2023-03-28 19:39:22 +01:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2018-05-23 14:43:40 -07:00
|
|
|
package ca
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"time"
|
|
|
|
|
2019-07-30 17:47:39 -04:00
|
|
|
"github.com/hashicorp/consul/agent/connect"
|
2018-05-23 14:43:40 -07:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
"github.com/mitchellh/mapstructure"
|
|
|
|
)
|
|
|
|
|
|
|
|
func ParseConsulCAConfig(raw map[string]interface{}) (*structs.ConsulCAProviderConfig, error) {
|
2020-02-11 00:05:49 +01:00
|
|
|
config := defaultConsulCAProviderConfig()
|
2018-05-23 14:43:40 -07:00
|
|
|
decodeConf := &mapstructure.DecoderConfig{
|
2018-09-13 15:43:00 +01:00
|
|
|
DecodeHook: structs.ParseDurationFunc(),
|
2018-05-23 14:43:40 -07:00
|
|
|
Result: &config,
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
}
|
|
|
|
|
|
|
|
decoder, err := mapstructure.NewDecoder(decodeConf)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := decoder.Decode(raw); err != nil {
|
|
|
|
return nil, fmt.Errorf("error decoding config: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if config.PrivateKey == "" && config.RootCert != "" {
|
|
|
|
return nil, fmt.Errorf("must provide a private key when providing a root cert")
|
|
|
|
}
|
|
|
|
|
2018-07-20 16:04:04 -07:00
|
|
|
if err := config.CommonCAProviderConfig.Validate(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2020-02-11 00:05:49 +01:00
|
|
|
if err := config.Validate(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-05-23 14:43:40 -07:00
|
|
|
return &config, nil
|
|
|
|
}
|
|
|
|
|
2020-02-11 00:05:49 +01:00
|
|
|
func defaultConsulCAProviderConfig() structs.ConsulCAProviderConfig {
|
|
|
|
return structs.ConsulCAProviderConfig{
|
|
|
|
CommonCAProviderConfig: defaultCommonConfig(),
|
|
|
|
}
|
|
|
|
}
|
2018-07-16 02:46:10 -07:00
|
|
|
func defaultCommonConfig() structs.CommonCAProviderConfig {
|
|
|
|
return structs.CommonCAProviderConfig{
|
2020-09-09 23:04:56 -07:00
|
|
|
LeafCertTTL: 3 * 24 * time.Hour,
|
|
|
|
IntermediateCertTTL: 24 * 365 * time.Hour,
|
|
|
|
PrivateKeyType: connect.DefaultPrivateKeyType,
|
|
|
|
PrivateKeyBits: connect.DefaultPrivateKeyBits,
|
2021-11-02 11:02:10 -07:00
|
|
|
RootCertTTL: 10 * 24 * 365 * time.Hour,
|
2018-07-16 02:46:10 -07:00
|
|
|
}
|
|
|
|
}
|