-
Notifications
You must be signed in to change notification settings - Fork 3
/
path_ca.go
92 lines (74 loc) · 2.6 KB
/
path_ca.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/*
* Copyright 2024 Keyfactor
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package keyfactor
import (
"context"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
func pathCA(b *keyfactorBackend) []*framework.Path {
return []*framework.Path{
{ //fetch ca
Pattern: `ca(/pem)?`,
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.pathFetchCa,
},
HelpSynopsis: pathFetchCAHelp,
HelpDescription: pathFetchCAHelpDesc,
},
{ // fetch ca chain
Pattern: `ca_chain(/pem)?`,
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.pathFetchCa,
},
HelpSynopsis: pathFetchChainHelp,
HelpDescription: pathFetchChainHelpDesc,
},
}
}
func (b *keyfactorBackend) pathFetchCa(ctx context.Context, req *logical.Request, data *framework.FieldData) (response *logical.Response, retErr error) {
var serial string
response = &logical.Response{
Data: map[string]interface{}{},
}
// Some of these need to return raw and some non-raw;
// this is basically handled by setting contentType or not.
// Errors don't cause an immediate exit, because the raw
// paths still need to return raw output.
b.Logger().Debug("fetching ca, path = " + req.Path)
switch {
case req.Path == "ca" || req.Path == "ca/pem":
serial = "ca"
case req.Path == "ca_chain" || req.Path == "cert/ca_chain":
serial = "ca_chain"
default:
serial = "ca"
}
if len(serial) == 0 {
response = logical.ErrorResponse("The serial number must be provided")
}
if serial == "ca" {
return fetchCAInfo(ctx, req, b)
}
return fetchCaChainInfo(ctx, req, b)
}
const pathFetchCAHelp = `
Fetch a Certificate Authority.
`
const pathFetchChainHelp = `
Fetch a CA Chain.
`
const pathFetchCAHelpDesc = `
This allows Certificate Authorities to be fetched.
The "ca" command fetches the appropriate information in DER encoding. Add "/pem" to either to get PEM encoding.
`
const pathFetchChainHelpDesc = `
This allows the Certificate Authority chain to be fetched.
The "ca_chain" command fetches the certificate authority trust chain in PEM encoding.
`