renew: hande more error cases

This commit is contained in:
Mikaël Cluseau 2023-01-27 06:25:51 +01:00
parent 153c37b591
commit 227c341f6b

View File

@ -3,7 +3,6 @@ package main
import ( import (
"crypto" "crypto"
"crypto/rand" "crypto/rand"
"crypto/x509"
"encoding/base32" "encoding/base32"
"encoding/json" "encoding/json"
"errors" "errors"
@ -221,19 +220,25 @@ func (sd *SecretData) RenewCACert(cluster, name string) (err error) {
ca := cs.CAs[name] ca := cs.CAs[name]
var cert *x509.Certificate
cert, err = helpers.ParseCertificatePEM(ca.Cert)
if err != nil {
return
}
var signer crypto.Signer var signer crypto.Signer
signer, err = helpers.ParsePrivateKeyPEM(ca.Key) signer, err = helpers.ParsePrivateKeyPEM(ca.Key)
if err != nil { if err != nil {
return return
} }
newCert, err := initca.RenewFromSigner(cert, signer) var newCert []byte
cert, err := helpers.ParseCertificatePEM(ca.Cert)
if err == nil {
newCert, err = initca.RenewFromSigner(cert, signer)
}
if err != nil {
// failed to load or renew, create a new cert from the existing key
req := newCACertReq()
newCert, _, err = initca.NewFromSigner(req, signer)
}
if err != nil { if err != nil {
return return
} }
@ -247,6 +252,22 @@ func (sd *SecretData) RenewCACert(cluster, name string) (err error) {
return return
} }
func newCACertReq() *csr.CertificateRequest {
return &csr.CertificateRequest{
CN: "Direktil Local Server",
KeyRequest: &csr.KeyRequest{
A: "ecdsa",
S: 521, // 256, 384, 521
},
Names: []csr.Name{
{
C: "NC",
O: "novit.nc",
},
},
}
}
func (sd *SecretData) CA(cluster, name string) (ca *CA, err error) { func (sd *SecretData) CA(cluster, name string) (ca *CA, err error) {
defer func() { defer func() {
@ -277,19 +298,7 @@ func (sd *SecretData) CA(cluster, name string) (ca *CA, err error) {
log.Info("secret-data: new CA in cluster ", cluster, ": ", name) log.Info("secret-data: new CA in cluster ", cluster, ": ", name)
req := &csr.CertificateRequest{ req := newCACertReq()
CN: "Direktil Local Server",
KeyRequest: &csr.KeyRequest{
A: "ecdsa",
S: 521, // 256, 384, 521
},
Names: []csr.Name{
{
C: "NC",
O: "novit.nc",
},
},
}
cert, _, key, err := initca.New(req) cert, _, key, err := initca.New(req)
if err != nil { if err != nil {