mirror of https://github.com/status-im/consul.git
Add more metadata to structs.CARoot
This commit is contained in:
parent
627aa80d5a
commit
6e9f1f8acb
|
@ -98,15 +98,9 @@ func (s *ConnectCA) ConfigurationSet(
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
id, err := connect.CalculateCertFingerprint(newRootPEM)
|
newActiveRoot, err := parseCARoot(newRootPEM, args.Config.Provider)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error parsing root fingerprint: %v", err)
|
return err
|
||||||
}
|
|
||||||
newActiveRoot := &structs.CARoot{
|
|
||||||
ID: id,
|
|
||||||
Name: fmt.Sprintf("%s CA Root Cert", config.Provider),
|
|
||||||
RootCert: newRootPEM,
|
|
||||||
Active: true,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Compare the new provider's root CA ID to the current one. If they
|
// Compare the new provider's root CA ID to the current one. If they
|
||||||
|
@ -240,6 +234,10 @@ func (s *ConnectCA) Roots(
|
||||||
reply.Roots[i] = &structs.CARoot{
|
reply.Roots[i] = &structs.CARoot{
|
||||||
ID: r.ID,
|
ID: r.ID,
|
||||||
Name: r.Name,
|
Name: r.Name,
|
||||||
|
SerialNumber: r.SerialNumber,
|
||||||
|
SigningKeyID: r.SigningKeyID,
|
||||||
|
NotBefore: r.NotBefore,
|
||||||
|
NotAfter: r.NotAfter,
|
||||||
RootCert: r.RootCert,
|
RootCert: r.RootCert,
|
||||||
IntermediateCerts: r.IntermediateCerts,
|
IntermediateCerts: r.IntermediateCerts,
|
||||||
RaftIndex: r.RaftIndex,
|
RaftIndex: r.RaftIndex,
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -427,15 +428,9 @@ func (s *Server) initializeCA() error {
|
||||||
return fmt.Errorf("error getting root cert: %v", err)
|
return fmt.Errorf("error getting root cert: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
id, err := connect.CalculateCertFingerprint(rootPEM)
|
rootCA, err := parseCARoot(rootPEM, conf.Provider)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error parsing root fingerprint: %v", err)
|
return err
|
||||||
}
|
|
||||||
rootCA := &structs.CARoot{
|
|
||||||
ID: id,
|
|
||||||
Name: fmt.Sprintf("%s CA Root Cert", conf.Provider),
|
|
||||||
RootCert: rootPEM,
|
|
||||||
Active: true,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the CA root is already initialized and exit if it is.
|
// Check if the CA root is already initialized and exit if it is.
|
||||||
|
@ -478,6 +473,28 @@ func (s *Server) initializeCA() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// parseCARoot returns a filled-in structs.CARoot from a raw PEM value.
|
||||||
|
func parseCARoot(pemValue, provider string) (*structs.CARoot, error) {
|
||||||
|
id, err := connect.CalculateCertFingerprint(pemValue)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error parsing root fingerprint: %v", err)
|
||||||
|
}
|
||||||
|
rootCert, err := connect.ParseCert(pemValue)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error parsing root cert: %v", err)
|
||||||
|
}
|
||||||
|
return &structs.CARoot{
|
||||||
|
ID: id,
|
||||||
|
Name: fmt.Sprintf("%s CA Root Cert", strings.Title(provider)),
|
||||||
|
SerialNumber: rootCert.SerialNumber.Uint64(),
|
||||||
|
SigningKeyID: connect.HexString(rootCert.AuthorityKeyId),
|
||||||
|
NotBefore: rootCert.NotBefore,
|
||||||
|
NotAfter: rootCert.NotAfter,
|
||||||
|
RootCert: pemValue,
|
||||||
|
Active: true,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
// createProvider returns a connect CA provider from the given config.
|
// createProvider returns a connect CA provider from the given config.
|
||||||
func (s *Server) createCAProvider(conf *structs.CAConfiguration) (connect_ca.Provider, error) {
|
func (s *Server) createCAProvider(conf *structs.CAConfiguration) (connect_ca.Provider, error) {
|
||||||
switch conf.Provider {
|
switch conf.Provider {
|
||||||
|
|
|
@ -28,6 +28,17 @@ type CARoot struct {
|
||||||
// opaque to Consul and is not used for anything internally.
|
// opaque to Consul and is not used for anything internally.
|
||||||
Name string
|
Name string
|
||||||
|
|
||||||
|
// SerialNumber is the x509 serial number of the certificate.
|
||||||
|
SerialNumber uint64
|
||||||
|
|
||||||
|
// SigningKeyID is the ID of the public key that corresponds to the
|
||||||
|
// private key used to sign the certificate.
|
||||||
|
SigningKeyID string
|
||||||
|
|
||||||
|
// Time validity bounds.
|
||||||
|
NotBefore time.Time
|
||||||
|
NotAfter time.Time
|
||||||
|
|
||||||
// RootCert is the PEM-encoded public certificate.
|
// RootCert is the PEM-encoded public certificate.
|
||||||
RootCert string
|
RootCert string
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue