-
Notifications
You must be signed in to change notification settings - Fork 21
/
uri.go
89 lines (78 loc) · 2.26 KB
/
uri.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
//go:build !notpmkms
// +build !notpmkms
package tpmkms
import (
"errors"
"fmt"
"go.step.sm/crypto/kms/uri"
)
type objectProperties struct {
name string
ak bool
tss2 bool
attestBy string
qualifyingData []byte
path string
storeLocation string
store string
intermediateStoreLocation string
intermediateStore string
skipFindCertificateKey bool
keyID string
sha1 string
serial string
issuer string
}
func parseNameURI(nameURI string) (o objectProperties, err error) {
if nameURI == "" {
return o, errors.New("empty URI not supported")
}
var u *uri.URI
var parseErr error
if u, parseErr = uri.ParseWithScheme(Scheme, nameURI); parseErr == nil {
o.path = u.Get("path")
if name := u.Get("name"); name == "" && o.path == "" {
if len(u.Values) == 1 {
o.name = u.Opaque
} else {
for k, v := range u.Values {
if len(v) == 1 && v[0] == "" {
o.name = k
break
}
}
}
} else {
o.name = name
}
o.ak = u.GetBool("ak")
o.tss2 = u.GetBool("tss2")
o.attestBy = u.Get("attest-by")
if qualifyingData := u.GetEncoded("qualifying-data"); qualifyingData != nil {
o.qualifyingData = qualifyingData
}
// store location and store options are used on Windows to override
// which store(s) are used for storing and loading (intermediate) certificates
o.storeLocation = u.Get("store-location")
o.store = u.Get("store")
o.intermediateStoreLocation = u.Get("intermediate-store-location")
o.intermediateStore = u.Get("intermediate-store")
o.skipFindCertificateKey = u.GetBool("skip-find-certificate-key")
o.keyID = u.Get("key-id")
o.sha1 = u.Get("sha1")
o.serial = u.Get("serial")
o.issuer = u.Get("issuer")
// validation
if o.ak && o.attestBy != "" {
return o, errors.New(`"ak" and "attest-by" are mutually exclusive`)
}
return
}
if u, parseErr := uri.Parse(nameURI); parseErr == nil {
if u.Scheme != Scheme {
return o, fmt.Errorf("URI scheme %q is not supported", u.Scheme)
}
}
o.name = nameURI // assumes there's no other properties encoded; just a name
return
}