Skip to content

Commit ff67c17

Browse files
marainomaraino
committed
Add provisioners endpoints.
1 parent c284a2c commit ff67c17

File tree

1 file changed

+38
-0
lines changed

1 file changed

+38
-0
lines changed

api/api.go

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313
"github.com/pkg/errors"
1414
"github.com/smallstep/cli/crypto/tlsutil"
1515
"github.com/smallstep/cli/crypto/x509util"
16+
"github.com/smallstep/cli/jose"
1617
)
1718

1819
// Minimum and maximum validity of an end-entity (not root or intermediate) certificate.
@@ -45,6 +46,8 @@ type Authority interface {
4546
Root(shasum string) (*x509.Certificate, error)
4647
Sign(cr *x509.CertificateRequest, opts SignOptions, claims ...Claim) (*x509.Certificate, *x509.Certificate, error)
4748
Renew(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)
49+
GetProvisioners() (map[string]*jose.JSONWebKeySet, error)
50+
GetEncryptedKey(kid string) (string, error)
4851
}
4952

5053
// Certificate wraps a *x509.Certificate and adds the json.Marshaler interface.
@@ -169,6 +172,18 @@ type SignRequest struct {
169172
NotBefore time.Time `json:"notBefore"`
170173
}
171174

175+
// ProvisionersResponse is the response object that returns the map of
176+
// provisioners.
177+
type ProvisionersResponse struct {
178+
Provisioners map[string]*jose.JSONWebKeySet `json:"provisioners"`
179+
}
180+
181+
// ProvisionerKeyResponse is the response object that returns the encryptoed key
182+
// of a provisioner.
183+
type ProvisionerKeyResponse struct {
184+
Key string `json:"key"`
185+
}
186+
172187
// Validate checks the fields of the SignRequest and returns nil if they are ok
173188
// or an error if something is wrong.
174189
func (s *SignRequest) Validate() error {
@@ -233,6 +248,8 @@ func (h *caHandler) Route(r Router) {
233248
r.MethodFunc("GET", "/root/{sha}", h.Root)
234249
r.MethodFunc("POST", "/sign", h.Sign)
235250
r.MethodFunc("POST", "/renew", h.Renew)
251+
r.MethodFunc("GET", "/provisioners", h.Provisioners)
252+
r.MethodFunc("GET", "/provisioners/{kid}/encrypted-key", h.ProvisionerKey)
236253
}
237254

238255
// Health is an HTTP handler that returns the status of the server.
@@ -315,3 +332,24 @@ func (h *caHandler) Renew(w http.ResponseWriter, r *http.Request) {
315332
TLSOptions: h.Authority.GetTLSOptions(),
316333
})
317334
}
335+
336+
// Provisioners returns the list of provisioners configured in the authority.
337+
func (h *caHandler) Provisioners(w http.ResponseWriter, r *http.Request) {
338+
p, err := h.Authority.GetProvisioners()
339+
if err != nil {
340+
WriteError(w, InternalServerError(err))
341+
return
342+
}
343+
JSON(w, &ProvisionersResponse{p})
344+
}
345+
346+
// ProvisionerKey returns the encrypted key of a provisioner by it's key id.
347+
func (h *caHandler) ProvisionerKey(w http.ResponseWriter, r *http.Request) {
348+
kid := chi.URLParam(r, "kid")
349+
key, err := h.Authority.GetEncryptedKey(kid)
350+
if err != nil {
351+
WriteError(w, NotFound(err))
352+
return
353+
}
354+
JSON(w, &ProvisionerKeyResponse{key})
355+
}

0 commit comments

Comments
 (0)