certmanager updates
This commit is contained in:
Олег Бородин
@@ -86,7 +86,7 @@ func NewDatabase(datapath string) (*Database, error) {
|
||||
|
||||
}
|
||||
|
||||
func (db *Database) InitDatabase() error {
|
||||
func (db *Database) InitDatabase(ctx context.Context) error {
|
||||
var err error
|
||||
dbPath := filepath.Join(db.datapath, "certmanager.db")
|
||||
db.log.Infof("Initialize database %s", dbPath)
|
||||
@@ -112,7 +112,7 @@ func (db *Database) CleanDatabase(ctx context.Context) error {
|
||||
request := `
|
||||
DELETE FROM issuer;
|
||||
DELETE FROM service;
|
||||
DELETE FROM user;
|
||||
DELETE FROM account;
|
||||
DELETE FROM grant;
|
||||
`
|
||||
_, err = db.db.Exec(request)
|
||||
|
||||
@@ -103,7 +103,7 @@ func (svc *Service) logInterceptor(ctx context.Context, req any, info *grpc.Unar
|
||||
func (svc *Service) debugInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
|
||||
var err error
|
||||
reqBinary, err := json.Marshal(req)
|
||||
requestString := ""
|
||||
requestString := ""
|
||||
if err == nil {
|
||||
requestString = string(reqBinary)
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package logic
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
@@ -43,8 +44,12 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, accountID int64, params *
|
||||
}
|
||||
}
|
||||
}
|
||||
newIssuerID := auxid.GenID()
|
||||
createIssuerPairParams := &cm509.CreateIssuerPairParams{
|
||||
CommonName: params.IssuerCommonName,
|
||||
CommonName: params.IssuerCommonName,
|
||||
OrganizationName: params.IssuerOrganizationName,
|
||||
OrganizationalUnitName: params.IssuerOrganizationalUnitName,
|
||||
SerialNumber: newIssuerID,
|
||||
}
|
||||
if signerDescr != nil {
|
||||
err = cm509.DoubleEncodedCertKeyMatch(signerDescr.Cert, signerDescr.Key)
|
||||
@@ -62,7 +67,7 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, accountID int64, params *
|
||||
}
|
||||
|
||||
issuerDescr := &descriptor.Issuer{
|
||||
ID: auxid.GenID(),
|
||||
ID: newIssuerID,
|
||||
Name: createIssuerPairRes.Name,
|
||||
Cert: createIssuerPairRes.Cert,
|
||||
Key: createIssuerPairRes.Key,
|
||||
@@ -83,10 +88,19 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, accountID int64, params *
|
||||
}
|
||||
}
|
||||
|
||||
issuerCertObj, err := cm509.ParseDoubleEncodedCerificate(createIssuerPairRes.Cert)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
fingerprintBytes := sha256.Sum256(issuerCertObj.Raw)
|
||||
fingerprint := fmt.Sprintf("sha256:%x", fingerprintBytes)
|
||||
|
||||
err = lg.db.InsertIssuer(ctx, issuerDescr)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
res.Fingerprint = fingerprint
|
||||
res.IssuerID = issuerDescr.ID
|
||||
res.IssuerName = createIssuerPairRes.Name
|
||||
res.Certificate = createIssuerPairRes.Cert
|
||||
@@ -155,10 +169,19 @@ func (lg *Logic) GetIssuerCertificate(ctx context.Context, accountID int64, para
|
||||
return res, err
|
||||
}
|
||||
|
||||
issuerCertObj, err := cm509.ParseDoubleEncodedCerificate(issuerDescr.Cert)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
fingerprintBytes := sha256.Sum256(issuerCertObj.Raw)
|
||||
fingerprint := fmt.Sprintf("sha256:%x", fingerprintBytes)
|
||||
|
||||
res.IssuerID = issuerDescr.ID
|
||||
res.Certificate = issuerDescr.Cert
|
||||
res.Name = issuerDescr.Name
|
||||
res.Revoked = issuerDescr.Revoked
|
||||
res.Fingerprint = fingerprint
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ package logic
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"time"
|
||||
@@ -67,21 +68,31 @@ func (lg *Logic) CreateServicePair(ctx context.Context, accountID int64, params
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
newServiceID := auxid.GenID()
|
||||
createServicePairParams := &cm509.CreateServicePairParams{
|
||||
CommonName: params.ServiceCommonName,
|
||||
IssuerKey: issuerDescr.Key,
|
||||
IssuerCert: issuerDescr.Cert,
|
||||
IPAddresses: params.InetAddresses,
|
||||
DNSNames: params.Hostnames,
|
||||
OrganizationName: params.ServiceOrganizationName,
|
||||
OrganizationalUnitName: params.ServiceOrganizationalUnitName,
|
||||
CommonName: params.ServiceCommonName,
|
||||
IssuerKey: issuerDescr.Key,
|
||||
IssuerCert: issuerDescr.Cert,
|
||||
IPAddresses: params.InetAddresses,
|
||||
DNSNames: params.Hostnames,
|
||||
SerialNumber: newServiceID,
|
||||
}
|
||||
createSericePairRes, err := cm509.CreateServicePair(createServicePairParams)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
serviceCertObj, err := cm509.ParseDoubleEncodedCerificate(createSericePairRes.Cert)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
fingerprintBytes := sha256.Sum256(serviceCertObj.Raw)
|
||||
fingerprint := fmt.Sprintf("sha256:%x", fingerprintBytes)
|
||||
|
||||
serviceDescr := &descriptor.Service{
|
||||
ID: auxid.GenID(),
|
||||
ID: newServiceID,
|
||||
Name: createSericePairRes.Name,
|
||||
IssuerID: issuerDescr.ID,
|
||||
IssuerName: issuerDescr.Name,
|
||||
@@ -99,6 +110,7 @@ func (lg *Logic) CreateServicePair(ctx context.Context, accountID int64, params
|
||||
res.IssuerID = issuerDescr.ID
|
||||
res.IssuerName = issuerDescr.Name
|
||||
res.IssuerCertificate = issuerDescr.Cert
|
||||
res.Fingerprint = fingerprint
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -224,12 +236,16 @@ func (lg *Logic) GetServicePair(ctx context.Context, accountID int64, params *cm
|
||||
return res, err
|
||||
}
|
||||
|
||||
fingerprintBytes := sha256.Sum256(serviceCertObj.Raw)
|
||||
fingerprint := fmt.Sprintf("sha256:%x", fingerprintBytes)
|
||||
|
||||
res.Certificate = serviceDescr.Cert
|
||||
res.Key = serviceDescr.Key
|
||||
res.IssuerID = serviceDescr.IssuerID
|
||||
res.IssuerName = serviceDescr.IssuerName
|
||||
res.Revoked = serviceDescr.Revoked
|
||||
res.IssuerCertificate = issuerDescr.Cert
|
||||
res.Fingerprint = fingerprint
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
||||
@@ -17,6 +17,9 @@ import (
|
||||
|
||||
func XXTestDatabaseIssuer(t *testing.T) {
|
||||
var err error
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
|
||||
|
||||
conf := config.NewConfig()
|
||||
err = conf.ReadFile()
|
||||
require.NoError(t, err)
|
||||
@@ -25,11 +28,9 @@ func XXTestDatabaseIssuer(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, db)
|
||||
|
||||
err = db.InitDatabase()
|
||||
err = db.InitDatabase(ctx)
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
|
||||
|
||||
issuerID := auxid.GenID()
|
||||
issuer := &descriptor.Issuer{
|
||||
ID: issuerID,
|
||||
@@ -70,6 +71,9 @@ func XXTestDatabaseIssuer(t *testing.T) {
|
||||
|
||||
func XXXTestDatabaseService(t *testing.T) {
|
||||
var err error
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
|
||||
|
||||
conf := config.NewConfig()
|
||||
err = conf.ReadFile()
|
||||
require.NoError(t, err)
|
||||
@@ -78,11 +82,9 @@ func XXXTestDatabaseService(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, db)
|
||||
|
||||
err = db.InitDatabase()
|
||||
err = db.InitDatabase(ctx)
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
|
||||
|
||||
serviceID := auxid.GenID()
|
||||
service := &descriptor.Service{
|
||||
ID: serviceID,
|
||||
|
||||
@@ -18,6 +18,9 @@ import (
|
||||
func TestIssuerCreateN0(t *testing.T) {
|
||||
var err error
|
||||
var lg *logic.Logic
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
|
||||
{
|
||||
conf := config.NewConfig()
|
||||
err = conf.ReadFile()
|
||||
@@ -27,7 +30,10 @@ func TestIssuerCreateN0(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, db)
|
||||
|
||||
err = db.InitDatabase()
|
||||
err = db.InitDatabase(ctx)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = db.CleanDatabase(ctx)
|
||||
require.NoError(t, err)
|
||||
|
||||
logicConfig := &logic.LogicConfig{
|
||||
@@ -39,18 +45,18 @@ func TestIssuerCreateN0(t *testing.T) {
|
||||
require.NotNil(t, lg)
|
||||
}
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
userID, err := lg.SeedAccount(ctx)
|
||||
require.NoError(t, err)
|
||||
require.NotZero(t, userID)
|
||||
|
||||
signerCommonName := "make.love"
|
||||
var signerID int64
|
||||
var signerCert string
|
||||
var signerName string
|
||||
{
|
||||
createIssuerPairParams := &cmctl.CreateIssuerPairParams{
|
||||
IssuerCommonName: signerCommonName,
|
||||
IssuerOrganizationName: "Detroit cops",
|
||||
IssuerOrganizationalUnitName: "Special Operations",
|
||||
IssuerCommonName: "Cop chief",
|
||||
}
|
||||
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, userID, createIssuerPairParams)
|
||||
require.NoError(t, err)
|
||||
@@ -71,20 +77,27 @@ func TestIssuerCreateN0(t *testing.T) {
|
||||
printObj("signerCertObj Subject", signerCertObj.Subject.String())
|
||||
printObj("signerCertObj Issuer", signerCertObj.Issuer.String())
|
||||
|
||||
require.Equal(t, signerCertObj.Subject.String(), signerCertObj.Issuer.String())
|
||||
require.NotZero(t, signerCertObj.Subject.String())
|
||||
require.NotZero(t, signerCertObj.Issuer.String())
|
||||
|
||||
signerPEM, err := base64.StdEncoding.DecodeString(signerCert)
|
||||
require.NoError(t, err)
|
||||
require.NotZero(t, len(signerPEM))
|
||||
printObj("signerPEM", string(signerPEM))
|
||||
|
||||
}
|
||||
issuerCommonName := "not.war"
|
||||
|
||||
var issuerID int64
|
||||
var issuerCert string
|
||||
var issuerName string
|
||||
{
|
||||
createIssuerPairParams := &cmctl.CreateIssuerPairParams{
|
||||
IssuerCommonName: issuerCommonName,
|
||||
SignerID: signerID,
|
||||
IssuerCommonName: "Intendant",
|
||||
IssuerOrganizationName: "Detroit cops",
|
||||
IssuerOrganizationalUnitName: "Special Operations",
|
||||
|
||||
SignerID: signerID,
|
||||
}
|
||||
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, userID, createIssuerPairParams)
|
||||
require.NoError(t, err)
|
||||
@@ -106,22 +119,25 @@ func TestIssuerCreateN0(t *testing.T) {
|
||||
printObj("issuerCertObj Issuer", issuerCertObj.Issuer.String())
|
||||
|
||||
require.NotEqual(t, issuerCertObj.Subject.String(), issuerCertObj.Issuer.String())
|
||||
require.NotZero(t, issuerCertObj.Subject.String())
|
||||
require.NotZero(t, issuerCertObj.Issuer.String())
|
||||
|
||||
issuerPEM, err := base64.StdEncoding.DecodeString(issuerCert)
|
||||
require.NoError(t, err)
|
||||
require.NotZero(t, len(issuerPEM))
|
||||
printObj("issuerPEM", string(issuerPEM))
|
||||
}
|
||||
serviceCommonName := "dont.worry"
|
||||
var serviceID int64
|
||||
var serviceCert string
|
||||
var serviceName string
|
||||
{
|
||||
createServicePairParams := &cmctl.CreateServicePairParams{
|
||||
ServiceCommonName: serviceCommonName,
|
||||
IssuerID: issuerID,
|
||||
InetAddresses: []string{"1.1.1.1", "1.1.1.2", "1.1.1.3"},
|
||||
Hostnames: []string{"dont.worry", "be.happy"},
|
||||
ServiceCommonName: "The Robocop",
|
||||
ServiceOrganizationName: "Detroit cops",
|
||||
ServiceOrganizationalUnitName: "Special Operations",
|
||||
IssuerID: issuerID,
|
||||
//InetAddresses: []string{"1.1.1.1", "1.1.1.2", "1.1.1.3"},
|
||||
//Hostnames: []string{"dont.worry", "be.happy"},
|
||||
}
|
||||
createServicePairRes, err := lg.CreateServicePair(ctx, userID, createServicePairParams)
|
||||
require.NoError(t, err)
|
||||
@@ -140,17 +156,25 @@ func TestIssuerCreateN0(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, serviceCertObj)
|
||||
printObj("serviceCertObj Subject", serviceCertObj.Subject.String())
|
||||
printObj("serviceCertObj Service", serviceCertObj.Issuer.String())
|
||||
printObj("serviceCertObj Issuer", serviceCertObj.Issuer.String())
|
||||
printObj("serviceCertObj DNSNames", serviceCertObj.DNSNames)
|
||||
printObj("serviceCertObj IP addresses", serviceCertObj.IPAddresses)
|
||||
|
||||
require.NotEqual(t, serviceCertObj.Subject.String(), serviceCertObj.Issuer.String())
|
||||
require.NotZero(t, serviceCertObj.Subject.String())
|
||||
require.NotZero(t, serviceCertObj.Issuer.String())
|
||||
|
||||
servicePEM, err := base64.StdEncoding.DecodeString(serviceCert)
|
||||
require.NoError(t, err)
|
||||
require.NotZero(t, len(servicePEM))
|
||||
printObj("servicePEM", string(servicePEM))
|
||||
|
||||
printObj("createServicePairRes", createServicePairRes)
|
||||
|
||||
}
|
||||
|
||||
//return
|
||||
|
||||
{
|
||||
listIssuerPairsParams := &cmctl.ListIssuerPairsParams{}
|
||||
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, userID, listIssuerPairsParams)
|
||||
@@ -189,6 +213,9 @@ func TestIssuerCreateN0(t *testing.T) {
|
||||
func XXXTestIssuerCreateN2(t *testing.T) {
|
||||
var err error
|
||||
var lg *logic.Logic
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
|
||||
{
|
||||
conf := config.NewConfig()
|
||||
err = conf.ReadFile()
|
||||
@@ -198,7 +225,7 @@ func XXXTestIssuerCreateN2(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, db)
|
||||
|
||||
err = db.InitDatabase()
|
||||
err = db.InitDatabase(ctx)
|
||||
require.NoError(t, err)
|
||||
|
||||
logicConfig := &logic.LogicConfig{
|
||||
@@ -210,7 +237,6 @@ func XXXTestIssuerCreateN2(t *testing.T) {
|
||||
require.NotNil(t, lg)
|
||||
}
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
userID, err := lg.SeedAccount(ctx)
|
||||
require.NoError(t, err)
|
||||
require.NotZero(t, userID)
|
||||
|
||||
@@ -23,6 +23,9 @@ import (
|
||||
func XXXTestLogicImportIssuer(t *testing.T) {
|
||||
var err error
|
||||
var lg *logic.Logic
|
||||
|
||||
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
|
||||
{
|
||||
conf := config.NewConfig()
|
||||
err = conf.ReadFile()
|
||||
@@ -32,7 +35,7 @@ func XXXTestLogicImportIssuer(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, db)
|
||||
|
||||
err = db.InitDatabase()
|
||||
err = db.InitDatabase(ctx)
|
||||
require.NoError(t, err)
|
||||
|
||||
logicConfig := &logic.LogicConfig{
|
||||
@@ -43,7 +46,6 @@ func XXXTestLogicImportIssuer(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, lg)
|
||||
}
|
||||
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
userID, err := lg.SeedAccount(ctx)
|
||||
require.NoError(t, err)
|
||||
require.NotZero(t, userID)
|
||||
|
||||
Reference in New Issue
Block a user