-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsuperset.go
113 lines (93 loc) · 2.82 KB
/
superset.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package certdepot
import (
"github.com/cdr/grip"
"github.com/pkg/errors"
"github.com/square/certstrap/depot"
"github.com/square/certstrap/pkix"
)
func deleteIfExists(dpt depot.Depot, tags ...*depot.Tag) error {
catcher := grip.NewBasicCatcher()
for _, tag := range tags {
if dpt.Check(tag) {
catcher.Add(dpt.Delete(tag))
}
}
return catcher.Resolve()
}
func depotSave(dpt depot.Depot, name string, creds *Credentials) error {
if err := deleteIfExists(dpt, CsrTag(name), PrivKeyTag(name), CrtTag(name)); err != nil {
return errors.Wrap(err, "problem deleting existing credentials")
}
if err := dpt.Put(PrivKeyTag(name), creds.Key); err != nil {
return errors.Wrap(err, "problem saving key")
}
if err := dpt.Put(CrtTag(name), creds.Cert); err != nil {
return errors.Wrap(err, "problem saving certificate")
}
crt, err := pkix.NewCertificateFromPEM(creds.Cert)
if err != nil {
return errors.Wrap(err, "could not get certificate from PEM bytes")
}
rawCrt, err := crt.GetRawCertificate()
if err != nil {
return errors.Wrap(err, "could not get x509 certificate")
}
if err := putTTL(dpt, name, rawCrt.NotAfter); err != nil {
return errors.Wrap(err, "could not put expiration on credentials")
}
return nil
}
func depotGenerate(dpt Depot, name string, do DepotOptions) (*Credentials, error) {
opts := CertificateOptions{
CA: do.CA,
CommonName: name,
Host: name,
Expires: do.DefaultExpiration,
}
pemCACrt, err := dpt.Get(CrtTag(do.CA))
if err != nil {
return nil, errors.Wrap(err, "problem getting CA certificate")
}
_, key, err := opts.CertRequestInMemory()
if err != nil {
return nil, errors.Wrap(err, "problem making certificate request and key")
}
pemKey, err := key.ExportPrivate()
if err != nil {
return nil, errors.Wrap(err, "problem exporting key")
}
crt, err := opts.SignInMemory(dpt)
if err != nil {
return nil, errors.Wrap(err, "problem signing certificate request")
}
pemCrt, err := crt.Export()
if err != nil {
return nil, errors.Wrap(err, "problem exporting certificate")
}
creds, err := NewCredentials(pemCACrt, pemCrt, pemKey)
if err != nil {
return nil, errors.Wrap(err, "could not create credentials")
}
creds.ServerName = name
return creds, nil
}
func depotFind(dpt depot.Depot, name string, do DepotOptions) (*Credentials, error) {
caCrt, err := dpt.Get(CrtTag(do.CA))
if err != nil {
return nil, errors.Wrap(err, "problem getting CA certificate")
}
crt, err := dpt.Get(CrtTag(name))
if err != nil {
return nil, errors.Wrap(err, "problem getting certificate")
}
key, err := dpt.Get(PrivKeyTag(name))
if err != nil {
return nil, errors.Wrap(err, "problem getting key")
}
creds, err := NewCredentials(caCrt, crt, key)
if err != nil {
return nil, errors.Wrap(err, "could not create credentials")
}
creds.ServerName = name
return creds, nil
}