-
Notifications
You must be signed in to change notification settings - Fork 0
/
trust.go
96 lines (87 loc) · 2.7 KB
/
trust.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package local
import (
"time"
"github.com/gravitational/teleport/lib/backend"
"github.com/gravitational/teleport/lib/services"
"github.com/gravitational/trace"
)
// CA is local implementation of Trust service that
// is using local backend
type CA struct {
backend backend.Backend
}
// NewCAService returns new instance of CAService
func NewCAService(backend backend.Backend) *CA {
return &CA{backend: backend}
}
// UpsertCertAuthority updates or inserts a new certificate authority
func (s *CA) UpsertCertAuthority(ca services.CertAuthority, ttl time.Duration) error {
if err := ca.Check(); err != nil {
return trace.Wrap(err)
}
data, err := services.GetCertAuthorityMarshaler().MarshalCertAuthority(ca)
if err != nil {
return trace.Wrap(err)
}
err = s.backend.UpsertVal([]string{"authorities", string(ca.GetType())}, ca.GetName(), data, ttl)
if err != nil {
return trace.Wrap(err)
}
return nil
}
// DeleteCertAuthority deletes particular certificate authority
func (s *CA) DeleteCertAuthority(id services.CertAuthID) error {
if err := id.Check(); err != nil {
return trace.Wrap(err)
}
err := s.backend.DeleteKey([]string{"authorities", string(id.Type)}, id.DomainName)
if err != nil {
return trace.Wrap(err)
}
return nil
}
// GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys
// controls if signing keys are loaded
func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool) (services.CertAuthority, error) {
if err := id.Check(); err != nil {
return nil, trace.Wrap(err)
}
data, err := s.backend.GetVal([]string{"authorities", string(id.Type)}, id.DomainName)
if err != nil {
return nil, trace.Wrap(err)
}
ca, err := services.GetCertAuthorityMarshaler().UnmarshalCertAuthority(data)
if err != nil {
return nil, trace.Wrap(err)
}
if err := ca.Check(); err != nil {
return nil, trace.Wrap(err)
}
if !loadSigningKeys {
ca.SetSigningKeys(nil)
}
return ca, nil
}
// GetCertAuthorities returns a list of authorities of a given type
// loadSigningKeys controls whether signing keys should be loaded or not
func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool) ([]services.CertAuthority, error) {
cas := []services.CertAuthority{}
if err := caType.Check(); err != nil {
return nil, trace.Wrap(err)
}
domains, err := s.backend.GetKeys([]string{"authorities", string(caType)})
if err != nil {
if trace.IsNotFound(err) {
return cas, nil
}
return nil, trace.Wrap(err)
}
for _, domain := range domains {
ca, err := s.GetCertAuthority(services.CertAuthID{DomainName: domain, Type: caType}, loadSigningKeys)
if err != nil {
return nil, trace.Wrap(err)
}
cas = append(cas, ca)
}
return cas, nil
}