smallstep-certificates/authority/root.go

package authority

import (
	"crypto/x509"
	"net/http"

	"github.com/pkg/errors"
)

// Root returns the certificate corresponding to the given SHA sum argument.
func (a *Authority) Root(sum string) (*x509.Certificate, error) {
	val, ok := a.certificates.Load(sum)
	if !ok {
		return nil, &apiError{errors.Errorf("certificate with fingerprint %s was not found", sum),
			http.StatusNotFound, context{}}
	}

	crt, ok := val.(*x509.Certificate)
	if !ok {
		return nil, &apiError{errors.Errorf("stored value is not a *x509.Certificate"),
			http.StatusInternalServerError, context{}}
	}
	return crt, nil
}

// GetRootCertificate returns the server root certificate.
func (a *Authority) GetRootCertificate() *x509.Certificate {
	return a.rootX509Certs[0]
}

// GetRootCertificates returns the server root certificates.
//
// In the Authority interface we also have a similar method, GetRoots, at the
// moment the functionality of these two methods are almost identical, but this
// method is intended to be used internally by CA HTTP server to load the roots
// that will be set in the tls.Config while GetRoots will be used by the
// Authority interface and might have extra checks in the future.
func (a *Authority) GetRootCertificates() []*x509.Certificate {
	return a.rootX509Certs
}

// GetRoots returns all the root certificates for this CA.
// This method implements the Authority interface.
func (a *Authority) GetRoots() ([]*x509.Certificate, error) {
	return a.rootX509Certs, nil
}

// GetFederation returns all the root certificates in the federation.
// This method implements the Authority interface.
func (a *Authority) GetFederation() (federation []*x509.Certificate, err error) {
	a.certificates.Range(func(k, v interface{}) bool {
		crt, ok := v.(*x509.Certificate)
		if !ok {
			federation = nil
			err = &apiError{errors.Errorf("stored value is not a *x509.Certificate"),
				http.StatusInternalServerError, context{}}
			return false
		}
		federation = append(federation, crt)
		return true
	})
	return
}
first commit 2018-10-05 21:48:36 +00:00			`package authority`

			`import (`
			`"crypto/x509"`
			`"net/http"`

			`"github.com/pkg/errors"`
			`)`

			`// Root returns the certificate corresponding to the given SHA sum argument.`
			`func (a Authority) Root(sum string) (x509.Certificate, error) {`
			`val, ok := a.certificates.Load(sum)`
			`if !ok {`
			`return nil, &apiError{errors.Errorf("certificate with fingerprint %s was not found", sum),`
			`http.StatusNotFound, context{}}`
			`}`

			`crt, ok := val.(*x509.Certificate)`
			`if !ok {`
Add initial support for federated root certificates. 2019-01-05 01:51:32 +00:00			`return nil, &apiError{errors.Errorf("stored value is not a *x509.Certificate"),`
first commit 2018-10-05 21:48:36 +00:00			`http.StatusInternalServerError, context{}}`
			`}`
			`return crt, nil`
			`}`

			`// GetRootCertificate returns the server root certificate.`
			`func (a Authority) GetRootCertificate() x509.Certificate {`
Add support for multiple roots. 2019-01-07 23:30:28 +00:00			`return a.rootX509Certs[0]`
			`}`

			`// GetRootCertificates returns the server root certificates.`
Add comment to differentiate GetRootCertificates and GetRoots. 2019-01-15 02:09:06 +00:00			`//`
			`// In the Authority interface we also have a similar method, GetRoots, at the`
			`// moment the functionality of these two methods are almost identical, but this`
			`// method is intended to be used internally by CA HTTP server to load the roots`
			`// that will be set in the tls.Config while GetRoots will be used by the`
			`// Authority interface and might have extra checks in the future.`
Add support for multiple roots. 2019-01-07 23:30:28 +00:00			`func (a Authority) GetRootCertificates() []x509.Certificate {`
			`return a.rootX509Certs`
first commit 2018-10-05 21:48:36 +00:00			`}`
Add initial support for federated root certificates. 2019-01-05 01:51:32 +00:00
Add mTLS request to get all the root CAs, not the federated ones. 2019-01-08 01:48:56 +00:00			`// GetRoots returns all the root certificates for this CA.`
Add comment to differentiate GetRootCertificates and GetRoots. 2019-01-15 02:09:06 +00:00			`// This method implements the Authority interface.`
Remove mTLS client requirement in /roots and /federation 2019-01-12 03:08:08 +00:00			`func (a Authority) GetRoots() ([]x509.Certificate, error) {`
Add mTLS request to get all the root CAs, not the federated ones. 2019-01-08 01:48:56 +00:00			`return a.rootX509Certs, nil`
			`}`

Add initial support for federated root certificates. 2019-01-05 01:51:32 +00:00			`// GetFederation returns all the root certificates in the federation.`
Add comment to differentiate GetRootCertificates and GetRoots. 2019-01-15 02:09:06 +00:00			`// This method implements the Authority interface.`
Remove mTLS client requirement in /roots and /federation 2019-01-12 03:08:08 +00:00			`func (a Authority) GetFederation() (federation []x509.Certificate, err error) {`
Add initial support for federated root certificates. 2019-01-05 01:51:32 +00:00			`a.certificates.Range(func(k, v interface{}) bool {`
			`crt, ok := v.(*x509.Certificate)`
			`if !ok {`
			`federation = nil`
			`err = &apiError{errors.Errorf("stored value is not a *x509.Certificate"),`
			`http.StatusInternalServerError, context{}}`
			`return false`
			`}`
			`federation = append(federation, crt)`
			`return true`
			`})`
			`return`
			`}`