ziggi/certmanager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

working changes

Browse Source
This commit is contained in:
Олег Бородин
2024-07-31 22:20:18 +02:00
parent 42cd5f4800
commit a75bc364f1
14 changed files with 1807 additions and 765 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -7,7 +7,7 @@ Makefile
*.lineno
autom4te.cache/
*.service
tmp
tmp.*
*.tar.*
cmd/certmanagerctl/certmanagerctl
cmd/certmanagerd/certmanagerd

1183
api/certmanagercontrol/certmanagercontrol.pb.go
View File

File diff suppressed because it is too large Load Diff

3
configure vendored
View File

@@ -3174,7 +3174,7 @@ srv_sbindir="${prefix}/sbin"
ac_config_files="$ac_config_files Makefile internal/config/path.go initrc/certmanagerd.service"
ac_config_files="$ac_config_files Makefile internal/test/Makefile internal/config/path.go initrc/certmanagerd.service"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -3913,6 +3913,7 @@ for ac_config_target in $ac_config_targets
do
case $ac_config_target in
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"internal/test/Makefile") CONFIG_FILES="$CONFIG_FILES internal/test/Makefile" ;;
"internal/config/path.go") CONFIG_FILES="$CONFIG_FILES internal/config/path.go" ;;
"initrc/certmanagerd.service") CONFIG_FILES="$CONFIG_FILES initrc/certmanagerd.service" ;;

1
configure.ac
View File

@@ -189,6 +189,7 @@ AC_SUBST(srv_sbindir, "${prefix}/sbin")
AC_CONFIG_FILES([
Makefile
internal/test/Makefile
internal/config/path.go
initrc/certmanagerd.service
])

13
internal/descriptor/descriptor.go
View File

@@ -9,10 +9,11 @@ type Issuer struct {
}
type Service struct {
ID int64 `json:"id" yaml:"id" db:"id"`
IssuerID int64 `json:"issuerId" yaml:"issuerId" db:"issuer_id"`
Name string `json:"name" yaml:"name" db:"name"`
Cert string `json:"cert" yaml:"cert" db:"cert"`
Key string `json:"key" yaml:"key" db:"key"`
Revoked bool `json:"revoked" yaml:"revoked" db:"revoked"`
ID int64 `json:"id" yaml:"id" db:"id"`
IssuerID int64 `json:"issuerId" yaml:"issuerId" db:"issuer_id"`
IssuerName string `json:"issuerName" yaml:"issuerName" db:"issuer_name"`
Name string `json:"name" yaml:"name" db:"name"`
Cert string `json:"cert" yaml:"cert" db:"cert"`
Key string `json:"key" yaml:"key" db:"key"`
Revoked bool `json:"revoked" yaml:"revoked" db:"revoked"`
}

91
internal/logic/certman.go
View File

@@ -1,91 +0,0 @@
package logic
import (
"context"
"encoding/base64"
"encoding/json"
cmapi "certmanager/api/certmanagercontrol"
"certmanager/internal/descriptor"
//yaml "gopkg.in/yaml.v3"
)
func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmapi.CreateIssuerPairParams) (*cmapi.CreateIssuerPairResult, error) {
var err error
res := &cmapi.CreateIssuerPairResult{}
paramsJson, err := json.Marshal(params)
if err != nil {
return res, err
}
lg.log.Debugf("params: \n%s\n", string(paramsJson))
certBytes, keyBytes, err := CreateX509SelfSignedCert(params.IssuerName)
certString := base64.StdEncoding.EncodeToString(certBytes)
keyString := base64.StdEncoding.EncodeToString(keyBytes)
issuer := &descriptor.Issuer{
Name: params.IssuerName,
Cert: certString,
Key: keyString,
}
issuerID, err := lg.db.InsertIssuer(ctx, issuer)
if err != nil {
return res, err
}
res.IssuerID = issuerID
return res, err
}
func (lg *Logic) ImportIssuerPair(ctx context.Context, params *cmapi.ImportIssuerPairParams) (*cmapi.ImportIssuerPairResult, error) {
var err error
res := &cmapi.ImportIssuerPairResult{}
return res, err
}
func (lg *Logic) RevokeIssuerPair(ctx context.Context, params *cmapi.RevokeIssuerPairParams) (*cmapi.RevokeIssuerPairResult, error) {
var err error
res := &cmapi.RevokeIssuerPairResult{}
return res, err
}
func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, params *cmapi.UnrevokeIssuerPairParams) (*cmapi.UnrevokeIssuerPairResult, error) {
var err error
res := &cmapi.UnrevokeIssuerPairResult{}
return res, err
}
func (lg *Logic) ListIssuerPairs(ctx context.Context, params *cmapi.ListIssuerPairsParams) (*cmapi.ListIssuerPairsResult, error) {
var err error
res := &cmapi.ListIssuerPairsResult{}
return res, err
}
func (lg *Logic) GetIssuerCertificate(ctx context.Context, params *cmapi.GetIssuerCertificateParams) (*cmapi.GetIssuerCertificateResult, error) {
var err error
res := &cmapi.GetIssuerCertificateResult{}
return res, err
}
func (lg *Logic) CreateServicePair(ctx context.Context, params *cmapi.CreateServicePairParams) (*cmapi.CreateServicePairResult, error) {
var err error
res := &cmapi.CreateServicePairResult{}
return res, err
}
func (lg *Logic) RevokeServicePair(ctx context.Context, params *cmapi.RevokeServicePairParams) (*cmapi.RevokeServicePairResult, error) {
var err error
res := &cmapi.RevokeServicePairResult{}
return res, err
}
func (lg *Logic) ListServicePairs(ctx context.Context, params *cmapi.ListServicePairsParams) (*cmapi.ListServicePairsResult, error) {
var err error
res := &cmapi.ListServicePairsResult{}
return res, err
}
func (lg *Logic) GetServicePair(ctx context.Context, params *cmapi.GetServicePairParams) (*cmapi.GetServicePairResult, error) {
var err error
res := &cmapi.GetServicePairResult{}
return res, err
}

238
internal/logic/issuer.go Normal file
View File

@@ -0,0 +1,238 @@
package logic
import (
"context"
"fmt"
"crypto/x509"
"encoding/base64"
"encoding/pem"
cmapi "certmanager/api/certmanagercontrol"
"certmanager/internal/descriptor"
)
func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmapi.CreateIssuerPairParams) (*cmapi.CreateIssuerPairResult, error) {
var err error
res := &cmapi.CreateIssuerPairResult{}
createIssuerPairParams := &CreateIssuerPairParams{
CommonName: params.IssuerCommonName,
}
createIssuerPairRes, err := CreateIssuerPair(createIssuerPairParams)
if err != nil {
return res, err
}
issuer := &descriptor.Issuer{
Name: createIssuerPairRes.Name,
Cert: createIssuerPairRes.Cert,
Key: createIssuerPairRes.Key,
}
issuerID, err := lg.db.InsertIssuer(ctx, issuer)
if err != nil {
return res, err
}
res.IssuerID = issuerID
return res, err
}
func (lg *Logic) GetIssuerCertificate(ctx context.Context, params *cmapi.GetIssuerCertificateParams) (*cmapi.GetIssuerCertificateResult, error) {
var err error
res := &cmapi.GetIssuerCertificateResult{}
var issuerDescr *descriptor.Issuer
var issuerExists bool
switch {
case params.IssuerID != 0:
issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID)
if !issuerExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.IssuerName != "":
issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName)
if !issuerExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Issuer ID or name is not specified")
if err != nil {
return res, err
}
}
if issuerDescr == nil {
err := fmt.Errorf("Issuer descriptor is nil")
if err != nil {
return res, err
}
}
res.IssuerID = issuerDescr.ID
res.Certificate = issuerDescr.Cert
res.Name = issuerDescr.Name
res.Revoked = issuerDescr.Revoked
return res, err
}
func (lg *Logic) ImportIssuerPair(ctx context.Context, params *cmapi.ImportIssuerPairParams) (*cmapi.ImportIssuerPairResult, error) {
var err error
res := &cmapi.ImportIssuerPairResult{}
certPEM, err := base64.StdEncoding.DecodeString(params.Certificate)
if err != nil {
return res, err
}
certBlock, _ := pem.Decode([]byte(certPEM))
if certBlock == nil {
err := fmt.Errorf("Failed to parse certificate PEM")
return res, err
}
cert, err := x509.ParseCertificate(certBlock.Bytes)
if err != nil {
return res, err
}
if !cert.IsCA {
err := fmt.Errorf("Certificate is not CA")
return res, err
}
if params.Key != "" {
keyPEM, err := base64.StdEncoding.DecodeString(params.Key)
if err != nil {
return res, err
}
keyBlock, _ := pem.Decode([]byte(keyPEM))
if keyBlock == nil {
err := fmt.Errorf("Failed to parse certificate PEM")
return res, err
}
}
issuerDescr := &descriptor.Issuer{
Name: cert.Issuer.String(),
Cert: params.Certificate,
Key: params.Key,
}
issuerID, err := lg.db.InsertIssuer(ctx, issuerDescr)
if err != nil {
return res, err
}
res.IssuerName = cert.Subject.String()
res.IssuerID = issuerID
return res, err
}
func (lg *Logic) RevokeIssuerPair(ctx context.Context, params *cmapi.RevokeIssuerPairParams) (*cmapi.RevokeIssuerPairResult, error) {
var err error
res := &cmapi.RevokeIssuerPairResult{}
var issuerDescr *descriptor.Issuer
var issuerExists bool
switch {
case params.IssuerID != 0:
issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID)
if !issuerExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.IssuerName != "":
issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName)
if !issuerExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Issuer ID or name is not specified")
if err != nil {
return res, err
}
}
if issuerDescr == nil {
err := fmt.Errorf("Issuer descriptor is nil")
if err != nil {
return res, err
}
}
if !issuerDescr.Revoked {
issuerDescr.Revoked = true
err = lg.db.UpdateIssuerByID(ctx, issuerDescr.ID, issuerDescr)
if err != nil {
return res, err
}
}
return res, err
}
func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, params *cmapi.UnrevokeIssuerPairParams) (*cmapi.UnrevokeIssuerPairResult, error) {
var err error
res := &cmapi.UnrevokeIssuerPairResult{}
var issuerDescr *descriptor.Issuer
var issuerExists bool
switch {
case params.IssuerID != 0:
issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID)
if !issuerExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.IssuerName != "":
issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName)
if !issuerExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Issuer ID or name is not specified")
if err != nil {
return res, err
}
}
if issuerDescr == nil {
err := fmt.Errorf("Issuer descriptor is nil")
if err != nil {
return res, err
}
}
if issuerDescr.Revoked {
issuerDescr.Revoked = false
err = lg.db.UpdateIssuerByID(ctx, issuerDescr.ID, issuerDescr)
if err != nil {
return res, err
}
}
return res, err
}
func (lg *Logic) ListIssuerPairs(ctx context.Context, params *cmapi.ListIssuerPairsParams) (*cmapi.ListIssuerPairsResult, error) {
var err error
res := &cmapi.ListIssuerPairsResult{
Issuers: make([]*cmapi.IssierShortDescriptor, 0),
}
listIssuers, err := lg.db.ListIssuers(ctx)
if err != nil {
return res, err
}
for _, issuer := range listIssuers {
issuerShortDescr := cmapi.IssierShortDescriptor{
IssuerID: issuer.ID,
Name: issuer.Name,
Revoked: issuer.Revoked,
}
res.Issuers = append(res.Issuers, &issuerShortDescr)
}
return res, err
}

238
internal/logic/service.go Normal file
View File

@@ -0,0 +1,238 @@
package logic
import (
"context"
"fmt"
"certmanager/internal/descriptor"
cmapi "certmanager/api/certmanagercontrol"
)
func (lg *Logic) CreateServicePair(ctx context.Context, params *cmapi.CreateServicePairParams) (*cmapi.CreateServicePairResult, error) {
var err error
res := &cmapi.CreateServicePairResult{}
var issuerDescr *descriptor.Issuer
var issuerExists bool
switch {
case params.IssuerID != 0:
issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID)
if !issuerExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.IssuerName != "":
issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName)
if !issuerExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Issuer ID or name is not specified")
if err != nil {
return res, err
}
}
if issuerDescr == nil {
err := fmt.Errorf("Issuer descriptor is nil")
if err != nil {
return res, err
}
}
if issuerDescr.Revoked {
err := fmt.Errorf("The issuer revoked")
if err != nil {
return res, err
}
}
createServicePairParams := &CreateServicePairParams{
CommonName: params.ServiceCommonName,
IssuerKey: issuerDescr.Key,
IssuerCert: issuerDescr.Cert,
IPAddresses: params.InetAddresses,
}
createSericePairRes, err := CreateServicePair(createServicePairParams)
if err != nil {
return res, err
}
serviceDescr := &descriptor.Service{
Name: createSericePairRes.Name,
IssuerID: issuerDescr.ID,
IssuerName: issuerDescr.Name,
Cert: createSericePairRes.Cert,
Key: createSericePairRes.Key,
}
serviceID, err := lg.db.InsertService(ctx, serviceDescr)
if err != nil {
return res, err
}
res.Name = createSericePairRes.Name
res.ServiceID = serviceID
res.Cerificate = createSericePairRes.Cert
res.Key = createSericePairRes.Key
res.IssuerID = issuerDescr.ID
res.IssuerCertificate = issuerDescr.Cert
return res, err
}
func (lg *Logic) GetServicePair(ctx context.Context, params *cmapi.GetServicePairParams) (*cmapi.GetServicePairResult, error) {
var err error
res := &cmapi.GetServicePairResult{}
var serviceDescr *descriptor.Service
var serviceExists bool
switch {
case params.ServiceID != 0:
serviceExists, serviceDescr, err = lg.db.GetServiceByID(ctx, params.ServiceID)
if !serviceExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.ServiceName != "":
serviceExists, serviceDescr, err = lg.db.GetServiceByName(ctx, params.ServiceName)
if !serviceExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Service ID or name is not specified")
if err != nil {
return res, err
}
}
if serviceDescr == nil {
err := fmt.Errorf("Service descriptor is nil")
if err != nil {
return res, err
}
}
res.Certificate = serviceDescr.Cert
res.Key = serviceDescr.Key
res.IssuerID = serviceDescr.IssuerID
res.IssuerName = serviceDescr.IssuerName
res.Revoked = serviceDescr.Revoked
return res, err
}
func (lg *Logic) ListServicePairs(ctx context.Context, params *cmapi.ListServicePairsParams) (*cmapi.ListServicePairsResult, error) {
var err error
res := &cmapi.ListServicePairsResult{
Services: make([]*cmapi.ServiceShortDescriptor, 0),
}
listServices, err := lg.db.ListServices(ctx)
if err != nil {
return res, err
}
for _, service := range listServices {
serviceShortDescr := cmapi.ServiceShortDescriptor{
ServiceID: service.ID,
IssuerID: service.IssuerID,
IssuerName: service.IssuerName,
Name: service.Name,
Revoked: service.Revoked,
}
res.Services = append(res.Services, &serviceShortDescr)
}
return res, err
}
func (lg *Logic) RevokeServicePair(ctx context.Context, params *cmapi.RevokeServicePairParams) (*cmapi.RevokeServicePairResult, error) {
var err error
res := &cmapi.RevokeServicePairResult{}
var serviceDescr *descriptor.Service
var serviceExists bool
switch {
case params.ServiceID != 0:
serviceExists, serviceDescr, err = lg.db.GetServiceByID(ctx, params.ServiceID)
if !serviceExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.ServiceName != "":
serviceExists, serviceDescr, err = lg.db.GetServiceByName(ctx, params.ServiceName)
if !serviceExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Service ID or name is not specified")
if err != nil {
return res, err
}
}
if serviceDescr == nil {
err := fmt.Errorf("Service descriptor is nil")
if err != nil {
return res, err
}
}
if !serviceDescr.Revoked {
serviceDescr.Revoked = true
err = lg.db.UpdateServiceByID(ctx, serviceDescr.ID, serviceDescr)
if err != nil {
return res, err
}
}
return res, err
}
func (lg *Logic) UnrevokeServicePair(ctx context.Context, params *cmapi.UnrevokeServicePairParams) (*cmapi.UnrevokeServicePairResult, error) {
var err error
res := &cmapi.UnrevokeServicePairResult{}
var serviceDescr *descriptor.Service
var serviceExists bool
switch {
case params.ServiceID != 0:
serviceExists, serviceDescr, err = lg.db.GetServiceByID(ctx, params.ServiceID)
if !serviceExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.ServiceName != "":
serviceExists, serviceDescr, err = lg.db.GetServiceByName(ctx, params.ServiceName)
if !serviceExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Service ID or name is not specified")
if err != nil {
return res, err
}
}
if serviceDescr == nil {
err := fmt.Errorf("Service descriptor is nil")
if err != nil {
return res, err
}
}
if serviceDescr.Revoked {
serviceDescr.Revoked = false
err = lg.db.UpdateServiceByID(ctx, serviceDescr.ID, serviceDescr)
if err != nil {
return res, err
}
}
return res, err
}

137
internal/logic/x509.go
View File

@@ -5,6 +5,7 @@ import (
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/base64"
"encoding/pem"
"fmt"
"math/big"
@@ -12,60 +13,19 @@ import (
"time"
)
func CreateX509SelfSignedCert(subject string, commonNames ...string) ([]byte, []byte, error) {
var err error
certPem := make([]byte, 0)
keyPem := make([]byte, 0)
now := time.Now()
const yearsAfter int = 10
const keySize int = 2048
key, err := rsa.GenerateKey(rand.Reader, keySize)
if err != nil {
err := fmt.Errorf("Can't create a private key: %v", err)
return certPem, keyPem, err
}
keyPemBlock := pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
}
keyPem = pem.EncodeToMemory(&keyPemBlock)
dnsNames := make([]string, 0)
dnsNames = append(dnsNames, subject)
dnsNames = append(dnsNames, commonNames...)
tml := x509.Certificate{
SerialNumber: big.NewInt(now.Unix()),
NotBefore: now,
NotAfter: now.AddDate(yearsAfter, 0, 0),
Subject: pkix.Name{
CommonName: subject,
},
DNSNames: dnsNames,
IPAddresses: []net.IP{net.ParseIP("192.168.57.1")},
BasicConstraintsValid: true,
}
certBytes, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
if err != nil {
return certPem, keyPem, fmt.Errorf("Can't create a certificate: %v", err)
}
certPemBlock := pem.Block{
Type: "CERTIFICATE",
Bytes: certBytes,
}
certPem = pem.EncodeToMemory(&certPemBlock)
if err != nil {
return certPem, keyPem, err
}
return certPem, keyPem, err
type CreateIssuerPairParams struct {
CommonName string
}
type CreateIssuerPairResult struct {
Name string
Cert string
Key string
}
func CreateX509CACert(commonName string) ([]byte, []byte, error) {
func CreateIssuerPair(params *CreateIssuerPairParams) (*CreateIssuerPairResult, error) {
var err error
res := &CreateIssuerPairResult{}
certPem := make([]byte, 0)
keyPem := make([]byte, 0)
@@ -77,7 +37,7 @@ func CreateX509CACert(commonName string) ([]byte, []byte, error) {
key, err := rsa.GenerateKey(rand.Reader, keySize)
if err != nil {
err := fmt.Errorf("Can't create a private key: %v", err)
return certPem, keyPem, err
return res, err
}
keyPemBlock := pem.Block{
@@ -86,13 +46,16 @@ func CreateX509CACert(commonName string) ([]byte, []byte, error) {
}
keyPem = pem.EncodeToMemory(&keyPemBlock)
subjectName := pkix.Name{
CommonName: params.CommonName,
}
res.Name = subjectName.String()
tml := x509.Certificate{
SerialNumber: big.NewInt(now.Unix()),
NotBefore: now,
NotAfter: now.AddDate(yearsAfter, 0, 0),
Subject: pkix.Name{
CommonName: commonName,
},
SerialNumber: big.NewInt(now.Unix()),
NotBefore: now,
NotAfter: now.AddDate(yearsAfter, 0, 0),
Subject: subjectName,
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
@@ -100,7 +63,8 @@ func CreateX509CACert(commonName string) ([]byte, []byte, error) {
}
certBytes, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
if err != nil {
return certPem, keyPem, fmt.Errorf("Can't create a certificate: %v", err)
err := fmt.Errorf("Can't create a certificate: %v", err)
return res, err
}
certPemBlock := pem.Block{
@@ -108,15 +72,33 @@ func CreateX509CACert(commonName string) ([]byte, []byte, error) {
Bytes: certBytes,
}
certPem = pem.EncodeToMemory(&certPemBlock)
if err != nil {
return certPem, keyPem, err
return res, err
}
return certPem, keyPem, err
res.Cert = base64.StdEncoding.EncodeToString(certPem)
res.Key = base64.StdEncoding.EncodeToString(keyPem)
return res, err
}
func CreateX509Cert(commonName string, caKeyPem []byte, dnsNames ...string) ([]byte, []byte, error) {
type CreateServicePairParams struct {
CommonName string
DNSNames []string
IPAddresses []string
IssuerKey string
IssuerCert string
}
type CreateServicePairResult struct {
Name string
Cert string
Key string
}
func CreateServicePair(params *CreateServicePairParams) (*CreateServicePairResult, error) {
var err error
var res *CreateServicePairResult
certPem := make([]byte, 0)
keyPem := make([]byte, 0)
now := time.Now()
@@ -127,7 +109,7 @@ func CreateX509Cert(commonName string, caKeyPem []byte, dnsNames ...string) ([]b
key, err := rsa.GenerateKey(rand.Reader, keySize)
if err != nil {
err := fmt.Errorf("Can't create a private key: %v", err)
return certPem, keyPem, err
return res, err
}
keyPemBlock := pem.Block{
Type: "RSA PRIVATE KEY",
@@ -135,25 +117,36 @@ func CreateX509Cert(commonName string, caKeyPem []byte, dnsNames ...string) ([]b
}
keyPem = pem.EncodeToMemory(&keyPemBlock)
caKeyPem, err := base64.StdEncoding.DecodeString(params.IssuerKey)
if err != nil {
return res, err
}
pemBlock, _ := pem.Decode(caKeyPem)
if pemBlock == nil {
err := fmt.Errorf("Can't parse a CA private key block")
return certPem, keyPem, err
return res, err
}
caKey, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes)
if err != nil {
err := fmt.Errorf("Can't parse a CA private key")
return certPem, keyPem, err
return res, err
}
netAddresses := make([]net.IP, 0)
for _, ipAddress := range params.IPAddresses {
netAddress := net.ParseIP(ipAddress)
netAddresses = append(netAddresses, netAddress)
}
tml := x509.Certificate{
SerialNumber: big.NewInt(now.Unix()),
NotBefore: now,
NotAfter: now.AddDate(yearsAfter, 0, 0),
Subject: pkix.Name{
CommonName: commonName,
CommonName: params.CommonName,
},
DNSNames: append([]string{commonName}, dnsNames...),
DNSNames: params.DNSNames,
IPAddresses: netAddresses,
IsCA: false,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
@@ -161,7 +154,7 @@ func CreateX509Cert(commonName string, caKeyPem []byte, dnsNames ...string) ([]b
}
certBytes, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, caKey)
if err != nil {
return certPem, keyPem, fmt.Errorf("Can't create a certificate: %v", err)
return res, fmt.Errorf("Can't create a certificate: %v", err)
}
certPemBlock := pem.Block{
@@ -170,7 +163,9 @@ func CreateX509Cert(commonName string, caKeyPem []byte, dnsNames ...string) ([]b
}
certPem = pem.EncodeToMemory(&certPemBlock)
if err != nil {
return certPem, keyPem, err
return res, err
}
return certPem, keyPem, err
res.Cert = base64.StdEncoding.EncodeToString(certPem)
res.Key = base64.StdEncoding.EncodeToString(keyPem)
return res, err
}

16
internal/test/Makefile.am Normal file
View File

@@ -0,0 +1,16 @@
all:
makedir:
test -z $(DESTDIR)$(SRV_LOGDIR) || $(MKDIR_P) $(DESTDIR)$(SRV_LOGDIR)
test -z $(DESTDIR)$(SRV_RUNDIR) || $(MKDIR_P) $(DESTDIR)$(SRV_RUNDIR)
test -z $(DESTDIR)$(SRV_DATADIR) || $(MKDIR_P) $(DESTDIR)$(SRV_DATADIR)
test: makedir
$(GO) test -v
clean-local:
rm -f *~

426
internal/test/Makefile.in Normal file
View File

@@ -0,0 +1,426 @@
# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = internal/test
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CP = @CP@
CSCOPE = @CSCOPE@
CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DBUILDPACKAGE = @DBUILDPACKAGE@
DEFS = @DEFS@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
ETAGS = @ETAGS@
GO = @GO@
HAVE_GO = @HAVE_GO@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PROTOC = @PROTOC@
ROOT_GROUP = @ROOT_GROUP@
RPMBUILD = @RPMBUILD@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SRV_CONFDIR = @SRV_CONFDIR@
SRV_DATADIR = @SRV_DATADIR@
SRV_LOGDIR = @SRV_LOGDIR@
SRV_RUNDIR = @SRV_RUNDIR@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
am__leading_dot = @am__leading_dot@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
srv_confdir = @srv_confdir@
srv_datadir = @srv_datadir@
srv_devel_mode = @srv_devel_mode@
srv_logdir = @srv_logdir@
srv_name = @srv_name@
srv_rundir = @srv_rundir@
srv_sbindir = @srv_sbindir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu internal/test/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu internal/test/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic clean-local mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am:
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-local \
cscopelist-am ctags-am distclean distclean-generic distdir dvi \
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
pdf-am ps ps-am tags-am uninstall uninstall-am
.PRECIOUS: Makefile
all:
makedir:
test -z $(DESTDIR)$(SRV_LOGDIR) || $(MKDIR_P) $(DESTDIR)$(SRV_LOGDIR)
test -z $(DESTDIR)$(SRV_RUNDIR) || $(MKDIR_P) $(DESTDIR)$(SRV_RUNDIR)
test -z $(DESTDIR)$(SRV_DATADIR) || $(MKDIR_P) $(DESTDIR)$(SRV_DATADIR)
test: makedir
$(GO) test -v
clean-local:
rm -f *~
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

4
internal/test/database_test.go
View File

@@ -14,7 +14,7 @@ import (
yaml "gopkg.in/yaml.v3"
)
func TestDatabaseIssuer(t *testing.T) {
func XXTestDatabaseIssuer(t *testing.T) {
var err error
conf := config.NewConfig()
err = conf.ReadFile()
@@ -65,7 +65,7 @@ func TestDatabaseIssuer(t *testing.T) {
require.NoError(t, err)
}
func TestDatabaseService(t *testing.T) {
func XXXTestDatabaseService(t *testing.T) {
var err error
conf := config.NewConfig()
err = conf.ReadFile()

153
internal/test/logic_test.go
View File

@@ -2,9 +2,12 @@ package test
import (
"context"
"encoding/json"
"fmt"
"testing"
"time"
//"encoding/base64"
"strings"
cmapi "certmanager/api/certmanagercontrol"
"certmanager/internal/config"
@@ -16,35 +19,143 @@ import (
func TestLogicIssuer(t *testing.T) {
var err error
conf := config.NewConfig()
err = conf.ReadFile()
require.NoError(t, err)
var lg *logic.Logic
{
conf := config.NewConfig()
err = conf.ReadFile()
require.NoError(t, err)
db, err := database.NewDatabase(conf.DataDir)
require.NoError(t, err)
require.NotNil(t, db)
db, err := database.NewDatabase(conf.DataDir)
require.NoError(t, err)
require.NotNil(t, db)
err = db.InitDatabase()
require.NoError(t, err)
err = db.InitDatabase()
require.NoError(t, err)
logicConfig := &logic.LogicConfig{
Auths: conf.Auths,
Database: db,
logicConfig := &logic.LogicConfig{
Auths: conf.Auths,
Database: db,
}
lg, err = logic.NewLogic(logicConfig)
require.NoError(t, err)
require.NotNil(t, lg)
}
lg, err := logic.NewLogic(logicConfig)
require.NoError(t, err)
require.NotNil(t, lg)
ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
createIssuerPairParams := &cmapi.CreateIssuerPairParams{
SelfSigned: true,
IssuerName: "foo.bar",
issuerCommonName := "foo.bar"
var issuerID int64
{
createIssuerPairParams := &cmapi.CreateIssuerPairParams{
IssuerCommonName: issuerCommonName,
}
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, createIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, createIssuerPairRes)
issuerID = createIssuerPairRes.IssuerID
printObj("issuerID", issuerID)
}
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, createIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, createIssuerPairRes)
var issuerCert string
{
getIssuerCertificateParams := &cmapi.GetIssuerCertificateParams{
IssuerID: issuerID,
}
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, getIssuerCertificateParams)
require.NoError(t, err)
require.NotNil(t, getIssuerCertificateRes)
require.NotZero(t, len(getIssuerCertificateRes.Certificate))
fmt.Printf("issuerId: %d\n", createIssuerPairRes.IssuerID)
printObj("getIssuerCertificateRes", getIssuerCertificateRes)
require.NoError(t, err)
issuerCert = getIssuerCertificateRes.Certificate
require.NotZero(t, len(issuerCert))
printObj("issuerCert", string(issuerCert))
}
{
revokeIssuerPairParams := &cmapi.RevokeIssuerPairParams{
IssuerID: issuerID,
}
revokeIssuerPairRes, err := lg.RevokeIssuerPair(ctx, revokeIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, revokeIssuerPairRes)
printObj("revokeIssuerPairRes", revokeIssuerPairRes)
require.NoError(t, err)
}
{
getIssuerCertificateParams := &cmapi.GetIssuerCertificateParams{
IssuerID: issuerID,
}
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, getIssuerCertificateParams)
require.NoError(t, err)
require.NotNil(t, getIssuerCertificateRes)
require.NotZero(t, len(getIssuerCertificateRes.Certificate))
require.True(t, getIssuerCertificateRes.Revoked)
printObj("getIssuerCertificateRes", getIssuerCertificateRes)
}
{
unrevokeIssuerPairParams := &cmapi.UnrevokeIssuerPairParams{
IssuerID: issuerID,
}
unrevokeIssuerPairRes, err := lg.UnrevokeIssuerPair(ctx, unrevokeIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, unrevokeIssuerPairRes)
printObj("unrevokeIssuerPairRes", unrevokeIssuerPairRes)
require.NoError(t, err)
}
{
getIssuerCertificateParams := &cmapi.GetIssuerCertificateParams{
IssuerID: issuerID,
}
getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, getIssuerCertificateParams)
require.NoError(t, err)
require.NotNil(t, getIssuerCertificateRes)
require.NotZero(t, len(getIssuerCertificateRes.Certificate))
require.False(t, getIssuerCertificateRes.Revoked)
printObj("getIssuerCertificateRes", getIssuerCertificateRes)
}
{
listIssuerPairsParams := &cmapi.ListIssuerPairsParams{}
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, listIssuerPairsParams)
require.NoError(t, err)
require.NotNil(t, listIssuerPairsRes)
require.NotZero(t, len(listIssuerPairsRes.Issuers))
printObj("listIssuerPairRes", listIssuerPairsRes)
}
{
importIssuerPairParams := &cmapi.ImportIssuerPairParams{
Certificate: issuerCert,
}
importIssuerPairRes, err := lg.ImportIssuerPair(ctx, importIssuerPairParams)
require.NoError(t, err)
require.NotNil(t, importIssuerPairRes)
printObj("importIssuerPairRes", importIssuerPairRes)
}
{
listIssuerPairsParams := &cmapi.ListIssuerPairsParams{}
listIssuerPairsRes, err := lg.ListIssuerPairs(ctx, listIssuerPairsParams)
require.NoError(t, err)
require.NotNil(t, listIssuerPairsRes)
require.NotZero(t, len(listIssuerPairsRes.Issuers))
printObj("listIssuerPairRes", listIssuerPairsRes)
}
}
func printObj(label string, obj any) {
objBytes, _ := json.MarshalIndent(obj, " ", " ")
objString := string(objBytes)
if strings.Count(objString, "\n") < 2 {
fmt.Printf("==== %s: %s\n", label, objString)
} else {
fmt.Printf("==== %s ::\n %s\n", label, objString)
}
}

67
proto/certmanagercontrol.proto
View File

@@ -26,24 +26,37 @@ message getStatusResult {
}
message createIssuerPairParams {
string issuerName = 1;
string validUntil = 2;
bool selfSigned = 3;
int64 uplevelIssuerID = 4;
string uplevelIssuerName = 5;
string issuerCommonName = 1;
bool intermediate = 2;
int64 signerIssuerID = 3;
string signerIssuerName = 4;
string validUntil = 5;
string keySize = 6;
}
message createIssuerPairResult {
int64 issuerID = 1;
string caCertificate = 2;
string certificate = 2;
}
message getIssuerCertificateParams {
int64 issuerID = 1;
string issuerName = 2;
}
message getIssuerCertificateResult {
string name = 1;
string certificate = 2;
bool revoked = 3;
int64 issuerID = 4;
}
message importIssuerPairParams {
string certificate = 1;
string key = 2;
}
message importIssuerPairResult {
int64 issuerID = 1;
string issuerName = 2;
}
message revokeIssuerPairParams {
@@ -61,36 +74,30 @@ message unrevokeIssuerPairResult {}
message listIssuerPairsParams {}
message listIssuerPairsResult {
repeated IssierShortDescriptor issiers = 1;
repeated IssierShortDescriptor issuers = 1;
}
message IssierShortDescriptor {
int64 issuerID = 1;
string issuerName = 2;
string name = 2;
bool revoked = 3;
}
message getIssuerCertificateParams {
int64 issuerID = 1;
string issuerName = 2;
}
message getIssuerCertificateResult {
string caCertificate = 1;
}
message createServicePairParams {
string issuerName = 1;
int64 issuerID = 2;
string serviceName = 3;
string validUntil = 4;
repeated string hostnames = 5;
repeated string inetAddress = 6;
string issuerName = 1;
int64 issuerID = 2;
string serviceCommonName = 3;
repeated string hostnames = 5;
repeated string inetAddresses = 6;
}
message createServicePairResult {
int64 servicePairId = 1;
string ca = 2;
string cerificate = 3;
string key = 4;
int64 serviceID = 1;
string name = 2;
string issuerCertificate = 3;
int64 issuerID = 4;
string cerificate = 5;
string key = 6;
}
message revokeServicePairParams {
@@ -111,7 +118,7 @@ message unrevokeServicePairResult {}
message ServiceShortDescriptor {
int64 serviceID = 1;
string serviceName = 2;
string name = 2;
string issuerName = 3;
int64 issuerID = 4;
bool revoked = 5;
@@ -127,6 +134,10 @@ message getServicePairParams {
string serviceName = 2;
}
message getServicePairResult {
string caCertificate = 1;
string name = 1;
string certificate = 2;
string key = 3;
int64 issuerID = 4;
string issuerName = 5;
bool revoked = 6;
}