mirror of
https://github.com/outbackdingo/certificates.git
synced 2026-01-27 18:18:30 +00:00
52baf52f84
This commit changes the type of the decrypter key password to string to be consistent with other passwords in the ca.json
119 lines
4.6 KiB
Go
119 lines
4.6 KiB
Go
package models
|
|
|
|
import (
|
|
"context"
|
|
"crypto/x509"
|
|
"errors"
|
|
|
|
"github.com/smallstep/certificates/authority/provisioner"
|
|
"golang.org/x/crypto/ssh"
|
|
)
|
|
|
|
var errDummyImplementation = errors.New("dummy implementation")
|
|
|
|
// SCEP is the SCEP provisioner model used solely in CA API
|
|
// responses. All methods for the [provisioner.Interface] interface
|
|
// are implemented, but return a dummy error.
|
|
// TODO(hs): remove reliance on the interface for the API responses
|
|
type SCEP struct {
|
|
ID string `json:"-"`
|
|
Type string `json:"type"`
|
|
Name string `json:"name"`
|
|
ForceCN bool `json:"forceCN"`
|
|
ChallengePassword string `json:"challenge"`
|
|
Capabilities []string `json:"capabilities,omitempty"`
|
|
IncludeRoot bool `json:"includeRoot"`
|
|
ExcludeIntermediate bool `json:"excludeIntermediate"`
|
|
MinimumPublicKeyLength int `json:"minimumPublicKeyLength"`
|
|
DecrypterCertificate []byte `json:"decrypterCertificate"`
|
|
DecrypterKeyPEM []byte `json:"decrypterKeyPEM"`
|
|
DecrypterKeyURI string `json:"decrypterKey"`
|
|
DecrypterKeyPassword string `json:"decrypterKeyPassword"`
|
|
EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier"`
|
|
Options *provisioner.Options `json:"options,omitempty"`
|
|
Claims *provisioner.Claims `json:"claims,omitempty"`
|
|
}
|
|
|
|
// GetID returns the provisioner unique identifier.
|
|
func (s *SCEP) GetID() string {
|
|
if s.ID != "" {
|
|
return s.ID
|
|
}
|
|
return s.GetIDForToken()
|
|
}
|
|
|
|
// GetIDForToken returns an identifier that will be used to load the provisioner
|
|
// from a token.
|
|
func (s *SCEP) GetIDForToken() string {
|
|
return "scep/" + s.Name
|
|
}
|
|
|
|
// GetName returns the name of the provisioner.
|
|
func (s *SCEP) GetName() string {
|
|
return s.Name
|
|
}
|
|
|
|
// GetType returns the type of provisioner.
|
|
func (s *SCEP) GetType() provisioner.Type {
|
|
return provisioner.TypeSCEP
|
|
}
|
|
|
|
// GetEncryptedKey returns the base provisioner encrypted key if it's defined.
|
|
func (s *SCEP) GetEncryptedKey() (string, string, bool) {
|
|
return "", "", false
|
|
}
|
|
|
|
// GetTokenID returns the identifier of the token.
|
|
func (s *SCEP) GetTokenID(string) (string, error) {
|
|
return "", errDummyImplementation
|
|
}
|
|
|
|
// Init initializes and validates the fields of a SCEP type.
|
|
func (s *SCEP) Init(_ provisioner.Config) (err error) {
|
|
return errDummyImplementation
|
|
}
|
|
|
|
// AuthorizeSign returns an unimplemented error. Provisioners should overwrite
|
|
// this method if they will support authorizing tokens for signing x509 Certificates.
|
|
func (s *SCEP) AuthorizeSign(context.Context, string) ([]provisioner.SignOption, error) {
|
|
return nil, errDummyImplementation
|
|
}
|
|
|
|
// AuthorizeRevoke returns an unimplemented error. Provisioners should overwrite
|
|
// this method if they will support authorizing tokens for revoking x509 Certificates.
|
|
func (s *SCEP) AuthorizeRevoke(context.Context, string) error {
|
|
return errDummyImplementation
|
|
}
|
|
|
|
// AuthorizeRenew returns an unimplemented error. Provisioners should overwrite
|
|
// this method if they will support authorizing tokens for renewing x509 Certificates.
|
|
func (s *SCEP) AuthorizeRenew(context.Context, *x509.Certificate) error {
|
|
return errDummyImplementation
|
|
}
|
|
|
|
// AuthorizeSSHSign returns an unimplemented error. Provisioners should overwrite
|
|
// this method if they will support authorizing tokens for signing SSH Certificates.
|
|
func (s *SCEP) AuthorizeSSHSign(context.Context, string) ([]provisioner.SignOption, error) {
|
|
return nil, errDummyImplementation
|
|
}
|
|
|
|
// AuthorizeRevoke returns an unimplemented error. Provisioners should overwrite
|
|
// this method if they will support authorizing tokens for revoking SSH Certificates.
|
|
func (s *SCEP) AuthorizeSSHRevoke(context.Context, string) error {
|
|
return errDummyImplementation
|
|
}
|
|
|
|
// AuthorizeSSHRenew returns an unimplemented error. Provisioners should overwrite
|
|
// this method if they will support authorizing tokens for renewing SSH Certificates.
|
|
func (s *SCEP) AuthorizeSSHRenew(context.Context, string) (*ssh.Certificate, error) {
|
|
return nil, errDummyImplementation
|
|
}
|
|
|
|
// AuthorizeSSHRekey returns an unimplemented error. Provisioners should overwrite
|
|
// this method if they will support authorizing tokens for rekeying SSH Certificates.
|
|
func (s *SCEP) AuthorizeSSHRekey(context.Context, string) (*ssh.Certificate, []provisioner.SignOption, error) {
|
|
return nil, nil, errDummyImplementation
|
|
}
|
|
|
|
var _ provisioner.Interface = (*SCEP)(nil)
|