1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
package webhook
import (
"crypto/x509"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
"golang.org/x/crypto/ssh"
)
type RequestBodyOption func(*RequestBody) error
func NewRequestBody(options ...RequestBodyOption) (*RequestBody, error) {
rb := &RequestBody{}
for _, fn := range options {
if err := fn(rb); err != nil {
return nil, err
}
}
return rb, nil
}
func WithX509CertificateRequest(cr *x509.CertificateRequest) RequestBodyOption {
return func(rb *RequestBody) error {
rb.X509CertificateRequest = &X509CertificateRequest{
CertificateRequest: x509util.NewCertificateRequestFromX509(cr),
PublicKeyAlgorithm: cr.PublicKeyAlgorithm.String(),
Raw: cr.Raw,
}
if cr.PublicKey != nil {
key, err := x509.MarshalPKIXPublicKey(cr.PublicKey)
if err != nil {
return err
}
rb.X509CertificateRequest.PublicKey = key
}
return nil
}
}
func WithX509Certificate(cert *x509util.Certificate, leaf *x509.Certificate) RequestBodyOption {
return func(rb *RequestBody) error {
rb.X509Certificate = &X509Certificate{
Certificate: cert,
PublicKeyAlgorithm: leaf.PublicKeyAlgorithm.String(),
NotBefore: leaf.NotBefore,
NotAfter: leaf.NotAfter,
}
if leaf.PublicKey != nil {
key, err := x509.MarshalPKIXPublicKey(leaf.PublicKey)
if err != nil {
return err
}
rb.X509Certificate.PublicKey = key
}
return nil
}
}
func WithAttestationData(data *AttestationData) RequestBodyOption {
return func(rb *RequestBody) error {
rb.AttestationData = data
return nil
}
}
func WithAuthorizationPrincipal(p string) RequestBodyOption {
return func(rb *RequestBody) error {
rb.AuthorizationPrincipal = p
return nil
}
}
func WithSSHCertificateRequest(cr sshutil.CertificateRequest) RequestBodyOption {
return func(rb *RequestBody) error {
rb.SSHCertificateRequest = &SSHCertificateRequest{
Type: cr.Type,
KeyID: cr.KeyID,
Principals: cr.Principals,
}
if cr.Key != nil {
rb.SSHCertificateRequest.PublicKey = cr.Key.Marshal()
}
return nil
}
}
func WithSSHCertificate(cert *sshutil.Certificate, certTpl *ssh.Certificate) RequestBodyOption {
return func(rb *RequestBody) error {
rb.SSHCertificate = &SSHCertificate{
Certificate: cert,
ValidBefore: certTpl.ValidBefore,
ValidAfter: certTpl.ValidAfter,
}
if certTpl.Key != nil {
rb.SSHCertificate.PublicKey = certTpl.Key.Marshal()
}
return nil
}
}
func WithX5CCertificate(leaf *x509.Certificate) RequestBodyOption {
return func(rb *RequestBody) error {
rb.X5CCertificate = &X5CCertificate{
Raw: leaf.Raw,
PublicKeyAlgorithm: leaf.PublicKeyAlgorithm.String(),
NotBefore: leaf.NotBefore,
NotAfter: leaf.NotAfter,
}
if leaf.PublicKey != nil {
key, err := x509.MarshalPKIXPublicKey(leaf.PublicKey)
if err != nil {
return err
}
rb.X5CCertificate.PublicKey = key
}
return nil
}
}
|
