smallstep-certificates/authority/mgmt/authConfig.go

68 lines
1.9 KiB
Go
Raw Normal View History

2021-05-06 06:02:42 +00:00
package mgmt
import (
2021-05-18 04:07:25 +00:00
"github.com/smallstep/certificates/authority/admin"
2021-05-06 06:02:42 +00:00
"github.com/smallstep/certificates/authority/config"
"github.com/smallstep/certificates/authority/provisioner"
)
// AuthConfig represents the Authority Configuration.
type AuthConfig struct {
//*cas.Options `json:"cas"`
ID string `json:"id"`
2021-05-18 04:07:25 +00:00
ASN1DN *config.ASN1DN `json:"asn1dn,omitempty"`
2021-05-06 06:02:42 +00:00
Provisioners []*Provisioner `json:"-"`
Admins []*Admin `json:"-"`
Claims *Claims `json:"claims,omitempty"`
Backdate string `json:"backdate,omitempty"`
Status StatusType `json:"status,omitempty"`
}
func NewDefaultAuthConfig() *AuthConfig {
return &AuthConfig{
2021-05-07 00:03:12 +00:00
Claims: NewDefaultClaims(),
ASN1DN: &config.ASN1DN{},
2021-05-06 06:02:42 +00:00
Backdate: config.DefaultBackdate.String(),
Status: StatusActive,
}
}
// ToCertificates converts a mgmt AuthConfig to configuration that can be
// directly used by the `step-ca` process. Resources are normalized and
// initialized.
func (ac *AuthConfig) ToCertificates() (*config.AuthConfig, error) {
claims, err := ac.Claims.ToCertificates()
if err != nil {
return nil, err
}
backdate, err := provisioner.NewDuration(ac.Backdate)
if err != nil {
return nil, WrapErrorISE(err, "error converting backdate %s to duration", ac.Backdate)
}
var provs []provisioner.Interface
for _, p := range ac.Provisioners {
authProv, err := p.ToCertificates()
if err != nil {
return nil, err
}
provs = append(provs, authProv)
}
2021-05-18 04:07:25 +00:00
var admins []*admin.Admin
for _, adm := range ac.Admins {
authAdmin, err := adm.ToCertificates()
if err != nil {
return nil, err
}
admins = append(admins, authAdmin)
}
2021-05-06 06:02:42 +00:00
return &config.AuthConfig{
AuthorityID: ac.ID,
Provisioners: provs,
2021-05-18 04:07:25 +00:00
Admins: admins,
2021-05-06 06:02:42 +00:00
Template: ac.ASN1DN,
Claims: claims,
DisableIssuedAtCheck: false,
Backdate: backdate,
}, nil
}