示例#1
0
文件: adminApp.go 项目: jawher/admin
func (app *AdminApp) RegisterNextNode() {
	orgId := app.entities.org.Data.Body.Id

	regJson, err := app.fs.api.PopIncoming("registration")
	checkAppFatal("Can't pop registration: %s", err)

	container, err := document.NewContainer(regJson)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "registration", regJson)
		checkAppFatal("Can't load registration: %s", err)
	}
	pairingId := container.Data.Options.SignatureInputs["key-id"]
	logger.Infof("Reading pairing key: %s", pairingId)
	pairingKey := app.index.org.Data.Body.PairingKeys[pairingId]

	logger.Info("Verifying and decrypting node registration")
	nodeJson, err := app.entities.org.VerifyAuthenticationThenDecrypt(container, pairingKey.Key)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "registration", regJson)
		checkAppFatal("Couldn't verify then decrypt registration: %s", err)
	}

	node, err := node.New(nodeJson)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "registration", regJson)
		checkAppFatal("Couldn't create node from registration: %s", err)
	}

	logger.Info("Adding node to index")
	app.index.org.AddEntityTags(node.Data.Body.Id, pairingKey.Tags)
	app.index.org.AddNode(node.Data.Body.Name, node.Data.Body.Id)

	logger.Info("Encrypting and signing node for Org")
	nodeContainer, err := app.entities.org.EncryptThenSignString(node.Dump(), nil)
	if err != nil {
		app.fs.api.PushIncoming(orgId, "registration", regJson)
		checkAppFatal("Couldn't encrypt then sign node: %s", err)
	}

	if err := app.fs.api.SendPrivate(orgId, node.Data.Body.Id, nodeContainer.Dump()); err != nil {
		checkAppFatal("Could not save node: %s", err)
	}

	for _, tag := range pairingKey.Tags {
		logger.Infof("Looking for CAs for tag %s", tag)
		for _, caId := range app.index.org.Data.Body.Tags.CAForward[tag] {
			logger.Infof("Found CA %s", caId)
			app.SignCSRForNode(node, caId, tag)
		}
	}

}
示例#2
0
文件: org.go 项目: pki-io/controller
func (cont *OrgController) RegisterNextNode() error {
	logger.Debug("registering next node")

	org := cont.env.controllers.org.org

	logger.Debug("popping next registration from org")
	regJson, err := cont.env.api.PopIncoming(org.Id(), "registration")
	if err != nil {
		return err
	}

	logger.Debug("creating new registration container")
	container, err := document.NewContainer(regJson)
	if err != nil {
		logger.Warn("unable to create container from registration json. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	pairingId := container.Data.Options.SignatureInputs["key-id"]
	logger.Debugf("reading pairing key for '%s'", pairingId)

	index, err := cont.GetIndex()
	if err != nil {
		return err
	}

	pairingKey, ok := index.Data.Body.PairingKeys[pairingId]
	if !ok {
		logger.Warn("unable to find pairing key. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		logger.Trace("returning nil error")
		return nil
	}

	logger.Debug("verifying and decrypting node registration")
	nodeJson, err := org.VerifyAuthenticationThenDecrypt(container, pairingKey.Key)
	if err != nil {
		logger.Warn("unable to decrypt node registration. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	logger.Debug("creating new node from JSON")
	node, err := node.New(nodeJson)
	if err != nil {
		logger.Warn("unable to create node. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	index.AddEntityTags(node.Data.Body.Id, pairingKey.Tags)
	index.AddNode(node.Data.Body.Name, node.Data.Body.Id)

	logger.Debug("encrypting and signing node for org")
	nodeContainer, err := org.EncryptThenSignString(node.Dump(), nil)
	if err != nil {
		logger.Warn("unable to encrypt node for org. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	logger.Debug("sending node to org")
	if err := cont.env.api.SendPrivate(org.Id(), node.Data.Body.Id, nodeContainer.Dump()); err != nil {
		logger.Warn("Unable to send node to org. Pushing back to incoming registration queue")
		cont.env.api.PushIncoming(org.Id(), "registration", regJson)
		return err
	}

	for _, tag := range pairingKey.Tags {
		logger.Debugf("looking for CAs for tag '%s'", tag)
		for _, caId := range index.Data.Body.Tags.CAForward[tag] {
			logger.Debugf("found CA '%s'", caId)
			if err := cont.SignCSR(node, caId, tag); err != nil {
				return err
			}
		}
	}

	if err := cont.SaveIndex(index); err != nil {
		return err
	}

	logger.Trace("returning nil error")
	return nil
}