing CSR from '%s'", *params.CsrFile)
ok, err := fs.Exists(*params.CsrFile)
if err != nil {
return nil, err
}
if !ok {
logger.Warnf("CSR file '%s' does not exist", *params.CsrFile)
logger.Tracef("returning nil error")
return nil, nil
}
logger.Debug("reading file")
csrPem, err := fs.ReadFile(*params.CsrFile)
if err != nil {
return nil, err
}
logger.Debug("decoding CSR PEM")
_, err = x509.PemDecodeX509CSR([]byte(csrPem))
if err != nil {
return nil, err
}
csr.Data.Body.CSR = csrPem
if *params.KeyFile != "" {
logger.Debugf("importing private key file from '%s'", *params.KeyFile)
ok, err := fs.Exists(*params.KeyFile)
if err != nil {
return nil, err
}
if !ok {
logger.Warnf("key file '%s' does not exist", *params.KeyFile)
logger.Trace("returning nil error")
return nil, nil
}
logger.Debugf("reading key file")
keyPem, err := fs.ReadFile(*params.KeyFile)
if err != nil {
return nil, err
}
logger.Debug("decoding private key PEM")
key, err := crypto.PemDecodePrivate([]byte(keyPem))
if err != nil {
return nil, err
}
keyType, err := crypto.GetKeyType(key)
if err != nil {
return nil, err
}
csr.Data.Body.KeyType = string(keyType)
csr.Data.Body.PrivateKey = keyPem
}
}
if *params.StandaloneFile == "" {
err = cont.SaveCSR(csr)
if err != nil {
return nil, err
}
var tags string
if *params.Tags == "NAME" {
tags = *params.Name
} else {
tags = *params.Tags
}
err = cont.AddCSRToOrgIndex(csr, tags)
if err != nil {
return nil, err
}
}
return csr, nil
}