ziggi/certmanager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

certmanager updates

Browse Source
This commit is contained in:
Олег Бородин
2024-08-10 10:19:56 +02:00
parent a21b4e2db9
commit 1cdbd2b034
29 changed files with 2341 additions and 1088 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/config/path.go
View File

@@ -1,8 +1,8 @@
package config
const (
confdirPath = "/home/ziggi/Projects/certman/etc/certmanager"
rundirPath = "/home/ziggi/Projects/certman/tmp/run"
logdirPath = "/home/ziggi/Projects/certman/tmp/log"
datadirPath = "/home/ziggi/Projects/certman/tmp/data"
confdirPath = "/usr/local/etc/certmanager"
rundirPath = "/var/run/certmanager"
logdirPath = "/var/log/certmanager"
datadirPath = "/var/data/certmanager"
)

100
internal/database/account.go Normal file
View File

@@ -0,0 +1,100 @@
package database
import (
"context"
"certmanager/internal/descriptor"
_ "github.com/mattn/go-sqlite3"
)
func (db *Database) InsertAccount(ctx context.Context, account *descriptor.Account) error {
var err error
request := `INSERT INTO account(id, username, password, disabled, created_at, updated_at)
VALUES ($1, $2, $3, $4, $5, $6)`
_, err = db.db.Exec(request, account.ID, account.Username, account.Password,
account.Disabled, account.CreatedAt, account.UpdatedAt)
if err != nil {
return err
}
return err
}
func (db *Database) UpdateAccountByID(ctx context.Context, accountID int64, account *descriptor.Account) error {
var err error
request := `UPDATE account SET username = $1, password = $2, disabled = $3, updated_at = $4 WHERE id = $6`
_, err = db.db.Exec(request, account.Username, account.Password, account.Disabled, account.UpdatedAt, accountID)
if err != nil {
return err
}
return err
}
func (db *Database) ListAccounts(ctx context.Context) ([]descriptor.Account, error) {
var err error
request := `SELECT id, username, disabled, created_at, updated_at FROM account`
res := make([]descriptor.Account, 0)
err = db.db.Select(&res, request)
if err != nil {
return res, err
}
return res, err
}
func (db *Database) GetAccountByID(ctx context.Context, accountID int64) (bool, *descriptor.Account, error) {
var err error
var res *descriptor.Account
var exists bool
request := `SELECT id, username, password, disabled, created_at, updated_at
FROM account WHERE id = $1 LiMIT 1`
dbRes := make([]descriptor.Account, 0)
err = db.db.Select(&dbRes, request, accountID)
if err != nil {
return exists, res, err
}
if len(dbRes) == 0 {
return exists, res, err
}
exists = true
res = &dbRes[0]
return exists, res, err
}
func (db *Database) GetAccountByUsername(ctx context.Context, username string) (bool, *descriptor.Account, error) {
var err error
var res *descriptor.Account
var exists bool
request := `SELECT id, username, password, disabled, created_at, updated_at
FROM account WHERE username = $1 LIMIT 1`
dbRes := make([]descriptor.Account, 0)
err = db.db.Select(&dbRes, request, username)
if err != nil {
return exists, res, err
}
if len(dbRes) == 0 {
return false, res, err
}
exists = true
res = &dbRes[0]
return exists, res, err
}
func (db *Database) DeleteAccountByID(ctx context.Context, accountID int64) error {
var err error
request := `DELETE FROM account WHERE id = $1`
_, err = db.db.Exec(request, accountID)
if err != nil {
return err
}
return err
}
func (db *Database) DeleteAccountByUsername(ctx context.Context, username string) error {
var err error
request := `DELETE FROM account WHERE username = $1`
_, err = db.db.Exec(request, username)
if err != nil {
return err
}
return err
}

18
internal/database/database.go
View File

@@ -36,6 +36,24 @@ const schema = `
);
CREATE INDEX IF NOT EXISTS service_index
ON issuer(id, name);
DROP TABLE IF EXISTS account;
CREATE TABLE IF NOT EXISTS account (
id INT NOT NULL,
username TEXT NOT NULL,
password TEXT NOT NULL,
created_at TEXT NOT NULL,
updated_at TEXT NOT NULL,
disabled BOOL
);
DROP TABLE IF EXISTS grant;
CREATE TABLE IF NOT EXISTS grant (
id INT NOT NULL,
account_id INT NOT NULL,
operation TEXT NOT NULL,
subject_id INT NOT NULL
);
`
type Database struct {

79
internal/database/grant.go Normal file
View File

@@ -0,0 +1,79 @@
package database
import (
"context"
"certmanager/internal/descriptor"
_ "github.com/mattn/go-sqlite3"
)
//type Grant struct {
//ID int64 `json:"id" yaml:"id" db:"id"`
//AccountID int64 `json:"accountID" yaml:"accountID" db:"account_id"`
//Operation string `json:"operation" yaml:"operation" db:"operation"`
//SubjectID int64 `json:"subjectID" yaml:"subjectID" db:"subjectID"`
//}
func (db *Database) InsertGrant(ctx context.Context, grant *descriptor.Grant) error {
var err error
request := `INSERT INTO grant(id, account_id, operation, subject_id)
VALUES ($1, $2, $3, $4)`
_, err = db.db.Exec(request, grant.ID, grant.AccountID, grant.Operation,
grant.SubjectID)
if err != nil {
return err
}
return err
}
func (db *Database) ListGrantsByAccountID(ctx context.Context, accountID int64) ([]descriptor.Grant, error) {
var err error
request := `SELECT * FROM grant WHERE `
res := make([]descriptor.Grant, 0)
err = db.db.Select(&res, request, accountID)
if err != nil {
return res, err
}
return res, err
}
func (db *Database) GetGrant(ctx context.Context, accountID, subjectID int64) (bool, []*descriptor.Grant, error) {
var err error
var res []*descriptor.Grant
var exists bool
request := `SELECT id, operation, grant_id, subject_id FROM grant
WHERE account_id = $1
AND subject_id = $1`
dbRes := make([]*descriptor.Grant, 0)
err = db.db.Select(&dbRes, request, accountID, subjectID)
if err != nil {
return exists, res, err
}
if len(dbRes) == 0 {
return false, res, err
}
exists = true
res = dbRes
return exists, res, err
}
func (db *Database) DeleteGrantByAccountID(ctx context.Context, grantID int64) error {
var err error
request := `DELETE FROM grant WHERE grant_id = $1`
_, err = db.db.Exec(request, grantID)
if err != nil {
return err
}
return err
}
func (db *Database) DeleteGrantsBySubjectID(ctx context.Context, subjectID int64) error {
var err error
request := `DELETE FROM grant WHERE subject_id = $1`
_, err = db.db.Exec(request, subjectID)
if err != nil {
return err
}
return err
}

26
internal/descriptor/descriptor.go
View File

@@ -1,5 +1,15 @@
package descriptor
const (
OperationAddGrant = "addGrant"
OperationDeleteGrant = "deleteGrant"
OperationCreateIssuerPair = "createIssuerPair"
OperationRevokeIssuerPair = "revokeIssuerPair"
OperationCreateServicePair = "createSericePair"
OperationRevokeServicePair = "revokeServicePair"
OperationGetServicePair = "getServicePair"
)
type Issuer struct {
ID int64 `json:"id" yaml:"id" db:"id"`
Name string `json:"name" yaml:"name" db:"name"`
@@ -19,3 +29,19 @@ type Service struct {
Key string `json:"key" yaml:"key" db:"key"`
Revoked bool `json:"revoked" yaml:"revoked" db:"revoked"`
}
type Account struct {
ID int64 `json:"id" yaml:"id" db:"id"`
Username string `json:"username" yaml:"username" db:"username"`
Password string `json:"password" yaml:"password" db:"password"`
Disabled bool `json:"disabled" yaml:"disabled" db:"disabled"`
CreatedAt string `json:"createdAt" yaml:"createdAt" db:"created_at"`
UpdatedAt string `json:"updatedAt" yaml:"updatedAt" db:"updated_at"`
}
type Grant struct {
ID int64 `json:"id" yaml:"id" db:"id"`
AccountID int64 `json:"accountID" yaml:"accountID" db:"account_id"`
Operation string `json:"operation" yaml:"operation" db:"operation"`
SubjectID int64 `json:"subjectID" yaml:"subjectID" db:"subject_id"`
}

82
internal/grpc/handler/account.go Normal file
View File

@@ -0,0 +1,82 @@
package handler
import (
"context"
"certmanager/pkg/cmctl"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
)
func (hand *Handler) Authentificate(ctx context.Context) (int64, error) {
var err error
var userID int64
meta, _ := metadata.FromIncomingContext(ctx)
hand.log.Debugf("Reqest username: %s", meta["username"])
hand.log.Debugf("Reqest password: %s", meta["password"])
usernameArr := meta["username"]
passwordArr := meta["password"]
if len(usernameArr) == 0 || len(passwordArr) == 0 {
err := status.Errorf(codes.PermissionDenied, "Empty auth data")
return userID, err
}
username := meta["username"][0]
password := meta["password"][0]
validated, userID, err := hand.lg.ValidateAcount(ctx, username, password)
if !validated {
err := status.Errorf(codes.PermissionDenied, "Wrong auth data")
return userID, err
}
return userID, err
}
func (hand *Handler) CreateAccount(ctx context.Context, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) {
var err error
hand.log.Debugf("Handle CreateAccount call")
res := &cmctl.CreateAccountResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.CreateAccount(ctx, userID, params)
return res, err
}
func (hand *Handler) DeleteAccount(ctx context.Context, params *cmctl.DeleteAccountParams) (*cmctl.DeleteAccountResult, error) {
var err error
hand.log.Debugf("Handle DeleteAccount call")
res := &cmctl.DeleteAccountResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.DeleteAccount(ctx, userID, params)
return res, err
}
func (hand *Handler) ListAccounts(ctx context.Context, params *cmctl.ListAccountsParams) (*cmctl.ListAccountsResult, error) {
var err error
hand.log.Debugf("Handle ListAccounts call")
res := &cmctl.ListAccountsResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.ListAccounts(ctx, userID, params)
return res, err
}
func (hand *Handler) UpdateAccount(ctx context.Context, params *cmctl.UpdateAccountParams) (*cmctl.UpdateAccountResult, error) {
var err error
hand.log.Debugf("Handle UpdateAccount call")
res := &cmctl.UpdateAccountResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.UpdateAccount(ctx, userID, params)
return res, err
}

84
internal/grpc/handler/certman.go
View File

@@ -1,84 +0,0 @@
package handler
import (
"context"
"certmanager/pkg/cmctl"
)
func (hand *Handler) CreateIssuerPair(ctx context.Context, params *cmctl.CreateIssuerPairParams) (*cmctl.CreateIssuerPairResult, error) {
var err error
hand.log.Debugf("Handle CreateIssuerPair call")
res, err := hand.lg.CreateIssuerPair(ctx, params)
return res, err
}
func (hand *Handler) ImportIssuerPair(ctx context.Context, params *cmctl.ImportIssuerPairParams) (*cmctl.ImportIssuerPairResult, error) {
var err error
hand.log.Debugf("Handle ImportIssuerPair call")
res, err := hand.lg.ImportIssuerPair(ctx, params)
return res, err
}
func (hand *Handler) RevokeIssuerPair(ctx context.Context, params *cmctl.RevokeIssuerPairParams) (*cmctl.RevokeIssuerPairResult, error) {
var err error
hand.log.Debugf("Handle RevokeIssuerPair call")
res, err := hand.lg.RevokeIssuerPair(ctx, params)
return res, err
}
func (hand *Handler) UnrevokeIssuerPair(ctx context.Context, params *cmctl.UnrevokeIssuerPairParams) (*cmctl.UnrevokeIssuerPairResult, error) {
var err error
hand.log.Debugf("Handle UnrevokeIssuerPair call")
res, err := hand.lg.UnrevokeIssuerPair(ctx, params)
return res, err
}
func (hand *Handler) ListIssuerPairs(ctx context.Context, params *cmctl.ListIssuerPairsParams) (*cmctl.ListIssuerPairsResult, error) {
var err error
hand.log.Debugf("Handle ListIssuerPairs call")
res, err := hand.lg.ListIssuerPairs(ctx, params)
return res, err
}
func (hand *Handler) GetIssuerCertificate(ctx context.Context, params *cmctl.GetIssuerCertificateParams) (*cmctl.GetIssuerCertificateResult, error) {
var err error
hand.log.Debugf("Handle GetIssuerCertificate call")
res, err := hand.lg.GetIssuerCertificate(ctx, params)
return res, err
}
func (hand *Handler) CreateServicePair(ctx context.Context, params *cmctl.CreateServicePairParams) (*cmctl.CreateServicePairResult, error) {
var err error
hand.log.Debugf("Handle CreateServicePair call")
res, err := hand.lg.CreateServicePair(ctx, params)
return res, err
}
func (hand *Handler) RevokeServicePair(ctx context.Context, params *cmctl.RevokeServicePairParams) (*cmctl.RevokeServicePairResult, error) {
var err error
hand.log.Debugf("Handle RevokeServicePair call")
res, err := hand.lg.RevokeServicePair(ctx, params)
return res, err
}
func (hand *Handler) UnrevokeServicePair(ctx context.Context, params *cmctl.UnrevokeServicePairParams) (*cmctl.UnrevokeServicePairResult, error) {
var err error
hand.log.Debugf("Handle UnrevokeServicePair call")
res, err := hand.lg.UnrevokeServicePair(ctx, params)
return res, err
}
func (hand *Handler) ListServicePairs(ctx context.Context, params *cmctl.ListServicePairsParams) (*cmctl.ListServicePairsResult, error) {
var err error
hand.log.Debugf("Handle ListServicePairs call")
res, err := hand.lg.ListServicePairs(ctx, params)
return res, err
}
func (hand *Handler) GetServicePair(ctx context.Context, params *cmctl.GetServicePairParams) (*cmctl.GetServicePairResult, error) {
var err error
hand.log.Debugf("Handle GetServicePair call")
res, err := hand.lg.GetServicePair(ctx, params)
return res, err
}

79
internal/grpc/handler/issuer.go Normal file
View File

@@ -0,0 +1,79 @@
package handler
import (
"context"
"certmanager/pkg/cmctl"
)
func (hand *Handler) CreateIssuerPair(ctx context.Context, params *cmctl.CreateIssuerPairParams) (*cmctl.CreateIssuerPairResult, error) {
var err error
hand.log.Debugf("Handle CreateIssuerPair call")
res := &cmctl.CreateIssuerPairResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.CreateIssuerPair(ctx, userID, params)
return res, err
}
func (hand *Handler) ImportIssuerPair(ctx context.Context, params *cmctl.ImportIssuerPairParams) (*cmctl.ImportIssuerPairResult, error) {
var err error
hand.log.Debugf("Handle ImportIssuerPair call")
res := &cmctl.ImportIssuerPairResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.ImportIssuerPair(ctx, userID, params)
return res, err
}
func (hand *Handler) RevokeIssuerPair(ctx context.Context, params *cmctl.RevokeIssuerPairParams) (*cmctl.RevokeIssuerPairResult, error) {
var err error
hand.log.Debugf("Handle RevokeIssuerPair call")
res := &cmctl.RevokeIssuerPairResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.RevokeIssuerPair(ctx, userID, params)
return res, err
}
func (hand *Handler) UnrevokeIssuerPair(ctx context.Context, params *cmctl.UnrevokeIssuerPairParams) (*cmctl.UnrevokeIssuerPairResult, error) {
var err error
hand.log.Debugf("Handle UnrevokeIssuerPair call")
res := &cmctl.UnrevokeIssuerPairResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.UnrevokeIssuerPair(ctx, userID, params)
return res, err
}
func (hand *Handler) ListIssuerPairs(ctx context.Context, params *cmctl.ListIssuerPairsParams) (*cmctl.ListIssuerPairsResult, error) {
var err error
hand.log.Debugf("Handle ListIssuerPairs call")
res := &cmctl.ListIssuerPairsResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.ListIssuerPairs(ctx, userID, params)
return res, err
}
func (hand *Handler) GetIssuerCertificate(ctx context.Context, params *cmctl.GetIssuerCertificateParams) (*cmctl.GetIssuerCertificateResult, error) {
var err error
hand.log.Debugf("Handle GetIssuerCertificate call")
res := &cmctl.GetIssuerCertificateResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.GetIssuerCertificate(ctx, userID, params)
return res, err
}

67
internal/grpc/handler/service.go Normal file
View File

@@ -0,0 +1,67 @@
package handler
import (
"context"
"certmanager/pkg/cmctl"
)
func (hand *Handler) CreateServicePair(ctx context.Context, params *cmctl.CreateServicePairParams) (*cmctl.CreateServicePairResult, error) {
var err error
hand.log.Debugf("Handle CreateServicePair call")
res := &cmctl.CreateServicePairResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.CreateServicePair(ctx, userID, params)
return res, err
}
func (hand *Handler) RevokeServicePair(ctx context.Context, params *cmctl.RevokeServicePairParams) (*cmctl.RevokeServicePairResult, error) {
var err error
hand.log.Debugf("Handle RevokeServicePair call")
res := &cmctl.RevokeServicePairResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.RevokeServicePair(ctx, userID, params)
return res, err
}
func (hand *Handler) UnrevokeServicePair(ctx context.Context, params *cmctl.UnrevokeServicePairParams) (*cmctl.UnrevokeServicePairResult, error) {
var err error
hand.log.Debugf("Handle UnrevokeServicePair call")
res := &cmctl.UnrevokeServicePairResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.UnrevokeServicePair(ctx, userID, params)
return res, err
}
func (hand *Handler) ListServicePairs(ctx context.Context, params *cmctl.ListServicePairsParams) (*cmctl.ListServicePairsResult, error) {
var err error
hand.log.Debugf("Handle ListServicePairs call")
res := &cmctl.ListServicePairsResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.ListServicePairs(ctx, userID, params)
return res, err
}
func (hand *Handler) GetServicePair(ctx context.Context, params *cmctl.GetServicePairParams) (*cmctl.GetServicePairResult, error) {
var err error
hand.log.Debugf("Handle GetServicePair call")
res := &cmctl.GetServicePairResult{}
userID, err := hand.Authentificate(ctx)
if err != nil {
return res, err
}
res, err = hand.lg.GetServicePair(ctx, userID, params)
return res, err
}

26
internal/grpc/service/service.go
View File

@@ -12,10 +12,8 @@ import (
"certmanager/pkg/logger"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
)
type ServiceConfig struct {
@@ -82,7 +80,7 @@ func (svc *Service) Run() error {
gsrvOpts := []grpc.ServerOption{
grpc.Creds(tlsCredentials),
grpc.UnaryInterceptor(svc.authInterceptor),
grpc.UnaryInterceptor(svc.debugInterceptor),
}
svc.gsrv = grpc.NewServer(gsrvOpts...)
@@ -96,27 +94,11 @@ func (svc *Service) Run() error {
return err
}
func (svc *Service) authInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
func (svc *Service) debugInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
svc.log.Debugf("Called unary interceptor with method: %v", info.FullMethod)
meta, _ := metadata.FromIncomingContext(ctx)
svc.log.Debugf("Reqest username: %s", meta["username"])
svc.log.Debugf("Reqest password: %s", meta["password"])
usernameArr := meta["username"]
passwordArr := meta["password"]
if len(usernameArr) == 0 || len(passwordArr) == 0 {
err := status.Errorf(codes.PermissionDenied, "Empty auth data")
return nil, err
}
username := meta["username"][0]
password := meta["password"][0]
if !svc.lg.ValidateUser(username, password) {
err := status.Errorf(codes.PermissionDenied, "Wrong auth data")
return nil, err
}
reqBinary, err := json.Marshal(req)
if err == nil {
svc.log.Debugf("Request: %s", string(reqBinary))
}
svc.log.Debugf("Reqest username: %v", meta["username"])
svc.log.Debugf("Reqest password: %v", meta["password"])
return handler(ctx, req)
}

181
internal/logic/account.go Normal file
View File

@@ -0,0 +1,181 @@
package logic
import (
"context"
"fmt"
"time"
"certmanager/internal/descriptor"
"certmanager/pkg/auxid"
"certmanager/pkg/cmctl"
)
func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
var err error
var userID int64
accountDescrs, err := lg.db.ListAccounts(ctx)
if err != nil {
return userID, err
}
if len(accountDescrs) == 0 {
now := time.Now().Format(time.RFC3339)
accountDescr := &descriptor.Account{
ID: auxid.GenID(),
Username: "certman",
Password: "certman",
Disabled: false,
CreatedAt: now,
UpdatedAt: now,
}
err = lg.db.InsertAccount(ctx, accountDescr)
if err != nil {
return userID, err
}
userID = accountDescr.ID
}
return userID, err
}
func (lg *Logic) ValidateAcount(ctx context.Context, username, password string) (bool, int64, error) {
var err error
var userID int64
var valid bool
accountExists, accountDescr, err := lg.db.GetAccountByUsername(ctx, username)
if !accountExists {
err := fmt.Errorf("Account not exists")
return valid, userID, err
}
if password != accountDescr.Password {
err := fmt.Errorf("Login data mismatch")
return valid, userID, err
}
valid = true
userID = accountDescr.ID
return valid, userID, err
}
func (lg *Logic) CreateAccount(ctx context.Context, userID int64, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) {
var err error
res := &cmctl.CreateAccountResult{}
accountExists, _, err := lg.db.GetAccountByUsername(ctx, params.Username)
if err != nil {
return res, err
}
if accountExists {
err := fmt.Errorf("Account with thist name already exists")
return res, err
}
now := time.Now().Format(time.RFC3339)
accountDescr := &descriptor.Account{
ID: auxid.GenID(),
Username: params.Username,
Password: params.Password,
Disabled: false,
CreatedAt: now,
UpdatedAt: now,
}
err = lg.db.InsertAccount(ctx, accountDescr)
if err != nil {
return res, err
}
res.AccountID = accountDescr.ID
return res, err
}
func (lg *Logic) UpdateAccount(ctx context.Context, userID int64, params *cmctl.UpdateAccountParams) (*cmctl.UpdateAccountResult, error) {
var err error
res := &cmctl.UpdateAccountResult{}
var accountDescr *descriptor.Account
var accountExists bool
switch {
case params.AccountID != 0:
accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID)
if err != nil {
return res, err
}
case params.Username != "":
accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username)
if err != nil {
return res, err
}
}
if !accountExists {
err := fmt.Errorf("Account with this is or name dont exists")
return res, err
}
now := time.Now().Format(time.RFC3339)
if params.NewUsername != "" {
accountDescr.UpdatedAt = now
accountDescr.Username = params.NewUsername
}
if params.NewPassword != "" {
accountDescr.UpdatedAt = now
accountDescr.Password = params.NewPassword
}
if params.Disabled != accountDescr.Disabled {
accountDescr.UpdatedAt = now
accountDescr.Disabled = params.Disabled
}
err = lg.db.UpdateAccountByID(ctx, accountDescr.ID, accountDescr)
if err != nil {
return res, err
}
return res, err
}
func (lg *Logic) DeleteAccount(ctx context.Context, userID int64, params *cmctl.DeleteAccountParams) (*cmctl.DeleteAccountResult, error) {
var err error
res := &cmctl.DeleteAccountResult{}
var accountDescr *descriptor.Account
var accountExists bool
switch {
case params.AccountID != 0:
accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID)
if err != nil {
return res, err
}
case params.Username != "":
accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username)
if err != nil {
return res, err
}
}
if !accountExists {
err := fmt.Errorf("Account with this is or name dont exists")
return res, err
}
err = lg.db.DeleteAccountByID(ctx, accountDescr.ID)
if err != nil {
return res, err
}
return res, err
}
func (lg *Logic) ListAccounts(ctx context.Context, userID int64, params *cmctl.ListAccountsParams) (*cmctl.ListAccountsResult, error) {
var err error
res := &cmctl.ListAccountsResult{
Accounts: make([]*cmctl.AccountShortDescr, 0),
}
accountDescrs, err := lg.db.ListAccounts(ctx)
if err != nil {
return res, err
}
for _, accountDescr := range accountDescrs {
shortDescr := &cmctl.AccountShortDescr{
Username: accountDescr.Username,
Disabled: accountDescr.Disabled,
CreatedAt: accountDescr.CreatedAt,
UpdatedAt: accountDescr.UpdatedAt,
}
res.Accounts = append(res.Accounts, shortDescr)
}
return res, err
}

10
internal/logic/auth.go
View File

@@ -1,10 +0,0 @@
package logic
func (lg *Logic) ValidateUser(username, password string) bool {
for i := range lg.auths {
if username == lg.auths[i].Username && password == lg.auths[i].Password {
return true
}
}
return true
}

24
internal/logic/issuer.go
View File

@@ -11,7 +11,7 @@ import (
"certmanager/pkg/cmctl"
)
func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmctl.CreateIssuerPairParams) (*cmctl.CreateIssuerPairResult, error) {
func (lg *Logic) CreateIssuerPair(ctx context.Context, userID int64, params *cmctl.CreateIssuerPairParams) (*cmctl.CreateIssuerPairResult, error) {
var err error
res := &cmctl.CreateIssuerPairResult{}
@@ -38,6 +38,11 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmctl.CreateIssue
CommonName: params.IssuerCommonName,
}
if signerDescr != nil {
err = cm509.DoubleEncodedCertKeyMatch(signerDescr.Cert, signerDescr.Key)
if err != nil {
return res, err
}
lg.log.Debugf("Create issuer with signer name %s", signerDescr.Name)
createIssuerPairParams.SignerCert = signerDescr.Cert
createIssuerPairParams.SignerKey = signerDescr.Key
@@ -79,10 +84,11 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmctl.CreateIssue
return res, err
}
func (lg *Logic) GetIssuerCertificate(ctx context.Context, params *cmctl.GetIssuerCertificateParams) (*cmctl.GetIssuerCertificateResult, error) {
func (lg *Logic) GetIssuerCertificate(ctx context.Context, userID int64, params *cmctl.GetIssuerCertificateParams) (*cmctl.GetIssuerCertificateResult, error) {
var err error
res := &cmctl.GetIssuerCertificateResult{
SignerCertificates: make([]string, 0),
SignerNames: make([]string, 0),
}
var issuerDescr *descriptor.Issuer
var issuerExists bool
@@ -122,6 +128,12 @@ func (lg *Logic) GetIssuerCertificate(ctx context.Context, params *cmctl.GetIssu
}
for _, signerDescr := range signerDescrs {
res.SignerCertificates = append(res.SignerCertificates, signerDescr.Cert)
res.SignerNames = append(res.SignerNames, signerDescr.Name)
}
err = cm509.DoubleEncodedCertKeyMatch(issuerDescr.Cert, issuerDescr.Key)
if err != nil {
return res, err
}
res.IssuerID = issuerDescr.ID
@@ -131,7 +143,7 @@ func (lg *Logic) GetIssuerCertificate(ctx context.Context, params *cmctl.GetIssu
return res, err
}
func (lg *Logic) ImportIssuerPair(ctx context.Context, params *cmctl.ImportIssuerPairParams) (*cmctl.ImportIssuerPairResult, error) {
func (lg *Logic) ImportIssuerPair(ctx context.Context, userID int64, params *cmctl.ImportIssuerPairParams) (*cmctl.ImportIssuerPairResult, error) {
var err error
res := &cmctl.ImportIssuerPairResult{}
@@ -206,7 +218,7 @@ func (lg *Logic) ImportIssuerPair(ctx context.Context, params *cmctl.ImportIssue
return res, err
}
func (lg *Logic) RevokeIssuerPair(ctx context.Context, params *cmctl.RevokeIssuerPairParams) (*cmctl.RevokeIssuerPairResult, error) {
func (lg *Logic) RevokeIssuerPair(ctx context.Context, userID int64, params *cmctl.RevokeIssuerPairParams) (*cmctl.RevokeIssuerPairResult, error) {
var err error
res := &cmctl.RevokeIssuerPairResult{}
@@ -251,7 +263,7 @@ func (lg *Logic) RevokeIssuerPair(ctx context.Context, params *cmctl.RevokeIssue
return res, err
}
func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, params *cmctl.UnrevokeIssuerPairParams) (*cmctl.UnrevokeIssuerPairResult, error) {
func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, userID int64, params *cmctl.UnrevokeIssuerPairParams) (*cmctl.UnrevokeIssuerPairResult, error) {
var err error
res := &cmctl.UnrevokeIssuerPairResult{}
@@ -296,7 +308,7 @@ func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, params *cmctl.UnrevokeI
return res, err
}
func (lg *Logic) ListIssuerPairs(ctx context.Context, params *cmctl.ListIssuerPairsParams) (*cmctl.ListIssuerPairsResult, error) {
func (lg *Logic) ListIssuerPairs(ctx context.Context, userID int64, params *cmctl.ListIssuerPairsParams) (*cmctl.ListIssuerPairsResult, error) {
var err error
res := &cmctl.ListIssuerPairsResult{
Issuers: make([]*cmctl.IssierShortDescriptor, 0),

39
internal/logic/service.go
View File

@@ -2,7 +2,9 @@ package logic
import (
"context"
"crypto/x509"
"fmt"
"time"
"certmanager/internal/descriptor"
"certmanager/pkg/auxid"
@@ -10,7 +12,7 @@ import (
"certmanager/pkg/cmctl"
)
func (lg *Logic) CreateServicePair(ctx context.Context, params *cmctl.CreateServicePairParams) (*cmctl.CreateServicePairResult, error) {
func (lg *Logic) CreateServicePair(ctx context.Context, userID int64, params *cmctl.CreateServicePairParams) (*cmctl.CreateServicePairResult, error) {
var err error
res := &cmctl.CreateServicePairResult{}
@@ -52,6 +54,11 @@ func (lg *Logic) CreateServicePair(ctx context.Context, params *cmctl.CreateServ
}
}
err = cm509.DoubleEncodedCertKeyMatch(issuerDescr.Cert, issuerDescr.Key)
if err != nil {
return res, err
}
createServicePairParams := &cm509.CreateServicePairParams{
CommonName: params.ServiceCommonName,
IssuerKey: issuerDescr.Key,
@@ -86,7 +93,7 @@ func (lg *Logic) CreateServicePair(ctx context.Context, params *cmctl.CreateServ
return res, err
}
func (lg *Logic) GetServicePair(ctx context.Context, params *cmctl.GetServicePairParams) (*cmctl.GetServicePairResult, error) {
func (lg *Logic) GetServicePair(ctx context.Context, userID int64, params *cmctl.GetServicePairParams) (*cmctl.GetServicePairResult, error) {
var err error
res := &cmctl.GetServicePairResult{
IssuerCertificates: make([]string, 0),
@@ -176,6 +183,28 @@ func (lg *Logic) GetServicePair(ctx context.Context, params *cmctl.GetServicePai
res.IssuerCertificates = append(res.IssuerCertificates, issuerDescr.Cert)
}
signerCertPool := x509.NewCertPool()
for _, issuerDescr := range issuerDescrs {
issuerCertObj, err := cm509.ParseDoubleEncodedCerificate(issuerDescr.Cert)
if err != nil {
return res, err
}
signerCertPool.AddCert(issuerCertObj)
}
opts := x509.VerifyOptions{
Roots: signerCertPool,
CurrentTime: time.Now(),
}
_, err = serviceCertObj.Verify(opts)
if err != nil {
return res, err
}
err = cm509.DoubleEncodedCertKeyMatch(serviceDescr.Cert, serviceDescr.Key)
if err != nil {
return res, err
}
res.Certificate = serviceDescr.Cert
res.Key = serviceDescr.Key
res.IssuerID = serviceDescr.IssuerID
@@ -247,7 +276,7 @@ func (lg *Logic) GetNextIssuerChain(ctx context.Context, deep int, firstIssuerDe
return res, err
}
func (lg *Logic) ListServicePairs(ctx context.Context, params *cmctl.ListServicePairsParams) (*cmctl.ListServicePairsResult, error) {
func (lg *Logic) ListServicePairs(ctx context.Context, userID int64, params *cmctl.ListServicePairsParams) (*cmctl.ListServicePairsResult, error) {
var err error
res := &cmctl.ListServicePairsResult{
Services: make([]*cmctl.ServiceShortDescriptor, 0),
@@ -270,7 +299,7 @@ func (lg *Logic) ListServicePairs(ctx context.Context, params *cmctl.ListService
return res, err
}
func (lg *Logic) RevokeServicePair(ctx context.Context, params *cmctl.RevokeServicePairParams) (*cmctl.RevokeServicePairResult, error) {
func (lg *Logic) RevokeServicePair(ctx context.Context, userID int64, params *cmctl.RevokeServicePairParams) (*cmctl.RevokeServicePairResult, error) {
var err error
res := &cmctl.RevokeServicePairResult{}
@@ -315,7 +344,7 @@ func (lg *Logic) RevokeServicePair(ctx context.Context, params *cmctl.RevokeServ
return res, err
}
func (lg *Logic) UnrevokeServicePair(ctx context.Context, params *cmctl.UnrevokeServicePairParams) (*cmctl.UnrevokeServicePairResult, error) {
func (lg *Logic) UnrevokeServicePair(ctx context.Context, userID int64, params *cmctl.UnrevokeServicePairParams) (*cmctl.UnrevokeServicePairResult, error) {
var err error
res := &cmctl.UnrevokeServicePairResult{}

12
internal/server/server.go
View File

@@ -1,13 +1,14 @@
package server
import (
"context"
"os"
"os/signal"
"syscall"
"os/user"
"path/filepath"
"strconv"
"syscall"
"time"
"certmanager/internal/config"
"certmanager/internal/database"
@@ -92,6 +93,13 @@ func (srv *Server) Build() error {
if err != nil {
return err
}
// Seed accounts
ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
_, err = srv.lg.SeedAccount(ctx)
if err != nil {
return err
}
// Create whandler
whandlerConfig := &whandler.HandlerConfig{
Logic: srv.lg,

40
internal/test/logic_issuer_create_test.go
View File

@@ -40,6 +40,9 @@ func TestIssuerCreateN0(t *testing.T) {
}
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
userID, err := lg.SeedAccount(ctx)
require.NoError(t, err)
require.NotZero(t, userID)
signerCommonName := "make.love"
var signerID int64
@@ -49,7 +52,7 @@ func TestIssuerCreateN0(t *testing.T) {
createIssuerPairParams := &cmctl.CreateIssuerPairParams{
IssuerCommonName: signerCommonName,
}
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, createIssuerPairParams)
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, userID, createIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, createIssuerPairRes)
@@ -83,7 +86,7 @@ func TestIssuerCreateN0(t *testing.T) {
IssuerCommonName: issuerCommonName,
SignerID: signerID,
}
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, createIssuerPairParams)
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, userID, createIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, createIssuerPairRes)
@@ -120,7 +123,7 @@ func TestIssuerCreateN0(t *testing.T) {
InetAddresses: []string{"1.1.1.1", "1.1.1.2", "1.1.1.3"},
Hostnames: []string{"dont.worry", "be.happy"},
}
createServicePairRes, err := lg.CreateServicePair(ctx, createServicePairParams)
createServicePairRes, err := lg.CreateServicePair(ctx, userID, createServicePairParams)
require.NoError(t, err)
require.NotNil(t, createServicePairRes)
@@ -150,7 +153,7 @@ func TestIssuerCreateN0(t *testing.T) {
}
{
listIssuerPairsParams := &cmctl.ListIssuerPairsParams{}
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, listIssuerPairsParams)
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, userID, listIssuerPairsParams)
require.NoError(t, err)
require.NotNil(t, listIssuerPairsRes)
require.NotZero(t, len(listIssuerPairsRes.Issuers))
@@ -161,7 +164,7 @@ func TestIssuerCreateN0(t *testing.T) {
getServicePairParams := &cmctl.GetServicePairParams{
ServiceID: serviceID,
}
getServicePairRes, err := lg.GetServicePair(ctx, getServicePairParams)
getServicePairRes, err := lg.GetServicePair(ctx, userID, getServicePairParams)
require.NoError(t, err)
require.NotNil(t, getServicePairRes)
require.NotZero(t, len(getServicePairRes.Certificate))
@@ -173,7 +176,7 @@ func TestIssuerCreateN0(t *testing.T) {
getIssuerCertificateParams := &cmctl.GetIssuerCertificateParams{
IssuerID: issuerID,
}
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, getIssuerCertificateParams)
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, userID, getIssuerCertificateParams)
require.NoError(t, err)
require.NotNil(t, getIssuerCertificateRes)
require.NotZero(t, len(getIssuerCertificateRes.Certificate))
@@ -208,6 +211,9 @@ func XXXTestIssuerCreateN2(t *testing.T) {
}
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
userID, err := lg.SeedAccount(ctx)
require.NoError(t, err)
require.NotZero(t, userID)
issuerCommonName := "foo.bar"
var issuerID int64
@@ -216,7 +222,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
createIssuerPairParams := &cmctl.CreateIssuerPairParams{
IssuerCommonName: issuerCommonName,
}
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, createIssuerPairParams)
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, userID, createIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, createIssuerPairRes)
issuerID = createIssuerPairRes.IssuerID
@@ -227,7 +233,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
getIssuerCertificateParams := &cmctl.GetIssuerCertificateParams{
IssuerID: issuerID,
}
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, getIssuerCertificateParams)
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, userID, getIssuerCertificateParams)
require.NoError(t, err)
require.NotNil(t, getIssuerCertificateRes)
require.NotZero(t, len(getIssuerCertificateRes.Certificate))
@@ -243,7 +249,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
revokeIssuerPairParams := &cmctl.RevokeIssuerPairParams{
IssuerID: issuerID,
}
revokeIssuerPairRes, err := lg.RevokeIssuerPair(ctx, revokeIssuerPairParams)
revokeIssuerPairRes, err := lg.RevokeIssuerPair(ctx, userID, revokeIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, revokeIssuerPairRes)
@@ -254,7 +260,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
getIssuerCertificateParams := &cmctl.GetIssuerCertificateParams{
IssuerID: issuerID,
}
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, getIssuerCertificateParams)
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, userID, getIssuerCertificateParams)
require.NoError(t, err)
require.NotNil(t, getIssuerCertificateRes)
require.NotZero(t, len(getIssuerCertificateRes.Certificate))
@@ -266,7 +272,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
unrevokeIssuerPairParams := &cmctl.UnrevokeIssuerPairParams{
IssuerID: issuerID,
}
unrevokeIssuerPairRes, err := lg.UnrevokeIssuerPair(ctx, unrevokeIssuerPairParams)
unrevokeIssuerPairRes, err := lg.UnrevokeIssuerPair(ctx, userID, unrevokeIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, unrevokeIssuerPairRes)
@@ -277,7 +283,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
getIssuerCertificateParams := &cmctl.GetIssuerCertificateParams{
IssuerID: issuerID,
}
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, getIssuerCertificateParams)
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, userID, getIssuerCertificateParams)
require.NoError(t, err)
require.NotNil(t, getIssuerCertificateRes)
require.NotZero(t, len(getIssuerCertificateRes.Certificate))
@@ -287,7 +293,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
}
{
listIssuerPairsParams := &cmctl.ListIssuerPairsParams{}
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, listIssuerPairsParams)
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, userID, listIssuerPairsParams)
require.NoError(t, err)
require.NotNil(t, listIssuerPairsRes)
require.NotZero(t, len(listIssuerPairsRes.Issuers))
@@ -299,7 +305,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
createIssuerPairParams := &cmctl.CreateIssuerPairParams{
IssuerCommonName: fmt.Sprintf("sub%0d.%s", i, issuerCommonName),
}
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, createIssuerPairParams)
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, userID, createIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, createIssuerPairRes)
issuerID = createIssuerPairRes.IssuerID
@@ -308,7 +314,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
}
{
listIssuerPairsParams := &cmctl.ListIssuerPairsParams{}
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, listIssuerPairsParams)
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, userID, listIssuerPairsParams)
require.NoError(t, err)
require.NotNil(t, listIssuerPairsRes)
require.NotZero(t, len(listIssuerPairsRes.Issuers))
@@ -322,7 +328,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
ServiceCommonName: serviceCommonName,
IssuerID: issuerID,
}
createServicePairRes, err := lg.CreateServicePair(ctx, createServicePairParams)
createServicePairRes, err := lg.CreateServicePair(ctx, userID, createServicePairParams)
printObj("createServicePairRes", createServicePairRes)
require.NoError(t, err)
@@ -334,7 +340,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
getServicePairParams := &cmctl.GetServicePairParams{
ServiceID: serviceID,
}
getServicePairRes, err := lg.GetServicePair(ctx, getServicePairParams)
getServicePairRes, err := lg.GetServicePair(ctx, userID, getServicePairParams)
require.NoError(t, err)
require.NotNil(t, getServicePairRes)
require.NotZero(t, len(getServicePairRes.Certificate))

7
internal/test/logic_issuer_import_test.go
View File

@@ -43,6 +43,10 @@ func XXXTestLogicImportIssuer(t *testing.T) {
require.NoError(t, err)
require.NotNil(t, lg)
}
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
userID, err := lg.SeedAccount(ctx)
require.NoError(t, err)
require.NotZero(t, userID)
certBytes, err := os.ReadFile("testchain_a00.crt")
require.NoError(t, err)
@@ -80,13 +84,12 @@ func XXXTestLogicImportIssuer(t *testing.T) {
certStrings = append(certStrings, certString)
}
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
{
importIssuerPairParams := &cmapi.ImportIssuerPairParams{
Certificate: certString,
Key: keyString,
}
importIssuerPairRes, err := lg.ImportIssuerPair(ctx, importIssuerPairParams)
importIssuerPairRes, err := lg.ImportIssuerPair(ctx, userID, importIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, importIssuerPairRes)

32
internal/wrpc/handler/basauth.go
View File

@@ -1,32 +0,0 @@
package handler
import (
"errors"
"fmt"
"certmanager/pkg/auxhttp"
"github.com/gin-gonic/gin"
)
func (hand *Handler) BasicAuth(gctx *gin.Context) {
var err error
authHeader := gctx.Request.Header.Get("Authorization")
if authHeader == "" {
err = errors.New("Cannot found autentification data")
auxhttp.SendError(gctx, err)
return
}
username, password, err := auxhttp.ParseAuthBasicHeader(authHeader)
if err != nil {
err = fmt.Errorf("Authorization error: %s", err)
auxhttp.SendError(gctx, err)
return
}
if !hand.lg.ValidateUser(username, password) {
err = errors.New("Incorrect autentification data")
auxhttp.SendError(gctx, err)
return
}
gctx.Next()
}

13
internal/wrpc/service/service.go
View File

@@ -71,19 +71,6 @@ func (svc *Service) Build() error {
{
statusGroup := v1Group.Group("status")
statusGroup.POST("get", svc.hand.GetStatus)
/*
forwardingGroup := v1Group.Group("forwarding")
forwardingGroup.POST("create", svc.hand.CreateForwarding)
forwardingGroup.POST("list", svc.hand.ListForwardings)
forwardingGroup.POST("delete", svc.hand.DeleteForwarding)
defaultsGroup := v1Group.Group("defaults")
defaultsGroup.POST("set", svc.hand.SetDefaults)
defaultsGroup.POST("get", svc.hand.GetDefaults)
proxyGroup := v1Group.Group("proxy")
proxyGroup.POST("reset", svc.hand.ResetProxy)
*/
}
noRouteFunc := func(gctx *gin.Context) {
err := fmt.Errorf("No route")