Add first working version of External Account Binding
parent
b9743b36e1
commit
f81d49d963
@ -0,0 +1,45 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/smallstep/certificates/api"
|
||||
"github.com/smallstep/certificates/authority/admin"
|
||||
)
|
||||
|
||||
// CreateExternalAccountKeyRequest is the type for GET /admin/eak requests
|
||||
type CreateExternalAccountKeyRequest struct {
|
||||
Name string `json:"name"`
|
||||
}
|
||||
|
||||
// CreateExternalAccountKeyResponse is the type for GET /admin/eak responses
|
||||
type CreateExternalAccountKeyResponse struct {
|
||||
KeyID string `json:"keyID"`
|
||||
Name string `json:"name"`
|
||||
Key []byte `json:"key"`
|
||||
}
|
||||
|
||||
// CreateExternalAccountKey creates a new External Account Binding key
|
||||
func (h *Handler) CreateExternalAccountKey(w http.ResponseWriter, r *http.Request) {
|
||||
var eakRequest = new(CreateExternalAccountKeyRequest)
|
||||
if err := api.ReadJSON(r.Body, eakRequest); err != nil { // TODO: rewrite into protobuf json (likely)
|
||||
api.WriteError(w, err)
|
||||
return
|
||||
}
|
||||
|
||||
// TODO: Validate input
|
||||
|
||||
eak, err := h.db.CreateExternalAccountKey(r.Context(), eakRequest.Name)
|
||||
if err != nil {
|
||||
api.WriteError(w, admin.WrapErrorISE(err, "error creating external account key %s", eakRequest.Name))
|
||||
return
|
||||
}
|
||||
|
||||
eakResponse := CreateExternalAccountKeyResponse{
|
||||
KeyID: eak.ID,
|
||||
Name: eak.Name,
|
||||
Key: eak.KeyBytes,
|
||||
}
|
||||
|
||||
api.JSONStatus(w, eakResponse, http.StatusCreated) // TODO: rewrite into protobuf json (likely)
|
||||
}
|
@ -0,0 +1,51 @@
|
||||
package nosql
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"time"
|
||||
|
||||
"github.com/smallstep/certificates/authority/admin/eak"
|
||||
)
|
||||
|
||||
type dbExternalAccountKey struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
AccountID string `json:"accountID,omitempty"`
|
||||
KeyBytes []byte `json:"key,omitempty"`
|
||||
CreatedAt time.Time `json:"createdAt"`
|
||||
BoundAt time.Time `json:"boundAt"`
|
||||
}
|
||||
|
||||
// CreateExternalAccountKey creates a new External Account Binding key
|
||||
func (db *DB) CreateExternalAccountKey(ctx context.Context, name string) (*eak.ExternalAccountKey, error) {
|
||||
keyID, err := randID()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
random := make([]byte, 32)
|
||||
_, err = rand.Read(random)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
dbeak := &dbExternalAccountKey{
|
||||
ID: keyID,
|
||||
Name: name,
|
||||
KeyBytes: random,
|
||||
CreatedAt: clock.Now(),
|
||||
}
|
||||
|
||||
if err = db.save(ctx, keyID, dbeak, nil, "external_account_key", externalAccountKeyTable); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &eak.ExternalAccountKey{
|
||||
ID: dbeak.ID,
|
||||
Name: dbeak.Name,
|
||||
AccountID: dbeak.AccountID,
|
||||
KeyBytes: dbeak.KeyBytes,
|
||||
CreatedAt: dbeak.CreatedAt,
|
||||
BoundAt: dbeak.BoundAt,
|
||||
}, nil
|
||||
}
|
@ -0,0 +1,12 @@
|
||||
package eak
|
||||
|
||||
import "time"
|
||||
|
||||
type ExternalAccountKey struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
AccountID string `json:"-"`
|
||||
KeyBytes []byte `json:"-"`
|
||||
CreatedAt time.Time `json:"createdAt"`
|
||||
BoundAt time.Time `json:"boundAt,omitempty"`
|
||||
}
|
Loading…
Reference in New Issue