admin: PKI validity no more hardcoded
This commit is contained in:
parent
14f5cf29b7
commit
4a490b1a33
@ -2,6 +2,8 @@ package api
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
|
"crypto/x509"
|
||||||
|
"crypto/x509/pkix"
|
||||||
"encoding/base32"
|
"encoding/base32"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
@ -11,9 +13,9 @@ import (
|
|||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
"time"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"srs.epita.fr/fic-server/admin/pki"
|
"srs.epita.fr/fic-server/admin/pki"
|
||||||
"srs.epita.fr/fic-server/libfic"
|
"srs.epita.fr/fic-server/libfic"
|
||||||
@ -31,8 +33,12 @@ func init() {
|
|||||||
router.GET("/api/ca/", apiHandler(infoCA))
|
router.GET("/api/ca/", apiHandler(infoCA))
|
||||||
router.GET("/api/ca.pem", apiHandler(getCAPEM))
|
router.GET("/api/ca.pem", apiHandler(getCAPEM))
|
||||||
router.POST("/api/ca/new", apiHandler(
|
router.POST("/api/ca/new", apiHandler(
|
||||||
func(_ httprouter.Params, _ []byte) (interface{}, error) {
|
func(_ httprouter.Params, body []byte) (interface{}, error) {
|
||||||
return true, pki.GenerateCA(time.Date(2019, 01, 19, 0, 0, 0, 0, time.UTC), time.Date(2019, 01, 23, 23, 59, 59, 0, time.UTC))
|
var upki PKISettings
|
||||||
|
if err := json.Unmarshal(body, &upki); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return true, pki.GenerateCA(upki.NotBefore, upki.NotAfter)
|
||||||
}))
|
}))
|
||||||
|
|
||||||
router.GET("/api/teams/:tid/certificates", apiHandler(teamHandler(
|
router.GET("/api/teams/:tid/certificates", apiHandler(teamHandler(
|
||||||
@ -125,24 +131,33 @@ func genHtpasswd() (ret string, err error) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type PKISettings struct {
|
||||||
|
Version int `json:"version"`
|
||||||
|
SerialNumber *big.Int `json:"serialnumber"`
|
||||||
|
Issuer pkix.Name `json:"issuer"`
|
||||||
|
Subject pkix.Name `json:"subject"`
|
||||||
|
NotBefore time.Time `json:"notbefore"`
|
||||||
|
NotAfter time.Time `json:"notafter"`
|
||||||
|
SignatureAlgorithm x509.SignatureAlgorithm `json:"signatureAlgorithm,"`
|
||||||
|
PublicKeyAlgorithm x509.PublicKeyAlgorithm `json:"publicKeyAlgorithm"`
|
||||||
|
}
|
||||||
|
|
||||||
func infoCA(_ httprouter.Params, _ []byte) (interface{}, error) {
|
func infoCA(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||||
_, cacert, err := pki.LoadCA()
|
_, cacert, err := pki.LoadCA()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
ret := map[string]interface{}{}
|
return PKISettings{
|
||||||
|
Version: cacert.Version,
|
||||||
ret["version"] = cacert.Version
|
SerialNumber: cacert.SerialNumber,
|
||||||
ret["serialnumber"] = cacert.SerialNumber
|
Issuer: cacert.Issuer,
|
||||||
ret["issuer"] = cacert.Issuer
|
Subject: cacert.Subject,
|
||||||
ret["subject"] = cacert.Subject
|
NotBefore: cacert.NotBefore,
|
||||||
ret["notbefore"] = cacert.NotBefore
|
NotAfter: cacert.NotAfter,
|
||||||
ret["notafter"] = cacert.NotAfter
|
SignatureAlgorithm: cacert.SignatureAlgorithm,
|
||||||
ret["signatureAlgorithm"] = cacert.SignatureAlgorithm
|
PublicKeyAlgorithm: cacert.PublicKeyAlgorithm,
|
||||||
ret["publicKeyAlgorithm"] = cacert.PublicKeyAlgorithm
|
}, nil
|
||||||
|
|
||||||
return ret, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func getCAPEM(_ httprouter.Params, _ []byte) (interface{}, error) {
|
func getCAPEM(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||||
|
@ -570,6 +570,12 @@ angular.module("FICApp")
|
|||||||
})
|
})
|
||||||
|
|
||||||
.controller("PKIController", function($scope, $rootScope, Certificate, CACertificate, Team, $location, $http) {
|
.controller("PKIController", function($scope, $rootScope, Certificate, CACertificate, Team, $location, $http) {
|
||||||
|
var ts = Date.now() - Date.now() % 86400000;
|
||||||
|
var d = new Date(ts);
|
||||||
|
$scope.notBefore = d.toISOString();
|
||||||
|
var f = new Date(ts + 3 * 86400000);
|
||||||
|
$scope.notAfter = f.toISOString();
|
||||||
|
|
||||||
$scope.teams = Team.query();
|
$scope.teams = Team.query();
|
||||||
$scope.certificates = Certificate.query();
|
$scope.certificates = Certificate.query();
|
||||||
$scope.certificates.$promise.then(function(certificates) {
|
$scope.certificates.$promise.then(function(certificates) {
|
||||||
@ -612,7 +618,7 @@ angular.module("FICApp")
|
|||||||
};
|
};
|
||||||
|
|
||||||
$scope.generateCA = function() {
|
$scope.generateCA = function() {
|
||||||
$http.post("/api/ca/new").then(function() {
|
$http.post("/api/ca/new", {"notbefore": $scope.notBefore, "notafter": $scope.notAfter}).then(function() {
|
||||||
$scope.ca = CACertificate.get();
|
$scope.ca = CACertificate.get();
|
||||||
}, function(response) {
|
}, function(response) {
|
||||||
$rootScope.newBox('danger', 'An error occurs when generating CA:', response.data.errmsg);
|
$rootScope.newBox('danger', 'An error occurs when generating CA:', response.data.errmsg);
|
||||||
|
@ -115,6 +115,19 @@
|
|||||||
|
|
||||||
<div class="alert alert-info" ng-if="!ca.version">
|
<div class="alert alert-info" ng-if="!ca.version">
|
||||||
<strong>Aucune CA n'a été générée pour le moment.</strong>
|
<strong>Aucune CA n'a été générée pour le moment.</strong>
|
||||||
|
|
||||||
|
<div class="form-group row">
|
||||||
|
<label for="CAnotBefore" class="col-sm-3 col-form-label">Début de validité</label>
|
||||||
|
<div class="col-sm-9">
|
||||||
|
<input type="text" class="form-control form-control-sm" id="CAnotBefore" ng-model="notBefore">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="form-group row">
|
||||||
|
<label for="CAnotAfter" class="col-sm-3 col-form-label">Fin de validité</label>
|
||||||
|
<div class="col-sm-9">
|
||||||
|
<input type="text" class="form-control form-control-sm" id="CAnotAfter" ng-model="notAfter">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<dl ng-if="ca.version">
|
<dl ng-if="ca.version">
|
||||||
|
Loading…
Reference in New Issue
Block a user