gered/vault-sidekick
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

write out cert ca_chain as a pem bundle for pki secrets

Browse source
This commit is contained in:
Gered 2017-11-16 15:56:51 -05:00
parent 29b9e417c5
commit ac30df4302
1 changed files with 48 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
formats.go
View file

@ -19,6 +19,7 @@ package main
import ( import (
"bytes" "bytes"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os" "os"
@ -65,10 +66,23 @@ func writeEnvFile(filename string, data map[string]interface{}, mode os.FileMode
return writeFile(filename, buf.Bytes(), mode) return writeFile(filename, buf.Bytes(), mode)
} }
func getCombinedCaChain(dataValue interface{}) (string, error) {
arr, ok := dataValue.([]interface{})
if !ok {
return "", errors.New("ca_chain not of type array")
}
caChain := make([]string, len(arr))
for i := range arr {
caChain[i] = arr[i].(string)
}
return strings.Join(caChain, "\n"), nil
}
func writeCertificateFile(filename string, data map[string]interface{}, mode os.FileMode) error { func writeCertificateFile(filename string, data map[string]interface{}, mode os.FileMode) error {
files := map[string]string{ files := map[string]string{
"certificate": "crt", "certificate": "crt",
"issuing_ca": "ca", "issuing_ca": "ca",
"ca_chain": "ca.pem",
"private_key": "key", "private_key": "key",
} }
for key, suffix := range files { for key, suffix := range files {
@ -80,7 +94,18 @@ func writeCertificateFile(filename string, data map[string]interface{}, mode os.
} }
// step: write the file // step: write the file
if err := writeFile(name, []byte(fmt.Sprintf("%s", content)), mode); err != nil { var contentToWrite string
var err error
if key == "ca_chain" {
contentToWrite, err = getCombinedCaChain(data[key])
if err != nil {
glog.Errorf("failed to parse ca_chain: %s", err)
}
} else {
contentToWrite = fmt.Sprintf("%s", content)
}
if err := writeFile(name, []byte(contentToWrite), mode); err != nil {
glog.Errorf("failed to write resource: %s, element: %s, filename: %s, error: %s", filename, suffix, name, err) glog.Errorf("failed to write resource: %s, element: %s, filename: %s, error: %s", filename, suffix, name, err)
continue continue
} }
@ -94,12 +119,18 @@ func writeCertificateBundleFile(filename string, data map[string]interface{}, mo
bundleFile := fmt.Sprintf("%s-bundle.pem", filename) bundleFile := fmt.Sprintf("%s-bundle.pem", filename)
keyFile := fmt.Sprintf("%s-key.pem", filename) keyFile := fmt.Sprintf("%s-key.pem", filename)
caFile := fmt.Sprintf("%s-ca.pem", filename) caFile := fmt.Sprintf("%s-ca.pem", filename)
caChainFile := fmt.Sprintf("%s-ca-chain.pem", filename)
certFile := fmt.Sprintf("%s.pem", filename) certFile := fmt.Sprintf("%s.pem", filename)
bundle := fmt.Sprintf("%s\n\n%s", data["certificate"], data["issuing_ca"]) bundle := fmt.Sprintf("%s\n\n%s", data["certificate"], data["issuing_ca"])
key := fmt.Sprintf("%s\n", data["private_key"]) key := fmt.Sprintf("%s\n", data["private_key"])
ca := fmt.Sprintf("%s\n", data["issuing_ca"]) ca := fmt.Sprintf("%s\n", data["issuing_ca"])
certificate := fmt.Sprintf("%s\n", data["certificate"]) certificate := fmt.Sprintf("%s\n", data["certificate"])
caChain, err := getCombinedCaChain(data["ca_chain"])
if err != nil {
glog.Errorf("failed to parse ca_chain: %s", err)
return err
}
if err := writeFile(bundleFile, []byte(bundle), mode); err != nil { if err := writeFile(bundleFile, []byte(bundle), mode); err != nil {
glog.Errorf("failed to write the bundled certificate file, error: %s", err) glog.Errorf("failed to write the bundled certificate file, error: %s", err)
@ -116,6 +147,11 @@ func writeCertificateBundleFile(filename string, data map[string]interface{}, mo
return err return err
} }
if err := writeFile(caChainFile, []byte(caChain), mode); err != nil {
glog.Errorf("failed to write the ca_chain file, errro: %s", err)
return err
}
if err := writeFile(keyFile, []byte(key), mode); err != nil { if err := writeFile(keyFile, []byte(key), mode); err != nil {
glog.Errorf("failed to write the key file, errro: %s", err) glog.Errorf("failed to write the key file, errro: %s", err)
return err return err
@ -128,12 +164,18 @@ func writeKeyCertificateBundleFile(filename string, data map[string]interface{},
bundleFile := fmt.Sprintf("%s-bundle.pem", filename) bundleFile := fmt.Sprintf("%s-bundle.pem", filename)
keyFile := fmt.Sprintf("%s-key.pem", filename) keyFile := fmt.Sprintf("%s-key.pem", filename)
caFile := fmt.Sprintf("%s-ca.pem", filename) caFile := fmt.Sprintf("%s-ca.pem", filename)
caChainFile := fmt.Sprintf("%s-ca-chain.pem", filename)
certFile := fmt.Sprintf("%s.pem", filename) certFile := fmt.Sprintf("%s.pem", filename)
bundle := fmt.Sprintf("%s\n%s", data["private_key"], data["certificate"]) bundle := fmt.Sprintf("%s\n%s", data["private_key"], data["certificate"])
key := fmt.Sprintf("%s\n", data["private_key"]) key := fmt.Sprintf("%s\n", data["private_key"])
ca := fmt.Sprintf("%s\n", data["issuing_ca"]) ca := fmt.Sprintf("%s\n", data["issuing_ca"])
certificate := fmt.Sprintf("%s\n", data["certificate"]) certificate := fmt.Sprintf("%s\n", data["certificate"])
caChain, err := getCombinedCaChain(data["ca_chain"])
if err != nil {
glog.Errorf("failed to parse ca_chain: %s", err)
return err
}
if err := writeFile(bundleFile, []byte(bundle), mode); err != nil { if err := writeFile(bundleFile, []byte(bundle), mode); err != nil {
glog.Errorf("failed to write the bundled certificate file, error: %s", err) glog.Errorf("failed to write the bundled certificate file, error: %s", err)
@ -150,6 +192,11 @@ func writeKeyCertificateBundleFile(filename string, data map[string]interface{},
return err return err
} }
if err := writeFile(caChainFile, []byte(caChain), mode); err != nil {
glog.Errorf("failed to write the ca_chain file, errro: %s", err)
return err
}
if err := writeFile(keyFile, []byte(key), mode); err != nil { if err := writeFile(keyFile, []byte(key), mode); err != nil {
glog.Errorf("failed to write the key file, errro: %s", err) glog.Errorf("failed to write the key file, errro: %s", err)
return err return err