From c40b71874973fc10b6d41eaefe31b5904f342977 Mon Sep 17 00:00:00 2001 From: nyagamunene Date: Wed, 20 Nov 2024 14:45:05 +0300 Subject: [PATCH] Intial implementation of CSR Signed-off-by: nyagamunene --- certs.go | 36 ++++++++++++++++++++++++++++++ postgres/{ => certs}/certs.go | 0 postgres/{ => certs}/certs_test.go | 0 postgres/{ => certs}/init.go | 0 postgres/{ => certs}/setup_test.go | 0 postgres/csr/csr.go | 0 postgres/csr/init.go | 34 ++++++++++++++++++++++++++++ 7 files changed, 70 insertions(+) rename postgres/{ => certs}/certs.go (100%) rename postgres/{ => certs}/certs_test.go (100%) rename postgres/{ => certs}/init.go (100%) rename postgres/{ => certs}/setup_test.go (100%) create mode 100644 postgres/csr/csr.go create mode 100644 postgres/csr/init.go diff --git a/certs.go b/certs.go index 7a88bee..673b6bb 100644 --- a/certs.go +++ b/certs.go @@ -32,6 +32,30 @@ type PageMetadata struct { EntityID string `json:"entity_id,omitempty" db:"entity_id"` } +type CSRMetadata struct { + CommonName string `json:"common_name"` + Organization []string `json:"organization"` + OrganizationalUnit []string `json:"organizational_unit"` + Country []string `json:"country"` + Province []string `json:"province"` + Locality []string `json:"locality"` + StreetAddress []string `json:"street_address"` + PostalCode []string `json:"postal_code"` + EmailAddress string `json:"email_address"` + DNSNames []string `json:"dns_names"` + IPAddresses []string `json:"ip_addresses"` +} + +type CSR struct { + CSR []byte `json:"csr"` + PrivateKey []byte `json:"private_key"` + EntityID string `json:"entity_id"` + Status string `json:"status"` + SubmittedAt time.Time `json:"submitted_at"` + ProcessedAt time.Time `json:"processed_at"` + SerialNumber string `json:"serial_number"` +} + type Service interface { // RenewCert renews a certificate from the database. RenewCert(ctx context.Context, serialNumber string) error @@ -73,6 +97,18 @@ type Service interface { // RemoveCert deletes a cert for a provided entityID. RemoveCert(ctx context.Context, entityId string) error + + // CreateCSR creates a new Certificate Signing Request + CreateCSR(ctx context.Context, metadata CSRMetadata, entityID string) (CSR, error) + + // ProcessCSR processes a pending CSR and either approves or rejects it + ProcessCSR(ctx context.Context, csrID string, approve bool) error + + // ListCSRs returns a list of CSRs based on filter criteria + ListCSRs(ctx context.Context, entityID string, status string) ([]CSR, error) + + // RetrieveCSR retrieves a specific CSR by ID + RetrieveCSR(ctx context.Context, csrID string) (CSR, error) } type Repository interface { diff --git a/postgres/certs.go b/postgres/certs/certs.go similarity index 100% rename from postgres/certs.go rename to postgres/certs/certs.go diff --git a/postgres/certs_test.go b/postgres/certs/certs_test.go similarity index 100% rename from postgres/certs_test.go rename to postgres/certs/certs_test.go diff --git a/postgres/init.go b/postgres/certs/init.go similarity index 100% rename from postgres/init.go rename to postgres/certs/init.go diff --git a/postgres/setup_test.go b/postgres/certs/setup_test.go similarity index 100% rename from postgres/setup_test.go rename to postgres/certs/setup_test.go diff --git a/postgres/csr/csr.go b/postgres/csr/csr.go new file mode 100644 index 0000000..e69de29 diff --git a/postgres/csr/init.go b/postgres/csr/init.go new file mode 100644 index 0000000..9f52b7a --- /dev/null +++ b/postgres/csr/init.go @@ -0,0 +1,34 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package postgres + +import ( + _ "github.com/jackc/pgx/v5/stdlib" + migrate "github.com/rubenv/sql-migrate" +) + +func Migration() *migrate.MemoryMigrationSource { + return &migrate.MemoryMigrationSource{ + Migrations: []*migrate.Migration{ + { + Id: "certs_1", + Up: []string{ + `CREATE TABLE IF NOT EXISTS certs ( + serial_number VARCHAR(40) UNIQUE NOT NULL, + certificate TEXT, + key TEXT, + revoked BOOLEAN, + expiry_time TIMESTAMP, + entity_id VARCHAR(36), + type TEXT CHECK (type IN ('RootCA', 'IntermediateCA', 'ClientCert')), + PRIMARY KEY (serial_number) + )`, + }, + Down: []string{ + "DROP TABLE certs", + }, + }, + }, + } +}