package logic import ( "context" "fmt" "crypto/x509" "encoding/base64" "encoding/pem" cmapi "certmanager/api/certmanagercontrol" "certmanager/internal/descriptor" ) func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmapi.CreateIssuerPairParams) (*cmapi.CreateIssuerPairResult, error) { var err error res := &cmapi.CreateIssuerPairResult{} createIssuerPairParams := &CreateIssuerPairParams{ CommonName: params.IssuerCommonName, } createIssuerPairRes, err := CreateIssuerPair(createIssuerPairParams) if err != nil { return res, err } issuer := &descriptor.Issuer{ Name: createIssuerPairRes.Name, Cert: createIssuerPairRes.Cert, Key: createIssuerPairRes.Key, } issuerID, err := lg.db.InsertIssuer(ctx, issuer) if err != nil { return res, err } res.IssuerID = issuerID return res, err } func (lg *Logic) GetIssuerCertificate(ctx context.Context, params *cmapi.GetIssuerCertificateParams) (*cmapi.GetIssuerCertificateResult, error) { var err error res := &cmapi.GetIssuerCertificateResult{} var issuerDescr *descriptor.Issuer var issuerExists bool switch { case params.IssuerID != 0: issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID) if !issuerExists { err := fmt.Errorf("No signer with this ID was found") if err != nil { return res, err } } case params.IssuerName != "": issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName) if !issuerExists { err := fmt.Errorf("No signer with this common name was found") if err != nil { return res, err } } default: err := fmt.Errorf("Issuer ID or name is not specified") if err != nil { return res, err } } if issuerDescr == nil { err := fmt.Errorf("Issuer descriptor is nil") if err != nil { return res, err } } res.IssuerID = issuerDescr.ID res.Certificate = issuerDescr.Cert res.Name = issuerDescr.Name res.Revoked = issuerDescr.Revoked return res, err } func (lg *Logic) ImportIssuerPair(ctx context.Context, params *cmapi.ImportIssuerPairParams) (*cmapi.ImportIssuerPairResult, error) { var err error res := &cmapi.ImportIssuerPairResult{} certPEM, err := base64.StdEncoding.DecodeString(params.Certificate) if err != nil { return res, err } certBlock, _ := pem.Decode([]byte(certPEM)) if certBlock == nil { err := fmt.Errorf("Failed to parse certificate PEM") return res, err } cert, err := x509.ParseCertificate(certBlock.Bytes) if err != nil { return res, err } if !cert.IsCA { err := fmt.Errorf("Certificate is not CA") return res, err } if params.Key != "" { keyPEM, err := base64.StdEncoding.DecodeString(params.Key) if err != nil { return res, err } keyBlock, _ := pem.Decode([]byte(keyPEM)) if keyBlock == nil { err := fmt.Errorf("Failed to parse certificate PEM") return res, err } } issuerDescr := &descriptor.Issuer{ Name: cert.Issuer.String(), Cert: params.Certificate, Key: params.Key, } issuerID, err := lg.db.InsertIssuer(ctx, issuerDescr) if err != nil { return res, err } res.IssuerName = cert.Subject.String() res.IssuerID = issuerID return res, err } func (lg *Logic) RevokeIssuerPair(ctx context.Context, params *cmapi.RevokeIssuerPairParams) (*cmapi.RevokeIssuerPairResult, error) { var err error res := &cmapi.RevokeIssuerPairResult{} var issuerDescr *descriptor.Issuer var issuerExists bool switch { case params.IssuerID != 0: issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID) if !issuerExists { err := fmt.Errorf("No signer with this ID was found") if err != nil { return res, err } } case params.IssuerName != "": issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName) if !issuerExists { err := fmt.Errorf("No signer with this common name was found") if err != nil { return res, err } } default: err := fmt.Errorf("Issuer ID or name is not specified") if err != nil { return res, err } } if issuerDescr == nil { err := fmt.Errorf("Issuer descriptor is nil") if err != nil { return res, err } } if !issuerDescr.Revoked { issuerDescr.Revoked = true err = lg.db.UpdateIssuerByID(ctx, issuerDescr.ID, issuerDescr) if err != nil { return res, err } } return res, err } func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, params *cmapi.UnrevokeIssuerPairParams) (*cmapi.UnrevokeIssuerPairResult, error) { var err error res := &cmapi.UnrevokeIssuerPairResult{} var issuerDescr *descriptor.Issuer var issuerExists bool switch { case params.IssuerID != 0: issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID) if !issuerExists { err := fmt.Errorf("No signer with this ID was found") if err != nil { return res, err } } case params.IssuerName != "": issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName) if !issuerExists { err := fmt.Errorf("No signer with this common name was found") if err != nil { return res, err } } default: err := fmt.Errorf("Issuer ID or name is not specified") if err != nil { return res, err } } if issuerDescr == nil { err := fmt.Errorf("Issuer descriptor is nil") if err != nil { return res, err } } if issuerDescr.Revoked { issuerDescr.Revoked = false err = lg.db.UpdateIssuerByID(ctx, issuerDescr.ID, issuerDescr) if err != nil { return res, err } } return res, err } func (lg *Logic) ListIssuerPairs(ctx context.Context, params *cmapi.ListIssuerPairsParams) (*cmapi.ListIssuerPairsResult, error) { var err error res := &cmapi.ListIssuerPairsResult{ Issuers: make([]*cmapi.IssierShortDescriptor, 0), } listIssuers, err := lg.db.ListIssuers(ctx) if err != nil { return res, err } for _, issuer := range listIssuers { issuerShortDescr := cmapi.IssierShortDescriptor{ IssuerID: issuer.ID, Name: issuer.Name, Revoked: issuer.Revoked, } res.Issuers = append(res.Issuers, &issuerShortDescr) } return res, err }