/
cafilters.go
90 lines (70 loc) · 2.44 KB
/
cafilters.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package app
import (
"encoding/json"
"errors"
"fmt"
"strings"
"github.com/temporalio/tcld/protogen/api/namespace/v1"
)
type certificateFilter struct {
CommonName string `json:"commonName"`
Organization string `json:"organization"`
OrganizationalUnit string `json:"organizationalUnit"`
SubjectAlternativeName string `json:"subjectAlternativeName"`
}
type certificateFiltersConfig struct {
Filters []certificateFilter `json:"filters,omitempty"`
}
func parseCertificateFilters(configJson []byte) (certificateFiltersConfig, error) {
if len(configJson) == 0 {
return certificateFiltersConfig{}, nil
}
var filters certificateFiltersConfig
if err := json.Unmarshal(configJson, &filters); err != nil {
return certificateFiltersConfig{}, err
}
if err := filters.validate(); err != nil {
return certificateFiltersConfig{}, err
}
return filters, nil
}
func (config certificateFiltersConfig) validate() error {
seenSet := make(map[certificateFilter]struct{})
for _, filter := range config.Filters {
if !isFieldSet(filter.CommonName) && !isFieldSet(filter.Organization) && !isFieldSet(filter.OrganizationalUnit) && !isFieldSet(filter.SubjectAlternativeName) {
return errors.New("certificate filter must have at least one field set")
}
if _, ok := seenSet[filter]; ok {
return fmt.Errorf("supplied certificate filters contain at least one duplicate entry: '%+v'", filter)
}
seenSet[filter] = struct{}{}
}
return nil
}
func (config certificateFiltersConfig) toSpec() []*namespace.CertificateFilterSpec {
var results []*namespace.CertificateFilterSpec
for _, filter := range config.Filters {
results = append(results, &namespace.CertificateFilterSpec{
CommonName: filter.CommonName,
Organization: filter.Organization,
OrganizationalUnit: filter.OrganizationalUnit,
SubjectAlternativeName: filter.SubjectAlternativeName,
})
}
return results
}
func fromSpec(filters []*namespace.CertificateFilterSpec) certificateFiltersConfig {
var result certificateFiltersConfig
for _, filter := range filters {
result.Filters = append(result.Filters, certificateFilter{
CommonName: filter.CommonName,
Organization: filter.Organization,
OrganizationalUnit: filter.OrganizationalUnit,
SubjectAlternativeName: filter.SubjectAlternativeName,
})
}
return result
}
func isFieldSet(fieldValue string) bool {
return len(strings.TrimSpace(fieldValue)) > 0
}