147 lines
3.7 KiB
Go
147 lines
3.7 KiB
Go
package kes
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"errors"
|
|
"time"
|
|
|
|
"github.com/minio/kes"
|
|
)
|
|
|
|
type Identity = kes.Identity
|
|
|
|
type TLSProxyHeader struct {
|
|
ClientCert string `yaml:"cert,omitempty"`
|
|
}
|
|
|
|
type TLSProxy struct {
|
|
Identities *[]Identity `yaml:"identities,omitempty"`
|
|
Header *TLSProxyHeader `yaml:"header,omitempty"`
|
|
}
|
|
|
|
type TLS struct {
|
|
KeyPath string `yaml:"key,omitempty"`
|
|
CertPath string `yaml:"cert,omitempty"`
|
|
Proxy *TLSProxy `yaml:"proxy,omitempty"`
|
|
}
|
|
|
|
type Policy struct {
|
|
Paths []string `yaml:"paths,omitempty"`
|
|
Identities []Identity `yaml:"identities,omitempty"`
|
|
}
|
|
|
|
type Expiry struct {
|
|
Any time.Duration `yaml:"any,omitempty"`
|
|
Unused time.Duration `yaml:"unused,omitempty"`
|
|
}
|
|
|
|
type Cache struct {
|
|
Expiry *Expiry `yaml:"expiry,omitempty"`
|
|
}
|
|
|
|
type Log struct {
|
|
Error string `yaml:"error,omitempty"`
|
|
Audit string `yaml:"audit,omitempty"`
|
|
}
|
|
|
|
type Fs struct {
|
|
Path string `yaml:"path,omitempty"`
|
|
}
|
|
|
|
type AppRole struct {
|
|
EnginePath string `yaml:"engine,omitempty"`
|
|
ID string `yaml:"id,omitempty"`
|
|
Secret string `yaml:"secret,omitempty"`
|
|
Retry time.Duration `yaml:"retry,omitempty"`
|
|
}
|
|
|
|
type VaultTLS struct {
|
|
KeyPath string `yaml:"key,omitempty"`
|
|
CertPath string `yaml:"cert,omitempty"`
|
|
CAPath string `yaml:"ca,omitempty"`
|
|
}
|
|
|
|
type VaultStatus struct {
|
|
Ping time.Duration `yaml:"ping,omitempty"`
|
|
}
|
|
|
|
type Vault struct {
|
|
Endpoint string `yaml:"endpoint,omitempty"`
|
|
EnginePath string `yaml:"engine,omitempty"`
|
|
Namespace string `yaml:"namespace,omitempty"`
|
|
Prefix string `yaml:"prefix,omitempty"`
|
|
AppRole *AppRole `yaml:"approle,omitempty"`
|
|
TLS *VaultTLS `yaml:"tls,omitempty"`
|
|
Status *VaultStatus `yaml:"status,omitempty"`
|
|
}
|
|
|
|
type AwsSecretManagerLogin struct {
|
|
AccessKey string `yaml:"accesskey"`
|
|
SecretKey string `yaml:"secretkey"`
|
|
SessionToken string `yaml:"token"`
|
|
}
|
|
|
|
type AwsSecretManager struct {
|
|
Endpoint string `yaml:"endpoint,omitempty"`
|
|
Region string `yaml:"region,omitempty"`
|
|
KmsKey string ` yaml:"kmskey,omitempty"`
|
|
Login *AwsSecretManagerLogin `yaml:"credentials,omitempty"`
|
|
}
|
|
|
|
type Aws struct {
|
|
SecretsManager *AwsSecretManager `yaml:"secretsmanager,omitempty"`
|
|
}
|
|
|
|
type GemaltoCredentials struct {
|
|
Token string `yaml:"token,omitempty"`
|
|
Domain string `yaml:"domain,omitempty"`
|
|
Retry time.Duration `yaml:"retry,omitempty"`
|
|
}
|
|
|
|
type GemaltoTLS struct {
|
|
CAPath string `yaml:"ca,omitempty"`
|
|
}
|
|
|
|
type GemaltoKeySecure struct {
|
|
Endpoint string `yaml:"endpoint,omitempty"`
|
|
Credentials *GemaltoCredentials `yaml:"credentials,omitempty"`
|
|
TLS *GemaltoTLS `yaml:"tls,omitempty"`
|
|
}
|
|
|
|
type Gemalto struct {
|
|
KeySecure *GemaltoKeySecure `yaml:"keysecure,omitempty"`
|
|
}
|
|
|
|
type Keys struct {
|
|
Fs *Fs `yaml:"fs,omitempty"`
|
|
Vault *Vault `yaml:"vault,omitempty"`
|
|
Aws *Aws `yaml:"aws,omitempty"`
|
|
Gemalto *Gemalto `yaml:"gemalto,omitempty"`
|
|
}
|
|
|
|
type ServerConfig struct {
|
|
Addr string `yaml:"address,omitempty"`
|
|
Root Identity `yaml:"root,omitempty"`
|
|
TLS TLS `yaml:"tls,omitempty"`
|
|
Policies map[string]Policy `yaml:"policy,omitempty"`
|
|
Cache Cache `yaml:"cache,omitempty"`
|
|
Log Log `yaml:"log,omitempty"`
|
|
Keys Keys `yaml:"keys,omitempty"`
|
|
}
|
|
|
|
func ParseCertificate(cert []byte) (*x509.Certificate, error) {
|
|
for {
|
|
var certDERBlock *pem.Block
|
|
certDERBlock, cert = pem.Decode(cert)
|
|
if certDERBlock == nil {
|
|
break
|
|
}
|
|
|
|
if certDERBlock.Type == "CERTIFICATE" {
|
|
return x509.ParseCertificate(certDERBlock.Bytes)
|
|
}
|
|
}
|
|
return nil, errors.New("found no (non-CA) certificate in any PEM block")
|
|
}
|