Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "Begins to fix issue 87"

Browse Source 
This reverts commit e2ba4159c3.
pull/440/head
Miclain Keffeler 4 years ago
parent 393c43201f
commit bfd13f1f72
3 changed files with 14 additions and 46 deletions
Show Stats Download Patch File Download Diff File

18
api/sign.go
Unescape Escape View File

@ -12,12 +12,11 @@ import (
// SignRequest is the request body for a certificate signature request. // SignRequest is the request body for a certificate signature request.
type SignRequest struct { type SignRequest struct {
CsrPEM CertificateRequest `json:"csr"` CsrPEM CertificateRequest `json:"csr"`
OTT string `json:"ott"` OTT string `json:"ott"`
NotAfter TimeDuration `json:"notAfter,omitempty"` NotAfter TimeDuration `json:"notAfter,omitempty"`
NotBefore TimeDuration `json:"notBefore,omitempty"` NotBefore TimeDuration `json:"notBefore,omitempty"`
AppendedCertsFile string `json:"AppendedCertsFile,omitempty"` TemplateData json.RawMessage `json:"templateData,omitempty"`
TemplateData json.RawMessage `json:"templateData,omitempty"`
} }
// Validate checks the fields of the SignRequest and returns nil if they are ok // Validate checks the fields of the SignRequest and returns nil if they are ok
@ -62,10 +61,9 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) {
} }
opts := provisioner.SignOptions{ opts := provisioner.SignOptions{
NotBefore: body.NotBefore, NotBefore: body.NotBefore,
NotAfter: body.NotAfter, NotAfter: body.NotAfter,
TemplateData: body.TemplateData, TemplateData: body.TemplateData,
AppendedCertsFile: body.AppendedCertsFile,
} }
signOpts, err := h.Authority.AuthorizeSign(body.OTT) signOpts, err := h.Authority.AuthorizeSign(body.OTT)

9
authority/provisioner/sign_options.go
Unescape Escape View File

@ -23,11 +23,10 @@ const DefaultCertValidity = 24 * time.Hour
// SignOptions contains the options that can be passed to the Sign method. Backdate // SignOptions contains the options that can be passed to the Sign method. Backdate
// is automatically filled and can only be configured in the CA. // is automatically filled and can only be configured in the CA.
type SignOptions struct { type SignOptions struct {
NotAfter TimeDuration `json:"notAfter"` NotAfter TimeDuration `json:"notAfter"`
NotBefore TimeDuration `json:"notBefore"` NotBefore TimeDuration `json:"notBefore"`
AppendedCertsFile string `json:"AppendedCertsFile"` TemplateData json.RawMessage `json:"templateData"`
TemplateData json.RawMessage `json:"templateData"` Backdate time.Duration `json:"-"`
Backdate time.Duration `json:"-"`
} }
// SignOption is the interface used to collect all extra options used in the // SignOption is the interface used to collect all extra options used in the

33
authority/tls.go
Unescape Escape View File

@ -8,8 +8,6 @@ import (
"encoding/asn1" "encoding/asn1"
"encoding/base64" "encoding/base64"
"encoding/pem" "encoding/pem"
"io/ioutil"
"log"
"net/http" "net/http"
"time" "time"
@ -69,7 +67,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
certModifiers []provisioner.CertificateModifier certModifiers []provisioner.CertificateModifier
certEnforcers []provisioner.CertificateEnforcer certEnforcers []provisioner.CertificateEnforcer
) )
var thecertfile = signOpts.AppendedCertsFile
opts := []interface{}{errs.WithKeyVal("csr", csr), errs.WithKeyVal("signOptions", signOpts)} opts := []interface{}{errs.WithKeyVal("csr", csr), errs.WithKeyVal("signOptions", signOpts)}
if err := csr.CheckSignature(); err != nil { if err := csr.CheckSignature(); err != nil {
return nil, errs.Wrap(http.StatusBadRequest, err, "authority.Sign; invalid certificate request", opts...) return nil, errs.Wrap(http.StatusBadRequest, err, "authority.Sign; invalid certificate request", opts...)
@ -163,35 +161,8 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
"authority.Sign; error storing certificate in db", opts...) "authority.Sign; error storing certificate in db", opts...)
} }
} }
//If the user defined a file to append to in ca.json
//log.Fatal(string(thecertfile))
if thecertfile != "" {
content, err := ioutil.ReadFile(string(thecertfile))
if err != nil {
log.Fatal(err)
}
block, _ := pem.Decode([]byte(content))
if block == nil {
log.Fatal(err)
}
certs, err := x509.ParseCertificate(block.Bytes)
if err != nil {
log.Fatal(err)
}
var thecert = make([]*x509.Certificate, len(resp.CertificateChain)+1)
for i, aid := range resp.CertificateChain {
//log.wr(aid)
thecert[i] = aid
}
thecert[len(resp.CertificateChain)] = certs
return append([]*x509.Certificate{resp.Certificate}, thecert...), nil
}
var thecert = make([]*x509.Certificate, len(resp.CertificateChain))
for i, aid := range resp.CertificateChain {
thecert[i] = aid
}
return append([]*x509.Certificate{resp.Certificate}, thecert...), nil
return append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...), nil
} }
// Renew creates a new Certificate identical to the old certificate, except // Renew creates a new Certificate identical to the old certificate, except

Write Preview
Loading…
Cancel
Save