2018-10-05 21:48:36 +00:00
|
|
|
package authority
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/x509"
|
|
|
|
|
2020-01-24 06:04:34 +00:00
|
|
|
"github.com/smallstep/certificates/errs"
|
2018-10-05 21:48:36 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Root returns the certificate corresponding to the given SHA sum argument.
|
|
|
|
func (a *Authority) Root(sum string) (*x509.Certificate, error) {
|
|
|
|
val, ok := a.certificates.Load(sum)
|
|
|
|
if !ok {
|
2020-01-24 06:04:34 +00:00
|
|
|
return nil, errs.NotFound("certificate with fingerprint %s was not found", sum)
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
crt, ok := val.(*x509.Certificate)
|
|
|
|
if !ok {
|
2020-01-24 06:04:34 +00:00
|
|
|
return nil, errs.InternalServer("stored value is not a *x509.Certificate")
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
|
|
|
return crt, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetRootCertificate returns the server root certificate.
|
|
|
|
func (a *Authority) GetRootCertificate() *x509.Certificate {
|
2019-01-07 23:30:28 +00:00
|
|
|
return a.rootX509Certs[0]
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetRootCertificates returns the server root certificates.
|
2019-01-15 02:09:06 +00:00
|
|
|
//
|
|
|
|
// In the Authority interface we also have a similar method, GetRoots, at the
|
|
|
|
// moment the functionality of these two methods are almost identical, but this
|
|
|
|
// method is intended to be used internally by CA HTTP server to load the roots
|
|
|
|
// that will be set in the tls.Config while GetRoots will be used by the
|
|
|
|
// Authority interface and might have extra checks in the future.
|
2019-01-07 23:30:28 +00:00
|
|
|
func (a *Authority) GetRootCertificates() []*x509.Certificate {
|
|
|
|
return a.rootX509Certs
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
2019-01-05 01:51:32 +00:00
|
|
|
|
2019-01-08 01:48:56 +00:00
|
|
|
// GetRoots returns all the root certificates for this CA.
|
2019-01-15 02:09:06 +00:00
|
|
|
// This method implements the Authority interface.
|
2019-01-12 03:08:08 +00:00
|
|
|
func (a *Authority) GetRoots() ([]*x509.Certificate, error) {
|
2019-01-08 01:48:56 +00:00
|
|
|
return a.rootX509Certs, nil
|
|
|
|
}
|
|
|
|
|
2019-01-05 01:51:32 +00:00
|
|
|
// GetFederation returns all the root certificates in the federation.
|
2019-01-15 02:09:06 +00:00
|
|
|
// This method implements the Authority interface.
|
2019-01-12 03:08:08 +00:00
|
|
|
func (a *Authority) GetFederation() (federation []*x509.Certificate, err error) {
|
2024-03-12 21:29:55 +00:00
|
|
|
a.certificates.Range(func(_, v interface{}) bool {
|
2019-01-05 01:51:32 +00:00
|
|
|
crt, ok := v.(*x509.Certificate)
|
|
|
|
if !ok {
|
|
|
|
federation = nil
|
2020-01-24 06:04:34 +00:00
|
|
|
err = errs.InternalServer("stored value is not a *x509.Certificate")
|
2019-01-05 01:51:32 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
federation = append(federation, crt)
|
|
|
|
return true
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
2024-05-15 19:12:17 +00:00
|
|
|
|
|
|
|
// GetIntermediateCertificate return the intermediate certificate that issues
|
|
|
|
// the leaf certificates in the CA.
|
|
|
|
//
|
|
|
|
// This method can return nil if the CA is configured with a Certificate
|
|
|
|
// Authority Service (CAS) that does not implement the
|
|
|
|
// CertificateAuthorityGetter interface.
|
|
|
|
func (a *Authority) GetIntermediateCertificate() *x509.Certificate {
|
|
|
|
if len(a.intermediateX509Certs) > 0 {
|
|
|
|
return a.intermediateX509Certs[0]
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetIntermediateCertificates returns a list of all intermediate certificates
|
|
|
|
// configured. The first certificate in the list will be the issuer certificate.
|
|
|
|
//
|
|
|
|
// This method can return an empty list or nil if the CA is configured with a
|
|
|
|
// Certificate Authority Service (CAS) that does not implement the
|
|
|
|
// CertificateAuthorityGetter interface.
|
|
|
|
func (a *Authority) GetIntermediateCertificates() []*x509.Certificate {
|
|
|
|
return a.intermediateX509Certs
|
|
|
|
}
|