Updated certmanager

Author: djthorpe

pkg/cert/cert.go

@@ -14,7 +14,7 @@ import (
 
 	// Packages
 	schema "github.com/mutablelogic/go-server/pkg/cert/schema"
-	"github.com/mutablelogic/go-server/pkg/types"
+	types "github.com/mutablelogic/go-server/pkg/types"
 )
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -88,11 +88,16 @@ func New(opts ...Opt) (*Cert, error) {
 
 	// Set the name from the common name
 	cert.Name = cert.x509.Subject.CommonName
+	if cert.Name == "" {
+		cert.Name = fmt.Sprintf("%x", cert.x509.SerialNumber)
+	}
 
 	// Create the certificate
 	signer := cert.Signer
 	if signer == nil {
 		signer = cert
+	} else {
+		cert.x509.Issuer = signer.x509.Subject
 	}
 	if data, err := x509.CreateCertificate(rand.Reader, &cert.x509, &signer.x509, cert.PublicKey(), signer.priv); err != nil {
 		return nil, err
@@ -144,6 +149,11 @@ func Read(r io.Reader) (*Cert, error) {
 		data = rest
 	}
 
+	// Set name from serial number if not set
+	if cert.Name == "" {
+		cert.Name = fmt.Sprintf("%x", cert.x509.SerialNumber)
+	}
+
 	// Return success
 	return cert, nil
 }
@@ -169,10 +179,11 @@ func (c Cert) String() string {
 // Return metadata from a cert
 func (c Cert) Meta() schema.CertMeta {
 	signerNamePtr := func() *string {
-		if c.Signer == nil {
+		if c.Signer != nil {
+			return types.StringPtr(c.Signer.Name)
+		} else {
 			return nil
 		}
-		return types.StringPtr(c.Signer.Name)
 	}
 	return schema.CertMeta{
 		Name:         c.Name,
@@ -189,6 +200,27 @@ func (c Cert) Meta() schema.CertMeta {
 	}
 }
 
+// Return metadata from a cert
+func (c Cert) SubjectMeta() schema.NameMeta {
+	fieldPtr := func(field []string) *string {
+		if len(field) > 0 {
+			return types.StringPtr(field[0])
+		} else {
+			return nil
+		}
+	}
+	return schema.NameMeta{
+		CommonName:    c.x509.Subject.CommonName,
+		Org:           fieldPtr(c.x509.Subject.Organization),
+		Unit:          fieldPtr(c.x509.Subject.OrganizationalUnit),
+		Country:       fieldPtr(c.x509.Subject.Country),
+		City:          fieldPtr(c.x509.Subject.Locality),
+		State:         fieldPtr(c.x509.Subject.Province),
+		StreetAddress: fieldPtr(c.x509.Subject.StreetAddress),
+		PostalCode:    fieldPtr(c.x509.Subject.PostalCode),
+	}
+}
+
 // Return true if the certificate is a certificate authority
 func (c *Cert) IsCA() bool {
 	return c.x509.IsCA

pkg/cert/cert_test.go

@@ -47,6 +47,7 @@ func Test_Cert_002(t *testing.T) {
 	assert := assert.New(t)
 
 	ca, err := cert.New(
+		cert.WithCommonName("CA"),
 		cert.WithRSAKey(0),
 		cert.WithExpiry(time.Hour),
 		cert.WithCA(),
@@ -60,6 +61,7 @@ func Test_Cert_002(t *testing.T) {
 		cert, err := cert.New(
 			cert.WithRSAKey(0),
 			cert.WithExpiry(time.Hour),
+			cert.WithSigner(ca),
 		)
 		if assert.NoError(err) {
 			assert.NoError(cert.Write(&data))
@@ -73,17 +75,26 @@ func Test_Cert_002(t *testing.T) {
 
 	t.Run("2", func(t *testing.T) {
 		var data bytes.Buffer
-		cert, err := cert.New(
+		cert1, err := cert.New(
 			cert.WithRSAKey(0),
 			cert.WithExpiry(time.Hour),
+			cert.WithSigner(ca),
 		)
-		if assert.NoError(err) {
-			assert.NoError(cert.Write(&data))
-			t.Log(data.String())
+		if !assert.NoError(err) {
+			t.FailNow()
 		}
-		if assert.NoError(err) {
-			assert.NoError(cert.WritePrivateKey(&data))
-			t.Log(data.String())
+		// Write the certificate and key
+		assert.NoError(cert1.Write(&data))
+		assert.NoError(cert1.WritePrivateKey(&data))
+
+		// Read back into another cert
+		cert2, err := cert.Read(&data)
+		if !assert.NoError(err) {
+			t.FailNow()
 		}
+		assert.NotNil(cert2)
+		t.Log(cert1.String())
+		t.Log(cert2.String())
+		assert.Equal(cert1.String(), cert2.String())
 	})
 }

pkg/cert/certmanager.go

@@ -0,0 +1,103 @@
+package cert
+
+import (
+	"context"
+	"log"
+
+	// Packages
+	pg "github.com/djthorpe/go-pg"
+	schema "github.com/mutablelogic/go-server/pkg/cert/schema"
+	httpresponse "github.com/mutablelogic/go-server/pkg/httpresponse"
+)
+
+////////////////////////////////////////////////////////////////////////////////
+// TYPES
+
+type CertManager struct {
+	conn pg.PoolConn
+	root *Cert
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// LIFECYCLE
+
+// Create a new certificate manager, with a root certificate authority
+func NewCertManager(ctx context.Context, conn pg.PoolConn, opt ...Opt) (*CertManager, error) {
+	self := new(CertManager)
+	self.conn = conn.With("schema", schema.SchemaName).(pg.PoolConn)
+
+	// Create the root certificate from options
+	if root, err := New(opt...); err != nil {
+		return nil, err
+	} else if !root.IsCA() {
+		return nil, httpresponse.ErrInternalError.With("root certificate must be a certificate authority")
+	} else {
+		self.root = root
+	}
+
+	// If the schema does not exist, then bootstrap it
+	if err := self.conn.Tx(ctx, func(conn pg.Conn) error {
+		if exists, err := pg.SchemaExists(ctx, conn, schema.SchemaName); err != nil {
+			return err
+		} else if !exists {
+			return schema.Bootstrap(ctx, conn)
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	// Register the root certificate
+	if err := self.conn.Tx(ctx, func(conn pg.Conn) error {
+		if name, err := self.RegisterName(ctx, self.root.SubjectMeta()); err != nil {
+			return err
+		} else {
+			log.Println(name)
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	// Return success
+	return self, nil
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// PUBLIC METHODS
+
+func (certmanager *CertManager) RegisterName(ctx context.Context, meta schema.NameMeta) (*schema.Name, error) {
+	var name schema.Name
+	if err := certmanager.conn.Insert(ctx, &name, meta); err != nil {
+		return nil, err
+	} else {
+		return &name, nil
+	}
+}
+
+func (certmanager *CertManager) GetName(ctx context.Context, id uint64) (*schema.Name, error) {
+	var name schema.Name
+	if err := certmanager.conn.Get(ctx, &name, schema.NameId(id)); err != nil {
+		return nil, err
+	} else {
+		return &name, nil
+	}
+}
+
+func (certmanager *CertManager) UpdateName(ctx context.Context, id uint64, meta schema.NameMeta) (*schema.Name, error) {
+	var name schema.Name
+	if err := certmanager.conn.Update(ctx, &name, schema.NameId(id), meta); err != nil {
+		return nil, err
+	} else {
+		return &name, nil
+	}
+}
+
+func (certmanager *CertManager) DeleteName(ctx context.Context, id uint64) (*schema.Name, error) {
+	var name schema.Name
+	if err := certmanager.conn.Delete(ctx, &name, schema.NameId(id)); err != nil {
+		return nil, err
+	} else {
+		return &name, nil
+	}
+}

pkg/cert/certmanager_test.go

@@ -0,0 +1,41 @@
+package cert_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	// Packages
+	test "github.com/djthorpe/go-pg/pkg/test"
+	cert "github.com/mutablelogic/go-server/pkg/cert"
+	assert "github.com/stretchr/testify/assert"
+)
+
+// Global connection variable
+var conn test.Conn
+
+// Start up a container and test the pool
+func TestMain(m *testing.M) {
+	test.Main(m, &conn)
+}
+
+/////////////////////////////////////////////////////////////////////////////////
+// PUBLIC METHODS
+
+func Test_CertManager_001(t *testing.T) {
+	assert := assert.New(t)
+	conn := conn.Begin(t)
+	defer conn.Close()
+
+	// Create a new certificate manager with a root certificate
+	certmanager, err := cert.NewCertManager(context.TODO(), conn,
+		cert.WithCommonName("root"),
+		cert.WithRSAKey(4096),
+		cert.WithExpiry(16*365*24*time.Hour),
+		cert.WithCA(),
+	)
+	if !assert.NoError(err) {
+		t.FailNow()
+	}
+	assert.NotNil(certmanager)
+}

pkg/cert/opts.go

@@ -103,8 +103,8 @@ func WithAddress(address, postcode string) Opt {
 // Set certificate expiry
 func WithExpiry(expires time.Duration) Opt {
 	return func(o *Cert) error {
-		o.x509.NotBefore = time.Now()
-		o.x509.NotAfter = o.x509.NotBefore.Add(expires)
+		o.x509.NotBefore = time.Now().Truncate(time.Second).UTC()
+		o.x509.NotAfter = o.x509.NotBefore.Add(expires).Truncate(time.Second).UTC()
 		return nil
 	}
 }

pkg/cert/schema/cert.go

@@ -1,6 +1,7 @@
 package schema
 
 import (
+	"encoding/json"
 	"net"
 	"time"
 )
@@ -22,3 +23,14 @@ type CertMeta struct {
 	KeyType      string    `json:"key_type,omitempty"`
 	KeyBits      string    `json:"key_subtype,omitempty"`
 }
+
+///////////////////////////////////////////////////////////////////////////////
+// STRINGIFY
+
+func (c CertMeta) String() string {
+	data, err := json.MarshalIndent(c, "", "  ")
+	if err != nil {
+		return err.Error()
+	}
+	return string(data)
+}