-
Notifications
You must be signed in to change notification settings - Fork 17
/
foundries_pki.go
122 lines (103 loc) · 2.91 KB
/
foundries_pki.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package client
import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"github.com/sirupsen/logrus"
)
type CaCerts struct {
RootCrt string `json:"root-crt"`
CaCrt string `json:"ca-crt"`
CaCsr string `json:"ca-csr"`
EstCrt string `json:"est-tls-crt"`
TlsCrt string `json:"tls-crt"`
TlsCsr string `json:"tls-csr"`
ChangeMeta ChangeMeta `json:"change-meta"`
CreateCaScript *string `json:"create_ca"`
CreateDeviceCaScript *string `json:"create_device_ca"`
SignCaScript *string `json:"sign_ca_csr"`
SignTlsScript *string `json:"sign_tls_csr"`
}
func (a *Api) FactoryGetCA(factory string) (CaCerts, error) {
url := a.serverUrl + "/ota/factories/" + factory + "/certs/"
logrus.Debugf("Getting certs %s", url)
var resp CaCerts
body, err := a.Get(url)
if err != nil {
return resp, err
}
err = json.Unmarshal(*body, &resp)
return resp, err
}
func (a *Api) FactoryCreateCA(factory string) (CaCerts, error) {
url := a.serverUrl + "/ota/factories/" + factory + "/certs/"
logrus.Debugf("Creating new factory CA %s", url)
var resp CaCerts
body, err := a.Post(url, []byte("{}"))
if err != nil {
return resp, err
}
err = json.Unmarshal(*body, &resp)
return resp, err
}
func (a *Api) FactoryPatchCA(factory string, certs CaCerts) error {
url := a.serverUrl + "/ota/factories/" + factory + "/certs/"
logrus.Debugf("Patching factory CA %s", url)
data, err := json.Marshal(certs)
if err != nil {
return err
}
_, err = a.Patch(url, data)
return err
}
type estCsr struct {
TlsCsr string `json:"tls-csr"`
}
type estCrt struct {
TlsCrt string `json:"tls-crt"`
}
func (a *Api) FactoryCreateEstCsr(factory string) (string, error) {
url := a.serverUrl + "/ota/factories/" + factory + "/certs/est/"
logrus.Debugf("Creating EST CSR %s", url)
body, err := a.Post(url, nil)
if err != nil {
return "", err
}
var csr estCsr
if err = json.Unmarshal(*body, &csr); err != nil {
return "", err
}
return csr.TlsCsr, nil
}
func (a *Api) FactorySetEstCrt(factory string, cert string) error {
url := a.serverUrl + "/ota/factories/" + factory + "/certs/est/"
logrus.Debugf("Putting EST certs %s", url)
crt := estCrt{cert}
data, err := json.Marshal(crt)
if err != nil {
return err
}
_, err = a.Put(url, data)
return err
}
func (a *Api) FactoryEstUrl(factory string, port int, resource string) (string, error) {
cert, err := a.FactoryGetCA(factory)
if err != nil {
return "", err
}
if len(cert.EstCrt) == 0 {
return "", errors.New("EST server is not configured. Please see `fioctl keys est`")
}
block, _ := pem.Decode([]byte(cert.EstCrt))
c, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return "", fmt.Errorf("Failed to parse certificate: %w", err)
}
if len(c.DNSNames) != 1 {
return "", fmt.Errorf("Certificate expected to have 1 DNS name, %d found", len(c.DNSNames))
}
url := fmt.Sprintf("https://%s:%d%s", c.DNSNames[0], port, resource)
return url, nil
}