smallstep-certificates/webhook/options.go

118 lines
2.8 KiB
Go
Raw Normal View History

2022-09-30 00:16:26 +00:00
package webhook
import (
"crypto/x509"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
"golang.org/x/crypto/ssh"
)
type RequestBodyOption func(*RequestBody) error
func NewRequestBody(options ...RequestBodyOption) (*RequestBody, error) {
rb := &RequestBody{}
for _, fn := range options {
if err := fn(rb); err != nil {
return nil, err
}
}
return rb, nil
}
func WithX509CertificateRequest(cr *x509.CertificateRequest) RequestBodyOption {
return func(rb *RequestBody) error {
rb.X509CertificateRequest = &X509CertificateRequest{
CertificateRequest: x509util.NewCertificateRequestFromX509(cr),
PublicKeyAlgorithm: cr.PublicKeyAlgorithm.String(),
Raw: cr.Raw,
}
if cr.PublicKey != nil {
key, err := x509.MarshalPKIXPublicKey(cr.PublicKey)
if err != nil {
return err
}
rb.X509CertificateRequest.PublicKey = key
}
return nil
}
}
func WithX509Certificate(cert *x509util.Certificate, leaf *x509.Certificate) RequestBodyOption {
return func(rb *RequestBody) error {
rb.X509Certificate = &X509Certificate{
Certificate: cert,
PublicKeyAlgorithm: leaf.PublicKeyAlgorithm.String(),
NotBefore: leaf.NotBefore,
NotAfter: leaf.NotAfter,
}
if leaf.PublicKey != nil {
key, err := x509.MarshalPKIXPublicKey(leaf.PublicKey)
if err != nil {
return err
}
rb.X509Certificate.PublicKey = key
}
return nil
}
}
func WithAttestationData(data *AttestationData) RequestBodyOption {
return func(rb *RequestBody) error {
rb.AttestationData = data
return nil
}
}
func WithSSHCertificateRequest(cr sshutil.CertificateRequest) RequestBodyOption {
return func(rb *RequestBody) error {
rb.SSHCertificateRequest = &SSHCertificateRequest{
Type: cr.Type,
KeyID: cr.KeyID,
Principals: cr.Principals,
}
if cr.Key != nil {
rb.SSHCertificateRequest.PublicKey = cr.Key.Marshal()
}
return nil
}
}
func WithSSHCertificate(cert *sshutil.Certificate, certTpl *ssh.Certificate) RequestBodyOption {
return func(rb *RequestBody) error {
rb.SSHCertificate = &SSHCertificate{
Certificate: cert,
ValidBefore: certTpl.ValidBefore,
ValidAfter: certTpl.ValidAfter,
}
if certTpl.Key != nil {
rb.SSHCertificate.PublicKey = certTpl.Key.Marshal()
}
return nil
}
}
func WithX5CCertificate(leaf *x509.Certificate) RequestBodyOption {
return func(rb *RequestBody) error {
rb.X5CCertificate = &X5CCertificate{
Raw: leaf.Raw,
PublicKeyAlgorithm: leaf.PublicKeyAlgorithm.String(),
NotBefore: leaf.NotBefore,
NotAfter: leaf.NotAfter,
}
if leaf.PublicKey != nil {
key, err := x509.MarshalPKIXPublicKey(leaf.PublicKey)
if err != nil {
return err
}
rb.X5CCertificate.PublicKey = key
}
return nil
}
}