fix(secrets): key/cert generation check req

This commit is contained in:
Mikaël Cluseau 2018-07-06 11:13:56 +11:00
parent d0148fd26f
commit 6c20c29106
2 changed files with 27 additions and 5 deletions

19
hash.go Normal file
View File

@ -0,0 +1,19 @@
package main
import (
"crypto/sha1"
"encoding/base64"
"encoding/json"
)
func hash(values ...interface{}) string {
ba, err := json.Marshal(values)
if err != nil {
panic(err) // should not happen
}
h := sha1.Sum(ba)
enc := base64.StdEncoding.WithPadding(base64.NoPadding)
return enc.EncodeToString(h[:])
}

View File

@ -36,8 +36,9 @@ type CA struct {
} }
type KeyCert struct { type KeyCert struct {
Key []byte Key []byte
Cert []byte Cert []byte
ReqHash string
} }
func loadSecretData(config *config.Config) (*SecretData, error) { func loadSecretData(config *config.Config) (*SecretData, error) {
@ -161,8 +162,9 @@ func (sd *SecretData) KeyCert(cluster, caName, name, profile, label string, req
return return
} }
rh := hash(req)
kc, ok := ca.Signed[name] kc, ok := ca.Signed[name]
if ok { if ok && rh == kc.ReqHash {
return return
} }
@ -190,8 +192,9 @@ func (sd *SecretData) KeyCert(cluster, caName, name, profile, label string, req
} }
kc = &KeyCert{ kc = &KeyCert{
Key: key, Key: key,
Cert: cert, Cert: cert,
ReqHash: rh,
} }
ca.Signed[name] = kc ca.Signed[name] = kc