Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support to collection to load the encrypted keys.

Browse Source
This commit is contained in:
Mariano Cano 2019-03-05 14:45:57 -08:00
parent dd0376657c
commit 5a8f78d9d0
2 changed files with 34 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
authority/provisioner/collection.go
View File

@ -8,19 +8,44 @@ import (
// Collection is a memory map of provisioners. // Collection is a memory map of provisioners.
type Collection struct { type Collection struct {
byID *sync.Map byID *sync.Map
byKey *sync.Map
} }
// NewCollection initializes a collection of provisioners. // NewCollection initializes a collection of provisioners.
func NewCollection() *Collection { func NewCollection() *Collection {
return &Collection{ return &Collection{
byID: new(sync.Map), byID: new(sync.Map),
byKey: new(sync.Map),
} }
} }
// Load a provisioner by the ID. // Load a provisioner by the ID.
func (c *Collection) Load(id string) (*Provisioner, bool) { func (c *Collection) Load(id string) (*Provisioner, bool) {
i, ok := c.byID.Load(id) return loadProvisioner(c.byID, id)
}
// LoadEncryptedKey returns a the encrypted key by KeyID. At this moment only
// JWK encrypted keys are indexed by KeyID.
func (c *Collection) LoadEncryptedKey(keyID string) (*Provisioner, bool) {
return loadProvisioner(c.byKey, keyID)
}
// Store adds a provisioner to the collection, it makes sure two provisioner
// does not have the same ID.
func (c *Collection) Store(p *Provisioner) error {
if _, loaded := c.byID.LoadOrStore(p.ID(), p); loaded == false {
return errors.New("cannot add multiple provisioners with the same id")
}
// Store EncryptedKey if defined
if kid, key, ok := p.EncryptedKey(); ok {
c.byKey.Store(kid, key)
}
return nil
}
func loadProvisioner(m *sync.Map, id string) (*Provisioner, bool) {
i, ok := m.Load(id)
if !ok { if !ok {
return nil, false return nil, false
} }
@ -30,12 +55,3 @@ func (c *Collection) Load(id string) (*Provisioner, bool) {
} }
return p, true return p, true
} }
// Store adds a provisioner to the collection, it makes sure two provisioner
// does not have the same ID.
func (c *Collection) Store(p *Provisioner) error {
if _, loaded := c.byID.LoadOrStore(p.ID(), p); loaded == false {
return errors.New("cannot add multiple provisioners with the same id")
}
return nil
}

6
authority/provisioner/provisioner.go
View File

@ -10,6 +10,7 @@ import (
// Interface is the interface that all provisioner types must implement. // Interface is the interface that all provisioner types must implement.
type Interface interface { type Interface interface {
ID() string ID() string
EncryptedKey() (kid string, key string, ok bool)
Init(claims *Claims) error Init(claims *Claims) error
Authorize(token string) ([]SignOption, error) Authorize(token string) ([]SignOption, error)
} }
@ -43,6 +44,11 @@ func (p *Provisioner) ID() string {
return p.base.ID() return p.base.ID()
} }
// EncryptedKey returns the base provisioner encrypted key if it's defined.
func (p *Provisioner) EncryptedKey() (string, string, bool) {
return p.base.EncryptedKey()
}
// Type return the provisioners type. // Type return the provisioners type.
func (p *Provisioner) Type() Type { func (p *Provisioner) Type() Type {
return p.typ return p.typ