1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
package roots
import (
"crypto/x509"
"encoding/json"
"errors"
"github.com/cloudflare/cfssl/api/client"
"github.com/cloudflare/cfssl/helpers"
"github.com/cloudflare/cfssl/info"
)
// This package contains CFSSL integration.
// NewCFSSL produces a new CFSSL root.
func NewCFSSL(metadata map[string]string) ([]*x509.Certificate, error) {
host, ok := metadata["host"]
if !ok {
return nil, errors.New("transport: CFSSL root provider requires a host")
}
label := metadata["label"]
profile := metadata["profile"]
cert, err := helpers.LoadClientCertificate(metadata["mutual-tls-cert"], metadata["mutual-tls-key"])
if err != nil {
return nil, err
}
remoteCAs, err := helpers.LoadPEMCertPool(metadata["tls-remote-ca"])
if err != nil {
return nil, err
}
srv := client.NewServerTLS(host, helpers.CreateTLSConfig(remoteCAs, cert))
data, err := json.Marshal(info.Req{Label: label, Profile: profile})
if err != nil {
return nil, err
}
resp, err := srv.Info(data)
if err != nil {
return nil, err
}
return helpers.ParseCertificatesPEM([]byte(resp.Certificate))
}
|
