ziggi/certmanager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
07b32e881ed5be8f01d1ba189d06c49152615de4
certmanager/internal/logic/issuer.go
Олег Бородин 07b32e881e istore: updated
2024-08-07 09:20:36 +02:00

299 lines
7.7 KiB
Go
Raw Blame History

package logic
import (
"context"
"fmt"
"time"
cmapi "certmanager/pkg/cmctl"
"certmanager/internal/descriptor"
"certmanager/pkg/cm509"
)
func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmapi.CreateIssuerPairParams) (*cmapi.CreateIssuerPairResult, error) {
var err error
res := &cmapi.CreateIssuerPairResult{}
var signerDescr *descriptor.Issuer
var signerExists bool
if params.SignerID > 0 {
signerExists, signerDescr, err = lg.db.GetIssuerByID(ctx, params.SignerID)
if !signerExists {
err := fmt.Errorf("Issuer with id %d cannot found", params.SignerID)
if err != nil {
return res, err
}
}
} else if params.SignerName != "" {
signerExists, signerDescr, err = lg.db.GetIssuerByName(ctx, params.SignerName)
if signerExists {
err := fmt.Errorf("Issuer with name %s cannot found", params.SignerName)
if err != nil {
return res, err
}
}
}
createIssuerPairParams := &cm509.CreateIssuerPairParams{
CommonName: params.IssuerCommonName,
}
if signerDescr != nil {
lg.log.Debugf("Create issuer with signer name %s", signerDescr.Name)
createIssuerPairParams.SignerCert = signerDescr.Cert
createIssuerPairParams.SignerKey = signerDescr.Key
}
createIssuerPairRes, err := cm509.CreateIssuerPair(createIssuerPairParams)
if err != nil {
return res, err
}
issuerDescr := &descriptor.Issuer{
Name: createIssuerPairRes.Name,
Cert: createIssuerPairRes.Cert,
Key: createIssuerPairRes.Key,
}
issuerExists, _, err := lg.db.GetIssuerByName(ctx, issuerDescr.Name)
if issuerExists {
err := fmt.Errorf("Issuer with name %s already exists", issuerDescr.Name)
if err != nil {
return res, err
}
}
issuerID, err := lg.db.InsertIssuer(ctx, issuerDescr)
if err != nil {
return res, err
}
res.IssuerID = issuerID
res.IssuerName = createIssuerPairRes.Name
res.Certificate = createIssuerPairRes.Cert
return res, err
}
func (lg *Logic) GetIssuerCertificate(ctx context.Context, params *cmapi.GetIssuerCertificateParams) (*cmapi.GetIssuerCertificateResult, error) {
var err error
res := &cmapi.GetIssuerCertificateResult{}
var issuerDescr *descriptor.Issuer
var issuerExists bool
switch {
case params.IssuerID != 0:
issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID)
if !issuerExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.IssuerName != "":
issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName)
if !issuerExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Issuer ID or name is not specified")
if err != nil {
return res, err
}
}
if issuerDescr == nil {
err := fmt.Errorf("Issuer descriptor is nil")
if err != nil {
return res, err
}
}
res.IssuerID = issuerDescr.ID
res.Certificate = issuerDescr.Cert
res.Name = issuerDescr.Name
res.Revoked = issuerDescr.Revoked
return res, err
}
func (lg *Logic) ImportIssuerPair(ctx context.Context, params *cmapi.ImportIssuerPairParams) (*cmapi.ImportIssuerPairResult, error) {
var err error
res := &cmapi.ImportIssuerPairResult{}
if params.Certificate == "" {
err := fmt.Errorf("Empty issuer cerificata data")
return res, err
}
cert, err := cm509.ParseDoubleEncodedCerificate(params.Certificate)
if err != nil {
return res, err
}
if !cert.IsCA {
err := fmt.Errorf("Certificate is not CA")
return res, err
}
certExpired := cert.NotAfter.Before(time.Now())
if certExpired {
err := fmt.Errorf("Issuer %s expired %v", cert.Subject.String(), cert.NotAfter)
return res, err
}
if params.Key == "" {
err := fmt.Errorf("Empty issuer key data")
return res, err
}
_, err = cm509.ParseDoubleEncodedKey(params.Key)
if err != nil {
return res, err
}
certSubjectCN := cert.Subject.String()
certIssuerCN := cert.Issuer.String()
if certSubjectCN != certIssuerCN {
if len(params.ChainCertificate) > 0 {
err := fmt.Errorf("Issuer %s is self signed and not required certificate chain", cert.Subject.String())
return res, err
}
intermCertStrings, err := cm509.CheckDoubleEncodedCertificateChain(certIssuerCN, params.ChainCertificate)
if err != nil {
return res, err
}
for _, intermCertString := range intermCertStrings {
intermCertObj, err := cm509.ParseDoubleEncodedCerificate(intermCertString)
if err != nil {
return res, err
}
issuerDescr := &descriptor.Issuer{
Name: intermCertObj.Issuer.String(),
Cert: intermCertString,
Key: "",
}
_, err = lg.db.InsertIssuer(ctx, issuerDescr)
if err != nil {
return res, err
}
}
}
issuerDescr := &descriptor.Issuer{
Name: cert.Issuer.String(),
Cert: params.Certificate,
Key: params.Key,
}
issuerID, err := lg.db.InsertIssuer(ctx, issuerDescr)
if err != nil {
return res, err
}
res.IssuerName = cert.Subject.String()
res.IssuerID = issuerID
return res, err
}
func (lg *Logic) RevokeIssuerPair(ctx context.Context, params *cmapi.RevokeIssuerPairParams) (*cmapi.RevokeIssuerPairResult, error) {
var err error
res := &cmapi.RevokeIssuerPairResult{}
var issuerDescr *descriptor.Issuer
var issuerExists bool
switch {
case params.IssuerID != 0:
issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID)
if !issuerExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.IssuerName != "":
issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName)
if !issuerExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Issuer ID or name is not specified")
if err != nil {
return res, err
}
}
if issuerDescr == nil {
err := fmt.Errorf("Issuer descriptor is nil")
if err != nil {
return res, err
}
}
if !issuerDescr.Revoked {
issuerDescr.Revoked = true
err = lg.db.UpdateIssuerByID(ctx, issuerDescr.ID, issuerDescr)
if err != nil {
return res, err
}
}
return res, err
}
func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, params *cmapi.UnrevokeIssuerPairParams) (*cmapi.UnrevokeIssuerPairResult, error) {
var err error
res := &cmapi.UnrevokeIssuerPairResult{}
var issuerDescr *descriptor.Issuer
var issuerExists bool
switch {
case params.IssuerID != 0:
issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID)
if !issuerExists {
err := fmt.Errorf("No signer with this ID was found")
if err != nil {
return res, err
}
}
case params.IssuerName != "":
issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName)
if !issuerExists {
err := fmt.Errorf("No signer with this common name was found")
if err != nil {
return res, err
}
}
default:
err := fmt.Errorf("Issuer ID or name is not specified")
if err != nil {
return res, err
}
}
if issuerDescr == nil {
err := fmt.Errorf("Issuer descriptor is nil")
if err != nil {
return res, err
}
}
if issuerDescr.Revoked {
issuerDescr.Revoked = false
err = lg.db.UpdateIssuerByID(ctx, issuerDescr.ID, issuerDescr)
if err != nil {
return res, err
}
}
return res, err
}
func (lg *Logic) ListIssuerPairs(ctx context.Context, params *cmapi.ListIssuerPairsParams) (*cmapi.ListIssuerPairsResult, error) {
var err error
res := &cmapi.ListIssuerPairsResult{
Issuers: make([]*cmapi.IssierShortDescriptor, 0),
}
listIssuers, err := lg.db.ListIssuers(ctx)
if err != nil {
return res, err
}
for _, issuer := range listIssuers {
issuerShortDescr := cmapi.IssierShortDescriptor{
IssuerID: issuer.ID,
Name: issuer.Name,
Revoked: issuer.Revoked,
}
res.Issuers = append(res.Issuers, &issuerShortDescr)
}
return res, err
}
Reference in New Issue View Git Blame Copy Permalink