admin: PKI validity no more hardcoded
This commit is contained in:
parent
14f5cf29b7
commit
4a490b1a33
|
|
@ -2,6 +2,8 @@ package api
|
|||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/base32"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
|
|
@ -11,9 +13,9 @@ import (
|
|||
"math/big"
|
||||
"os"
|
||||
"path"
|
||||
"time"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"srs.epita.fr/fic-server/admin/pki"
|
||||
"srs.epita.fr/fic-server/libfic"
|
||||
|
|
@ -31,8 +33,12 @@ func init() {
|
|||
router.GET("/api/ca/", apiHandler(infoCA))
|
||||
router.GET("/api/ca.pem", apiHandler(getCAPEM))
|
||||
router.POST("/api/ca/new", apiHandler(
|
||||
func(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||
return true, pki.GenerateCA(time.Date(2019, 01, 19, 0, 0, 0, 0, time.UTC), time.Date(2019, 01, 23, 23, 59, 59, 0, time.UTC))
|
||||
func(_ httprouter.Params, body []byte) (interface{}, error) {
|
||||
var upki PKISettings
|
||||
if err := json.Unmarshal(body, &upki); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return true, pki.GenerateCA(upki.NotBefore, upki.NotAfter)
|
||||
}))
|
||||
|
||||
router.GET("/api/teams/:tid/certificates", apiHandler(teamHandler(
|
||||
|
|
@ -83,7 +89,7 @@ func init() {
|
|||
}
|
||||
|
||||
func genHtpasswd() (ret string, err error) {
|
||||
var teams []fic.Team
|
||||
var teams []fic.Team
|
||||
teams, err = fic.GetTeams()
|
||||
if err != nil {
|
||||
return
|
||||
|
|
@ -125,24 +131,33 @@ func genHtpasswd() (ret string, err error) {
|
|||
return
|
||||
}
|
||||
|
||||
type PKISettings struct {
|
||||
Version int `json:"version"`
|
||||
SerialNumber *big.Int `json:"serialnumber"`
|
||||
Issuer pkix.Name `json:"issuer"`
|
||||
Subject pkix.Name `json:"subject"`
|
||||
NotBefore time.Time `json:"notbefore"`
|
||||
NotAfter time.Time `json:"notafter"`
|
||||
SignatureAlgorithm x509.SignatureAlgorithm `json:"signatureAlgorithm,"`
|
||||
PublicKeyAlgorithm x509.PublicKeyAlgorithm `json:"publicKeyAlgorithm"`
|
||||
}
|
||||
|
||||
func infoCA(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||
_, cacert, err := pki.LoadCA()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ret := map[string]interface{}{}
|
||||
|
||||
ret["version"] = cacert.Version
|
||||
ret["serialnumber"] = cacert.SerialNumber
|
||||
ret["issuer"] = cacert.Issuer
|
||||
ret["subject"] = cacert.Subject
|
||||
ret["notbefore"] = cacert.NotBefore
|
||||
ret["notafter"] = cacert.NotAfter
|
||||
ret["signatureAlgorithm"] = cacert.SignatureAlgorithm
|
||||
ret["publicKeyAlgorithm"] = cacert.PublicKeyAlgorithm
|
||||
|
||||
return ret, nil
|
||||
return PKISettings{
|
||||
Version: cacert.Version,
|
||||
SerialNumber: cacert.SerialNumber,
|
||||
Issuer: cacert.Issuer,
|
||||
Subject: cacert.Subject,
|
||||
NotBefore: cacert.NotBefore,
|
||||
NotAfter: cacert.NotAfter,
|
||||
SignatureAlgorithm: cacert.SignatureAlgorithm,
|
||||
PublicKeyAlgorithm: cacert.PublicKeyAlgorithm,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func getCAPEM(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||
|
|
@ -214,7 +229,7 @@ func generateClientCert(_ httprouter.Params, _ []byte) (interface{}, error) {
|
|||
type CertExported struct {
|
||||
Id string `json:"id"`
|
||||
Creation time.Time `json:"creation"`
|
||||
IdTeam *uint64 `json:"id_team"`
|
||||
IdTeam *uint64 `json:"id_team"`
|
||||
Revoked *time.Time `json:"revoked"`
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -570,6 +570,12 @@ angular.module("FICApp")
|
|||
})
|
||||
|
||||
.controller("PKIController", function($scope, $rootScope, Certificate, CACertificate, Team, $location, $http) {
|
||||
var ts = Date.now() - Date.now() % 86400000;
|
||||
var d = new Date(ts);
|
||||
$scope.notBefore = d.toISOString();
|
||||
var f = new Date(ts + 3 * 86400000);
|
||||
$scope.notAfter = f.toISOString();
|
||||
|
||||
$scope.teams = Team.query();
|
||||
$scope.certificates = Certificate.query();
|
||||
$scope.certificates.$promise.then(function(certificates) {
|
||||
|
|
@ -612,7 +618,7 @@ angular.module("FICApp")
|
|||
};
|
||||
|
||||
$scope.generateCA = function() {
|
||||
$http.post("/api/ca/new").then(function() {
|
||||
$http.post("/api/ca/new", {"notbefore": $scope.notBefore, "notafter": $scope.notAfter}).then(function() {
|
||||
$scope.ca = CACertificate.get();
|
||||
}, function(response) {
|
||||
$rootScope.newBox('danger', 'An error occurs when generating CA:', response.data.errmsg);
|
||||
|
|
|
|||
|
|
@ -115,6 +115,19 @@
|
|||
|
||||
<div class="alert alert-info" ng-if="!ca.version">
|
||||
<strong>Aucune CA n'a été générée pour le moment.</strong>
|
||||
|
||||
<div class="form-group row">
|
||||
<label for="CAnotBefore" class="col-sm-3 col-form-label">Début de validité</label>
|
||||
<div class="col-sm-9">
|
||||
<input type="text" class="form-control form-control-sm" id="CAnotBefore" ng-model="notBefore">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group row">
|
||||
<label for="CAnotAfter" class="col-sm-3 col-form-label">Fin de validité</label>
|
||||
<div class="col-sm-9">
|
||||
<input type="text" class="form-control form-control-sm" id="CAnotAfter" ng-model="notAfter">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<dl ng-if="ca.version">
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user