renew: hande more error cases
This commit is contained in:
parent
153c37b591
commit
227c341f6b
@ -3,7 +3,6 @@ package main
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/rand"
|
||||
"crypto/x509"
|
||||
"encoding/base32"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
@ -221,19 +220,25 @@ func (sd *SecretData) RenewCACert(cluster, name string) (err error) {
|
||||
|
||||
ca := cs.CAs[name]
|
||||
|
||||
var cert *x509.Certificate
|
||||
cert, err = helpers.ParseCertificatePEM(ca.Cert)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
var signer crypto.Signer
|
||||
signer, err = helpers.ParsePrivateKeyPEM(ca.Key)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
newCert, err := initca.RenewFromSigner(cert, signer)
|
||||
var newCert []byte
|
||||
|
||||
cert, err := helpers.ParseCertificatePEM(ca.Cert)
|
||||
if err == nil {
|
||||
newCert, err = initca.RenewFromSigner(cert, signer)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
// failed to load or renew, create a new cert from the existing key
|
||||
req := newCACertReq()
|
||||
newCert, _, err = initca.NewFromSigner(req, signer)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -247,6 +252,22 @@ func (sd *SecretData) RenewCACert(cluster, name string) (err error) {
|
||||
return
|
||||
}
|
||||
|
||||
func newCACertReq() *csr.CertificateRequest {
|
||||
return &csr.CertificateRequest{
|
||||
CN: "Direktil Local Server",
|
||||
KeyRequest: &csr.KeyRequest{
|
||||
A: "ecdsa",
|
||||
S: 521, // 256, 384, 521
|
||||
},
|
||||
Names: []csr.Name{
|
||||
{
|
||||
C: "NC",
|
||||
O: "novit.nc",
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func (sd *SecretData) CA(cluster, name string) (ca *CA, err error) {
|
||||
|
||||
defer func() {
|
||||
@ -277,19 +298,7 @@ func (sd *SecretData) CA(cluster, name string) (ca *CA, err error) {
|
||||
|
||||
log.Info("secret-data: new CA in cluster ", cluster, ": ", name)
|
||||
|
||||
req := &csr.CertificateRequest{
|
||||
CN: "Direktil Local Server",
|
||||
KeyRequest: &csr.KeyRequest{
|
||||
A: "ecdsa",
|
||||
S: 521, // 256, 384, 521
|
||||
},
|
||||
Names: []csr.Name{
|
||||
{
|
||||
C: "NC",
|
||||
O: "novit.nc",
|
||||
},
|
||||
},
|
||||
}
|
||||
req := newCACertReq()
|
||||
|
||||
cert, _, key, err := initca.New(req)
|
||||
if err != nil {
|
||||
|
Loading…
Reference in New Issue
Block a user