admin: PKI validity no more hardcoded
This commit is contained in:
parent
14f5cf29b7
commit
4a490b1a33
3 changed files with 52 additions and 18 deletions
|
|
@ -2,6 +2,8 @@ package api
|
|||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/base32"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
|
|
@ -11,9 +13,9 @@ import (
|
|||
"math/big"
|
||||
"os"
|
||||
"path"
|
||||
"time"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"srs.epita.fr/fic-server/admin/pki"
|
||||
"srs.epita.fr/fic-server/libfic"
|
||||
|
|
@ -31,8 +33,12 @@ func init() {
|
|||
router.GET("/api/ca/", apiHandler(infoCA))
|
||||
router.GET("/api/ca.pem", apiHandler(getCAPEM))
|
||||
router.POST("/api/ca/new", apiHandler(
|
||||
func(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||
return true, pki.GenerateCA(time.Date(2019, 01, 19, 0, 0, 0, 0, time.UTC), time.Date(2019, 01, 23, 23, 59, 59, 0, time.UTC))
|
||||
func(_ httprouter.Params, body []byte) (interface{}, error) {
|
||||
var upki PKISettings
|
||||
if err := json.Unmarshal(body, &upki); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return true, pki.GenerateCA(upki.NotBefore, upki.NotAfter)
|
||||
}))
|
||||
|
||||
router.GET("/api/teams/:tid/certificates", apiHandler(teamHandler(
|
||||
|
|
@ -83,7 +89,7 @@ func init() {
|
|||
}
|
||||
|
||||
func genHtpasswd() (ret string, err error) {
|
||||
var teams []fic.Team
|
||||
var teams []fic.Team
|
||||
teams, err = fic.GetTeams()
|
||||
if err != nil {
|
||||
return
|
||||
|
|
@ -125,24 +131,33 @@ func genHtpasswd() (ret string, err error) {
|
|||
return
|
||||
}
|
||||
|
||||
type PKISettings struct {
|
||||
Version int `json:"version"`
|
||||
SerialNumber *big.Int `json:"serialnumber"`
|
||||
Issuer pkix.Name `json:"issuer"`
|
||||
Subject pkix.Name `json:"subject"`
|
||||
NotBefore time.Time `json:"notbefore"`
|
||||
NotAfter time.Time `json:"notafter"`
|
||||
SignatureAlgorithm x509.SignatureAlgorithm `json:"signatureAlgorithm,"`
|
||||
PublicKeyAlgorithm x509.PublicKeyAlgorithm `json:"publicKeyAlgorithm"`
|
||||
}
|
||||
|
||||
func infoCA(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||
_, cacert, err := pki.LoadCA()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ret := map[string]interface{}{}
|
||||
|
||||
ret["version"] = cacert.Version
|
||||
ret["serialnumber"] = cacert.SerialNumber
|
||||
ret["issuer"] = cacert.Issuer
|
||||
ret["subject"] = cacert.Subject
|
||||
ret["notbefore"] = cacert.NotBefore
|
||||
ret["notafter"] = cacert.NotAfter
|
||||
ret["signatureAlgorithm"] = cacert.SignatureAlgorithm
|
||||
ret["publicKeyAlgorithm"] = cacert.PublicKeyAlgorithm
|
||||
|
||||
return ret, nil
|
||||
return PKISettings{
|
||||
Version: cacert.Version,
|
||||
SerialNumber: cacert.SerialNumber,
|
||||
Issuer: cacert.Issuer,
|
||||
Subject: cacert.Subject,
|
||||
NotBefore: cacert.NotBefore,
|
||||
NotAfter: cacert.NotAfter,
|
||||
SignatureAlgorithm: cacert.SignatureAlgorithm,
|
||||
PublicKeyAlgorithm: cacert.PublicKeyAlgorithm,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func getCAPEM(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||
|
|
@ -214,7 +229,7 @@ func generateClientCert(_ httprouter.Params, _ []byte) (interface{}, error) {
|
|||
type CertExported struct {
|
||||
Id string `json:"id"`
|
||||
Creation time.Time `json:"creation"`
|
||||
IdTeam *uint64 `json:"id_team"`
|
||||
IdTeam *uint64 `json:"id_team"`
|
||||
Revoked *time.Time `json:"revoked"`
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue