certmanager updates

2024-08-14 11:38:01 +02:00
parent 6a3290b9ac
commit f25197e714
13 changed files with 449 additions and 392 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -13,8 +13,6 @@ import (
 )

 const (
-	defaultUsername = "worker"
-	defaultPassword = "worker"
 	defaultHostname = "localhost"

 	configFilename = "certmanagerd.yaml"
@@ -34,15 +32,9 @@ type GserviceConfig struct {
 	PortNum int `json:"port" yaml:"port"`
 }

-type AuthConfig struct {
-	Username string `json:"username" yaml:"username"`
-	Password string `json:"password" yaml:"password"`
-}
-
 type Config struct {
 	Wservice WserviceConfig `json:"wservice"   yaml:"wservice"`
 	Gservice GserviceConfig `json:"gservice"   yaml:"gservice"`
-	Auths    []AuthConfig   `json:"auths"       yaml:"auths"`
 	Hostname string         `json:"hostname"   yaml:"hostname"`
 	Debug    bool           `json:"debug"      yaml:"debug"`
 	Build    string         `json:"build"      yaml:"build"`
@@ -57,13 +49,9 @@ func NewConfig() *Config {
 		Gservice: GserviceConfig{
 			PortNum: client.DefaultGrpcPort,
 		},
-
 		Wservice: WserviceConfig{
 			PortNum: client.DefaultWrpcPort,
 		},
-
-		Auths: make([]AuthConfig, 0),
-
 		DataDir:  datadirPath,
 		Debug:    false,
 		Hostname: defaultHostname,
@@ -149,14 +137,5 @@ func (conf *Config) Normalize() {

 func (conf *Config) Validate() error {
 	var err []error
-
-	for i := range conf.Auths {
-		if conf.Auths[i].Username == "" {
-			err = append(err, errors.New("Username must be set"))
-		}
-		if conf.Auths[i].Password == "" {
-			err = append(err, errors.New("Password must be set"))
-		}
-	}
 	return errors.Join(err...)
 }
--- a/internal/config/path.go
+++ b/internal/config/path.go
@@ -1,9 +1,8 @@
 package config

 const (
-        confdirPath = "/home/ziggi/Projects/certman/etc/certmanager"
-        rundirPath = "/home/ziggi/Projects/certman/tmp/run"
-        logdirPath = "/home/ziggi/Projects/certman/tmp/log"
-        datadirPath = "/home/ziggi/Projects/certman/tmp/data"
+	confdirPath = "/usr/local/etc/certmanager"
+	rundirPath  = "/var/run/certmanager"
+	logdirPath  = "/var/log/certmanager"
+	datadirPath = "/var/data/certmanager"
 )
-
--- a/internal/logic/issuer.go
+++ b/internal/logic/issuer.go
@@ -24,6 +24,10 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, accountID int64, params *
 		err := fmt.Errorf("Operation not allowed for the user")
 		return res, err
 	}
+	if params.IssuerCommonName == "" {
+		err := fmt.Errorf("No common name specified")
+		return res, err
+	}

 	var signerDescr *descriptor.Issuer
 	var signerExists bool
@@ -95,6 +99,16 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, accountID int64, params *
 	fingerprintBytes := sha256.Sum256(issuerCertObj.Raw)
 	fingerprint := fmt.Sprintf("sha256:%x", fingerprintBytes)

+	if signerExists {
+		signerDescrs, err := lg.GetIssuerChain(ctx, issuerDescr.SignerID)
+		if err != nil {
+			return res, err
+		}
+		for _, signerDescr := range signerDescrs {
+			res.SignerCertificates = append(res.SignerCertificates, signerDescr.Cert)
+			res.SignerNames = append(res.SignerNames, signerDescr.Name)
+		}
+	}
 	err = lg.db.InsertIssuer(ctx, issuerDescr)
 	if err != nil {
 		return res, err
--- a/internal/logic/logic.go
+++ b/internal/logic/logic.go
@@ -1,27 +1,23 @@
 package logic

 import (
-	"certmanager/internal/config"
 	"certmanager/internal/database"
 	"certmanager/pkg/logger"
 )

 type LogicConfig struct {
 	Database *database.Database
-	Auths    []config.AuthConfig
 }

 type Logic struct {
-	auths []config.AuthConfig
-	log   *logger.Logger
-	db    *database.Database
+	log *logger.Logger
+	db  *database.Database
 }

 func NewLogic(conf *LogicConfig) (*Logic, error) {
 	var err error
 	lg := &Logic{
-		db:    conf.Database,
-		auths: conf.Auths,
+		db: conf.Database,
 	}
 	lg.log = logger.NewLogger("logic")
 	return lg, err
--- a/internal/logic/service.go
+++ b/internal/logic/service.go
@@ -26,6 +26,11 @@ func (lg *Logic) CreateServicePair(ctx context.Context, accountID int64, params
 		return res, err
 	}

+	if params.ServiceCommonName == "" {
+		err := fmt.Errorf("No common name specified")
+		return res, err
+	}
+
 	var issuerDescr *descriptor.Issuer
 	var issuerExists bool
 	switch {
@@ -51,6 +56,13 @@ func (lg *Logic) CreateServicePair(ctx context.Context, accountID int64, params
 			return res, err
 		}
 	}
+	if !issuerExists {
+		err := fmt.Errorf("Issuer not found")
+		if err != nil {
+			return res, err
+		}
+	}
+
 	if issuerDescr == nil {
 		err := fmt.Errorf("Issuer descriptor is nil")
 		if err != nil {
@@ -99,6 +111,16 @@ func (lg *Logic) CreateServicePair(ctx context.Context, accountID int64, params
 		Cert:       createSericePairRes.Cert,
 		Key:        createSericePairRes.Key,
 	}
+
+	issuerDescrs, err := lg.GetIssuerChain(ctx, serviceDescr.IssuerID)
+	if err != nil {
+		return res, err
+	}
+	for _, issuerDescr := range issuerDescrs {
+		res.IssuerCertificates = append(res.IssuerCertificates, issuerDescr.Cert)
+		res.IssuerNames = append(res.IssuerNames, issuerDescr.Name)
+	}
+
 	err = lg.db.InsertService(ctx, serviceDescr)
 	if err != nil {
 		return res, err
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -86,7 +86,6 @@ func (srv *Server) Build() error {

 	// Create logic
 	logicConfig := &logic.LogicConfig{
-		Auths:    srv.conf.Auths,
 		Database: srv.db,
 	}
 	srv.lg, err = logic.NewLogic(logicConfig)
--- a/internal/test/Makefile.in
+++ b/internal/test/Makefile.in
@@ -233,9 +233,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign internal/test/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu internal/test/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign internal/test/Makefile
+	  $(AUTOMAKE) --gnu internal/test/Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
--- a/internal/test/logic_issuer_create_test.go
+++ b/internal/test/logic_issuer_create_test.go
@@ -37,7 +37,6 @@ func TestIssuerCreateN0(t *testing.T) {
 		require.NoError(t, err)

 		logicConfig := &logic.LogicConfig{
-			Auths:    conf.Auths,
 			Database: db,
 		}
 		lg, err = logic.NewLogic(logicConfig)
@@ -51,7 +50,7 @@ func TestIssuerCreateN0(t *testing.T) {

 	var signerID int64
 	var signerCert string
-	var signerName string
+	//var signerName string
 	{
 		createIssuerPairParams := &cmctl.CreateIssuerPairParams{
 			IssuerOrganizationName:       "Detroit cops",
@@ -63,34 +62,33 @@ func TestIssuerCreateN0(t *testing.T) {
 		require.NotNil(t, createIssuerPairRes)

 		signerID = createIssuerPairRes.IssuerID
-		printObj("signerID", signerID)
-
+		//printObj("signerID", signerID)
 		signerCert = createIssuerPairRes.Certificate
 		//printObj("signerCert", signerCert)
-
-		signerName = createIssuerPairRes.IssuerName
-		printObj("signerName", signerName)
+		//signerName = createIssuerPairRes.IssuerName
+		//printObj("signerName", signerName)

 		signerCertObj, err := cm509.ParseDoubleEncodedCerificate(signerCert)
 		require.NoError(t, err)
 		require.NotNil(t, signerCertObj)
-		printObj("signerCertObj Subject", signerCertObj.Subject.String())
-		printObj("signerCertObj Issuer", signerCertObj.Issuer.String())
+		//printObj("signerCertObj Subject", signerCertObj.Subject.String())
+		//printObj("signerCertObj Issuer", signerCertObj.Issuer.String())

 		require.Equal(t, signerCertObj.Subject.String(), signerCertObj.Issuer.String())
 		require.NotZero(t, signerCertObj.Subject.String())
 		require.NotZero(t, signerCertObj.Issuer.String())

-		signerPEM, err := base64.StdEncoding.DecodeString(signerCert)
-		require.NoError(t, err)
-		require.NotZero(t, len(signerPEM))
-		printObj("signerPEM", string(signerPEM))
+		//signerPEM, err := base64.StdEncoding.DecodeString(signerCert)
+		//require.NoError(t, err)
+		//require.NotZero(t, len(signerPEM))
+		//printObj("signerPEM", string(signerPEM))

+		printObj("createIssuerPairRes", createIssuerPairRes)
 	}

 	var issuerID int64
 	var issuerCert string
-	var issuerName string
+	//var issuerName string
 	{
 		createIssuerPairParams := &cmctl.CreateIssuerPairParams{
 			IssuerCommonName:             "Intendant",
@@ -104,32 +102,49 @@ func TestIssuerCreateN0(t *testing.T) {
 		require.NotNil(t, createIssuerPairRes)

 		issuerID = createIssuerPairRes.IssuerID
-		printObj("issuerID", issuerID)
+		//printObj("issuerID", issuerID)

 		issuerCert = createIssuerPairRes.Certificate
 		//printObj("issuerCert", issuerCert)

-		issuerName = createIssuerPairRes.IssuerName
-		printObj("issuerName", issuerName)
+		//issuerName = createIssuerPairRes.IssuerName
+		//printObj("issuerName", issuerName)

 		issuerCertObj, err := cm509.ParseDoubleEncodedCerificate(issuerCert)
 		require.NoError(t, err)
 		require.NotNil(t, issuerCertObj)
-		printObj("issuerCertObj Subject", issuerCertObj.Subject.String())
-		printObj("issuerCertObj Issuer", issuerCertObj.Issuer.String())
+		//printObj("issuerCertObj Subject", issuerCertObj.Subject.String())
+		//printObj("issuerCertObj Issuer", issuerCertObj.Issuer.String())

 		require.NotEqual(t, issuerCertObj.Subject.String(), issuerCertObj.Issuer.String())
 		require.NotZero(t, issuerCertObj.Subject.String())
 		require.NotZero(t, issuerCertObj.Issuer.String())

-		issuerPEM, err := base64.StdEncoding.DecodeString(issuerCert)
-		require.NoError(t, err)
-		require.NotZero(t, len(issuerPEM))
-		printObj("issuerPEM", string(issuerPEM))
+		//issuerPEM, err := base64.StdEncoding.DecodeString(issuerCert)
+		//require.NoError(t, err)
+		//require.NotZero(t, len(issuerPEM))
+		//printObj("issuerPEM", string(issuerPEM))
+
+		printObj("createIssuerPairRes", createIssuerPairRes)
 	}
+	{
+		getIssuerCertificateParams := &cmctl.GetIssuerCertificateParams{
+			IssuerID: issuerID,
+		}
+		getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, userID, getIssuerCertificateParams)
+		require.NoError(t, err)
+		require.NotNil(t, getIssuerCertificateRes)
+		require.NotZero(t, len(getIssuerCertificateRes.Certificate))
+
+		printObj("getIssuerCertificateRes", getIssuerCertificateRes)
+		require.NoError(t, err)
+	}
+
+	//return
+
 	var serviceID int64
 	var serviceCert string
-	var serviceName string
+	//var serviceName string
 	{
 		createServicePairParams := &cmctl.CreateServicePairParams{
 			ServiceCommonName:             "The Robocop",
@@ -137,43 +152,43 @@ func TestIssuerCreateN0(t *testing.T) {
 			ServiceOrganizationalUnitName: "Special Operations",
 			IssuerID:                      issuerID,
 			//InetAddresses:     []string{"1.1.1.1", "1.1.1.2", "1.1.1.3"},
-			//Hostnames:         []string{"dont.worry", "be.happy"},
+			Hostnames: []string{"dont.worry", "be.happy"},
 		}
 		createServicePairRes, err := lg.CreateServicePair(ctx, userID, createServicePairParams)
 		require.NoError(t, err)
 		require.NotNil(t, createServicePairRes)

 		serviceID = createServicePairRes.ServiceID
-		printObj("serviceID", serviceID)
+		//printObj("serviceID", serviceID)

 		serviceCert = createServicePairRes.Certificate
 		//printObj("serviceCert", serviceCert)

-		serviceName = createServicePairRes.ServiceName
-		printObj("serviceName", serviceName)
+		//serviceName = createServicePairRes.ServiceName
+		//printObj("serviceName", serviceName)

 		serviceCertObj, err := cm509.ParseDoubleEncodedCerificate(serviceCert)
 		require.NoError(t, err)
 		require.NotNil(t, serviceCertObj)
-		printObj("serviceCertObj Subject", serviceCertObj.Subject.String())
-		printObj("serviceCertObj Issuer", serviceCertObj.Issuer.String())
-		printObj("serviceCertObj DNSNames", serviceCertObj.DNSNames)
-		printObj("serviceCertObj IP addresses", serviceCertObj.IPAddresses)
+		//printObj("serviceCertObj Subject", serviceCertObj.Subject.String())
+		//printObj("serviceCertObj Issuer", serviceCertObj.Issuer.String())
+		//printObj("serviceCertObj DNSNames", serviceCertObj.DNSNames)
+		//printObj("serviceCertObj IP addresses", serviceCertObj.IPAddresses)

 		require.NotEqual(t, serviceCertObj.Subject.String(), serviceCertObj.Issuer.String())
-		require.NotZero(t, serviceCertObj.Subject.String())
-		require.NotZero(t, serviceCertObj.Issuer.String())
+		require.NotZero(t, len(serviceCertObj.Subject.String()))
+		require.NotZero(t, len(serviceCertObj.Issuer.String()))

 		servicePEM, err := base64.StdEncoding.DecodeString(serviceCert)
 		require.NoError(t, err)
 		require.NotZero(t, len(servicePEM))
-		printObj("servicePEM", string(servicePEM))
+		//printObj("servicePEM", string(servicePEM))

 		printObj("createServicePairRes", createServicePairRes)

 	}

-	//return
+	return

 	{
 		listIssuerPairsParams := &cmctl.ListIssuerPairsParams{}
@@ -196,18 +211,7 @@ func TestIssuerCreateN0(t *testing.T) {

 		printObj("getServicePairRes.IssuerCertificates", getServicePairRes.IssuerCertificates)
 	}
-	{
-		getIssuerCertificateParams := &cmctl.GetIssuerCertificateParams{
-			IssuerID: issuerID,
-		}
-		getIssuerCertificateRes, err := lg.GetIssuerCertificate(ctx, userID, getIssuerCertificateParams)
-		require.NoError(t, err)
-		require.NotNil(t, getIssuerCertificateRes)
-		require.NotZero(t, len(getIssuerCertificateRes.Certificate))

-		printObj("getIssuerCertificateRes", getIssuerCertificateRes)
-		require.NoError(t, err)
-	}
 }

 func XXXTestIssuerCreateN2(t *testing.T) {
@@ -229,7 +233,6 @@ func XXXTestIssuerCreateN2(t *testing.T) {
 		require.NoError(t, err)

 		logicConfig := &logic.LogicConfig{
-			Auths:    conf.Auths,
 			Database: db,
 		}
 		lg, err = logic.NewLogic(logicConfig)
--- a/internal/test/logic_issuer_import_test.go
+++ b/internal/test/logic_issuer_import_test.go
@@ -39,7 +39,6 @@ func XXXTestLogicImportIssuer(t *testing.T) {
 		require.NoError(t, err)

 		logicConfig := &logic.LogicConfig{
-			Auths:    conf.Auths,
 			Database: db,
 		}
 		lg, err = logic.NewLogic(logicConfig)