Added state file location defintion to the CA configuration. Added more certificate properties to certificate database.
This commit is contained in:
34
ca.go
34
ca.go
@@ -24,6 +24,7 @@ import (
|
||||
type Paths struct {
|
||||
Certificates string `hcl:"certificates"`
|
||||
PrivateKeys string `hcl:"private_keys"`
|
||||
StatePath string `hcl:"state_file"`
|
||||
}
|
||||
|
||||
type CAConfig struct {
|
||||
@@ -143,15 +144,23 @@ func (c *Certificates) LoadFromFile(path string) error {
|
||||
|
||||
// Global CA configuration and state variables
|
||||
var caConfigPath string
|
||||
var caState *CAState
|
||||
var caConfig *CAConfig
|
||||
|
||||
var caStatePath string
|
||||
var caState *CAState
|
||||
|
||||
var caKey *rsa.PrivateKey
|
||||
var caCert *x509.Certificate
|
||||
|
||||
// LoadCAConfig parses and validates the CA config from the given path and stores it in the CAConfig global variable
|
||||
func LoadCAConfig() error {
|
||||
if verbose {
|
||||
fmt.Printf("Loading CA config from \"%s\"", caConfigPath)
|
||||
cwd, err := os.Getwd()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Printf("The current working dirctory: \"%s\"\n", cwd)
|
||||
fmt.Printf("Loading CA config from \"%s\"... ", caConfigPath)
|
||||
}
|
||||
parser := hclparse.NewParser()
|
||||
file, diags := parser.ParseHCLFile(caConfigPath)
|
||||
@@ -172,6 +181,14 @@ func LoadCAConfig() error {
|
||||
if err := config.CA.Validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// If the state file is specified as an absolute path, use it directly.
|
||||
if filepath.IsAbs(config.CA.Paths.StatePath) {
|
||||
caStatePath = config.CA.Paths.StatePath
|
||||
} else {
|
||||
caStatePath = filepath.Join(filepath.Dir(caConfigPath), config.CA.Paths.StatePath)
|
||||
}
|
||||
|
||||
caConfig = &config.CA
|
||||
return nil
|
||||
}
|
||||
@@ -329,6 +346,7 @@ func InitCA() error {
|
||||
|
||||
err = LoadCAConfig()
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %v\n", err)
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -532,12 +550,8 @@ func issueSingleCertificate(def CertificateDefinition) error {
|
||||
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
|
||||
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
|
||||
|
||||
basename := def.Name
|
||||
if basename == "" {
|
||||
basename = def.Subject
|
||||
}
|
||||
certFile := filepath.Join(caConfig.Paths.Certificates, basename+".crt.pem")
|
||||
keyFile := filepath.Join(caConfig.Paths.PrivateKeys, basename+".key.pem")
|
||||
certFile := filepath.Join(caConfig.Paths.Certificates, def.Name+".crt.pem")
|
||||
keyFile := filepath.Join(caConfig.Paths.PrivateKeys, def.Name+".key.pem")
|
||||
if err := SavePEM(certFile, certPEM, false); err != nil {
|
||||
return fmt.Errorf("error saving certificate: %v", err)
|
||||
}
|
||||
@@ -562,7 +576,9 @@ Certificate:
|
||||
}
|
||||
caState.UpdateCAStateAfterIssue(
|
||||
caConfig.SerialType,
|
||||
basename,
|
||||
def.Name,
|
||||
def.Subject,
|
||||
def.Type,
|
||||
serialNumber,
|
||||
validityDur,
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user