Пример #1
0
func (cont *CSRController) Update(params *CSRParams) error {
	logger.Debug("updating CSR")
	logger.Tracef("received params: %s", params)

	if err := params.ValidateName(true); err != nil {
		return err
	}

	if err := cont.env.LoadAdminEnv(); err != nil {
		return err
	}

	index, err := cont.env.controllers.org.GetIndex()
	if err != nil {
		return err
	}

	csrId, err := index.GetCSR(*params.Name)
	if err != nil {
		return err
	}

	csr, err := cont.GetCSR(csrId)
	if err != nil {
		return err
	}

	if *params.CsrFile != "" {
		ok, err := fs.Exists(*params.CsrFile)
		if err != nil {
			return err
		}
		if !ok {
			logger.Warnf("CSR file '%s' does not exist", *params.CsrFile)
			return nil
		}

		logger.Debugf("reading CSR file '%s'", *params.CsrFile)

		csrPem, err := fs.ReadFile(*params.CsrFile)
		if err != nil {
			return err
		}

		// TODO - better validation of pem
		logger.Debug("decoding CSR file PEM")
		_, err = x509.PemDecodeX509CSR([]byte(csrPem))
		if err != nil {
			return err
		}

		csr.Data.Body.CSR = csrPem
	}

	if *params.KeyFile != "" {
		ok, err := fs.Exists(*params.KeyFile)
		if err != nil {
			return err
		}
		if !ok {
			logger.Warnf("key file '%s' does not exist", *params.KeyFile)
			return nil
		}

		logger.Debugf("reading key file '%s'", *params.KeyFile)

		keyPem, err := fs.ReadFile(*params.KeyFile)
		if err != nil {
			return err
		}

		logger.Debug("decoding key file PEM")
		key, err := crypto.PemDecodePrivate([]byte(keyPem))
		if err != nil {
			return err
		}

		keyType, err := crypto.GetKeyType(key)
		if err != nil {
			return err
		}

		csr.Data.Body.KeyType = string(keyType)
		csr.Data.Body.PrivateKey = keyPem
	}

	if *params.Tags != "" {
		cont.ResetCSRTags(csrId, *params.Tags)
	}

	err = cont.SaveCSR(csr)
	if err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}
Пример #2
0
func (cont *CSRController) New(params *CSRParams) (*x509.CSR, error) {
	logger.Debug("creating new CSR")
	logger.Tracef("received params: %s", params)

	if err := params.ValidateName(true); err != nil {
		return nil, err
	}

	if err := cont.env.LoadAdminEnv(); err != nil {
		return nil, err
	}

	// TODO - This should really be in a CSR function
	subject := pkix.Name{CommonName: *params.Name}

	if *params.DnLocality != "" {
		subject.Locality = []string{*params.DnLocality}
	}
	if *params.DnState != "" {
		subject.Province = []string{*params.DnState}
	}
	if *params.DnOrg != "" {
		subject.Organization = []string{*params.DnOrg}
	}
	if *params.DnOrgUnit != "" {
		subject.OrganizationalUnit = []string{*params.DnOrgUnit}
	}
	if *params.DnCountry != "" {
		subject.Country = []string{*params.DnCountry}
	}
	if *params.DnStreet != "" {
		subject.StreetAddress = []string{*params.DnStreet}
	}
	if *params.DnPostal != "" {
		subject.PostalCode = []string{*params.DnPostal}
	}

	logger.Debug("creating CSR struct")
	csr, err := x509.NewCSR(nil)
	if err != nil {
		return nil, err
	}

	csr.Data.Body.Id = x509.NewID()
	csr.Data.Body.Name = *params.Name

	if *params.CsrFile == "" && *params.KeyFile == "" {
		csr.Data.Body.KeyType = *params.KeyType
		logger.Debug("generating CSR and key")
		csr.Generate(&subject)
	} else {
		if *params.CsrFile == "" {
			return nil, fmt.Errorf("CSR PEM file must be provided if importing")
		}

		logger.Debugf("importing CSR from '%s'", *params.CsrFile)
		ok, err := fs.Exists(*params.CsrFile)
		if err != nil {
			return nil, err
		}

		if !ok {
			logger.Warnf("CSR file '%s' does not exist", *params.CsrFile)
			logger.Tracef("returning nil error")
			return nil, nil
		}

		logger.Debug("reading file")
		csrPem, err := fs.ReadFile(*params.CsrFile)
		if err != nil {
			return nil, err
		}

		logger.Debug("decoding CSR PEM")
		_, err = x509.PemDecodeX509CSR([]byte(csrPem))
		if err != nil {
			return nil, err
		}

		csr.Data.Body.CSR = csrPem

		if *params.KeyFile != "" {
			logger.Debugf("importing private key file from '%s'", *params.KeyFile)
			ok, err := fs.Exists(*params.KeyFile)
			if err != nil {
				return nil, err
			}

			if !ok {
				logger.Warnf("key file '%s' does not exist", *params.KeyFile)
				logger.Trace("returning nil error")
				return nil, nil
			}

			logger.Debugf("reading key file")
			keyPem, err := fs.ReadFile(*params.KeyFile)
			if err != nil {
				return nil, err
			}

			logger.Debug("decoding private key PEM")
			key, err := crypto.PemDecodePrivate([]byte(keyPem))
			if err != nil {
				return nil, err
			}

			keyType, err := crypto.GetKeyType(key)
			if err != nil {
				return nil, err
			}

			csr.Data.Body.KeyType = string(keyType)
			csr.Data.Body.PrivateKey = keyPem
		}
	}

	if *params.StandaloneFile == "" {
		err = cont.SaveCSR(csr)
		if err != nil {
			return nil, err
		}

		var tags string
		if *params.Tags == "NAME" {
			tags = *params.Name
		} else {
			tags = *params.Tags
		}

		err = cont.AddCSRToOrgIndex(csr, tags)
		if err != nil {
			return nil, err
		}
	}

	return csr, nil
}