Skip to content
Snippets Groups Projects
Commit 09d19c20 authored by Gospodin Bodurov's avatar Gospodin Bodurov
Browse files

Can get root certificate

parent 0549995e
No related branches found
No related tags found
1 merge request!6Can get root certificate
......@@ -73,7 +73,7 @@ func (s *KeyStorageServerImpl) GenerateCertificate(ctx context.Context, in *api.
}
func generateCertificate(publicKeyBytes []byte, caCertFilePath string, caPrivateKeyFilePath string,
certificateData *api.GenerateCertificateRequest_CertificateData) ([]byte, error) {
certificateData *api.CertificateData) ([]byte, error) {
publicKeyPemBlock, _ := pem.Decode(publicKeyBytes)
......@@ -82,11 +82,21 @@ func generateCertificate(publicKeyBytes []byte, caCertFilePath string, caPrivate
return nil, err
}
notBeforeTime := time.Unix(certificateData.NotBefore.Seconds, int64(certificateData.NotBefore.Nanos)).UTC()
notAfterTime := time.Unix(certificateData.NotAfter.Seconds, int64(certificateData.NotAfter.Nanos)).UTC()
notBeforeTime := time.Unix(certificateData.NotBefore/1000, 0).UTC()
notAfterTime := time.Unix(certificateData.NotAfter/1000, 0).UTC()
max := new(big.Int)
max.Exp(big.NewInt(2), big.NewInt(130), nil).Sub(max, big.NewInt(1))
//Generate cryptographically strong pseudo-random between 0 - max
sn, err := rand.Int(rand.Reader, max)
if err != nil {
return nil, err
}
template := x509.Certificate{
SerialNumber: big.NewInt(1),
SerialNumber: sn,
Subject: pkix.Name{
Country: []string{certificateData.Country},
Organization: []string{certificateData.Organization},
......
......@@ -18,6 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
package handler
import (
"io/ioutil"
"strings"
"code.vereign.com/code/viam-apis/versions"
......@@ -64,9 +65,27 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
getKeyResponse := &api.GetKeyResponse{}
if in.KeyType == api.KeyType_CERTIFICATE && in.Uuid == "root" {
key := &api.Key{}
data, err := ioutil.ReadFile(s.VereignCertFilePath)
if err != nil {
getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
"400", api.StatusType_ERROR, "Can not get root certificate")
return getKeyResponse, nil
}
key.Content = data
key.Revoked = false
getKeyResponse.Key = key
return getKeyResponse, nil
}
if in.KeyType == api.KeyType_KT_EMPTY {
getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
"400", api.StatusType_ERROR, "KeyType cannot be empty")
return getKeyResponse, nil
}
data, _ := client.DoGetDataCall("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType))
......@@ -93,9 +112,16 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
setKeyResponse := &api.SetKeyResponse{}
if in.Uuid == "root" {
setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
"400", api.StatusType_ERROR, "Can not set root CA keys")
return setKeyResponse, nil
}
if in.KeyType == api.KeyType_KT_EMPTY {
setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
"400", api.StatusType_ERROR, "KeyType cannot be empty")
return setKeyResponse, nil
}
data, _ := client.DoGetDataCall("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType))
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment