admin/pki: use symlink instead of DB to associate certificate to team
This commit is contained in:
parent
73eb04bcf0
commit
156a87abc0
4 changed files with 83 additions and 46 deletions
|
|
@ -6,10 +6,12 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"math/big"
|
||||
"os"
|
||||
"path"
|
||||
"time"
|
||||
"strconv"
|
||||
|
||||
"srs.epita.fr/fic-server/admin/pki"
|
||||
"srs.epita.fr/fic-server/libfic"
|
||||
|
|
@ -26,7 +28,21 @@ func init() {
|
|||
}))
|
||||
|
||||
router.GET("/api/teams/:tid/certificates", apiHandler(teamHandler(
|
||||
func(team fic.Team, _ []byte) (interface{}, error) { return fic.GetTeamCertificates(team) })))
|
||||
func(team fic.Team, _ []byte) (interface{}, error) {
|
||||
if serials, err := pki.GetTeamSerials(TeamsDir, team.Id); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
var certs []fic.Certificate
|
||||
for _, serial := range serials {
|
||||
if cert, err := fic.GetCertificate(serial); err == nil {
|
||||
certs = append(certs, cert)
|
||||
} else {
|
||||
log.Println("Unable to get back certificate, whereas an association exists on disk: ", err)
|
||||
}
|
||||
}
|
||||
return certs, nil
|
||||
}
|
||||
})))
|
||||
|
||||
router.GET("/api/certs/", apiHandler(getCertificates))
|
||||
router.POST("/api/certs/", apiHandler(generateClientCert))
|
||||
|
|
@ -128,7 +144,7 @@ func generateClientCert(_ httprouter.Params, _ []byte) (interface{}, error) {
|
|||
type CertExported struct {
|
||||
Id string `json:"id"`
|
||||
Creation time.Time `json:"creation"`
|
||||
IdTeam *int64 `json:"id_team"`
|
||||
IdTeam *uint64 `json:"id_team"`
|
||||
Revoked *time.Time `json:"revoked"`
|
||||
}
|
||||
|
||||
|
|
@ -137,8 +153,17 @@ func getCertificates(_ httprouter.Params, _ []byte) (interface{}, error) {
|
|||
return nil, err
|
||||
} else {
|
||||
ret := make([]CertExported, 0)
|
||||
for _, c := range certificates {
|
||||
ret = append(ret, CertExported{fmt.Sprintf("%d", c.Id), c.Creation, c.IdTeam, c.Revoked})
|
||||
for _, cert := range certificates {
|
||||
dstLinkPath := path.Join(TeamsDir, pki.GetCertificateAssociation(cert.Id))
|
||||
|
||||
var idTeam *uint64 = nil
|
||||
if lnk, err := os.Readlink(dstLinkPath); err == nil {
|
||||
if tid, err := strconv.ParseUint(lnk, 10, 64); err == nil {
|
||||
idTeam = &tid
|
||||
}
|
||||
}
|
||||
|
||||
ret = append(ret, CertExported{fmt.Sprintf("%d", cert.Id), cert.Creation, idTeam, cert.Revoked})
|
||||
}
|
||||
return ret, nil
|
||||
}
|
||||
|
|
@ -154,15 +179,7 @@ func updateCertificateAssociation(cert fic.Certificate, body []byte) (interface{
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// TODO: This should be read from file system, not in DB:
|
||||
// the relation is made through a symlink, so if it exists, it is suffisant to read the relation
|
||||
// moreover, backend doesn't update the DB at registration, it only creates a symlink
|
||||
cert.IdTeam = uc.Team
|
||||
|
||||
var serial big.Int
|
||||
serial.SetUint64(cert.Id)
|
||||
|
||||
dstLinkPath := path.Join(TeamsDir, fmt.Sprintf("_AUTH_ID_%0X", serial.Bytes()))
|
||||
dstLinkPath := path.Join(TeamsDir, pki.GetCertificateAssociation(cert.Id))
|
||||
|
||||
if uc.Team != nil {
|
||||
srcLinkPath := fmt.Sprintf("%d", *uc.Team)
|
||||
|
|
@ -173,9 +190,5 @@ func updateCertificateAssociation(cert fic.Certificate, body []byte) (interface{
|
|||
os.Remove(dstLinkPath)
|
||||
}
|
||||
|
||||
if _, err := cert.Update(); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
return cert, err
|
||||
}
|
||||
return cert, nil
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue