NOISSUE - Add SANs option (#27)

* Add SAN option

Signed-off-by: nyagamunene <[email protected]>

* Make SAN dynamic

Signed-off-by: nyagamunene <[email protected]>

* Load config file in main.go

Signed-off-by: nyagamunene <[email protected]>

* Fix tests

Signed-off-by: nyagamunene <[email protected]>

* Address comments

Signed-off-by: nyagamunene <[email protected]>

* Update config file

Signed-off-by: nyagamunene <[email protected]>

* Update config file

Signed-off-by: nyagamunene <[email protected]>

* remove street address

Signed-off-by: nyagamunene <[email protected]>

* Rename should rotate method

Signed-off-by: nyagamunene <[email protected]>

---------

Signed-off-by: nyagamunene <[email protected]>

certs_test.go

@@ -25,14 +25,19 @@ import (
 
 const serialNumber = "serial number"
 
-var invalidToken = "123"
+var (
+	invalidToken = "123"
+	config       = certs.Config{
+		CommonName: "test",
+	}
+)
 
 func TestIssueCert(t *testing.T) {
 	cRepo := new(mocks.MockRepository)
 
 	repoCall := cRepo.On("GetCAs", mock.Anything).Return([]certs.Certificate{}, nil)
 	repoCall1 := cRepo.On("CreateCert", mock.Anything, mock.Anything).Return(nil)
-	svc, err := certs.NewService(context.Background(), cRepo)
+	svc, err := certs.NewService(context.Background(), cRepo, &config)
 	require.NoError(t, err)
 	repoCall.Unset()
 	repoCall1.Unset()
@@ -76,7 +81,7 @@ func TestRevokeCert(t *testing.T) {
 
 	repoCall := cRepo.On("GetCAs", mock.Anything).Return([]certs.Certificate{}, nil)
 	repoCall1 := cRepo.On("CreateCert", mock.Anything, mock.Anything).Return(nil)
-	svc, err := certs.NewService(context.Background(), cRepo)
+	svc, err := certs.NewService(context.Background(), cRepo, &config)
 	require.NoError(t, err)
 	repoCall.Unset()
 	repoCall1.Unset()
@@ -128,7 +133,7 @@ func TestGetCertDownloadToken(t *testing.T) {
 
 	repoCall := cRepo.On("GetCAs", mock.Anything).Return([]certs.Certificate{}, nil)
 	repoCall1 := cRepo.On("CreateCert", mock.Anything, mock.Anything).Return(nil)
-	svc, err := certs.NewService(context.Background(), cRepo)
+	svc, err := certs.NewService(context.Background(), cRepo, &config)
 	require.NoError(t, err)
 	repoCall.Unset()
 	repoCall1.Unset()
@@ -162,7 +167,7 @@ func TestGetCert(t *testing.T) {
 
 	repoCall := cRepo.On("GetCAs", mock.Anything).Return([]certs.Certificate{}, nil)
 	repoCall1 := cRepo.On("CreateCert", mock.Anything, mock.Anything).Return(nil)
-	svc, err := certs.NewService(context.Background(), cRepo)
+	svc, err := certs.NewService(context.Background(), cRepo, &config)
 	require.NoError(t, err)
 	repoCall.Unset()
 	repoCall1.Unset()
@@ -257,7 +262,7 @@ func TestRenewCert(t *testing.T) {
 
 	repoCall := cRepo.On("GetCAs", mock.Anything).Return([]certs.Certificate{}, nil)
 	repoCall1 := cRepo.On("CreateCert", mock.Anything, mock.Anything).Return(nil)
-	svc, err := certs.NewService(context.Background(), cRepo)
+	svc, err := certs.NewService(context.Background(), cRepo, &config)
 	require.NoError(t, err)
 	repoCall.Unset()
 	repoCall1.Unset()
@@ -349,7 +354,7 @@ func TestGetEntityID(t *testing.T) {
 
 	repoCall := cRepo.On("GetCAs", mock.Anything).Return([]certs.Certificate{}, nil)
 	repoCall1 := cRepo.On("CreateCert", mock.Anything, mock.Anything).Return(nil)
-	svc, err := certs.NewService(context.Background(), cRepo)
+	svc, err := certs.NewService(context.Background(), cRepo, &config)
 	require.NoError(t, err)
 	repoCall.Unset()
 	repoCall1.Unset()
@@ -380,7 +385,7 @@ func TestListCerts(t *testing.T) {
 
 	repoCall := cRepo.On("GetCAs", mock.Anything).Return([]certs.Certificate{}, nil)
 	repoCall1 := cRepo.On("CreateCert", mock.Anything, mock.Anything).Return(nil)
-	svc, err := certs.NewService(context.Background(), cRepo)
+	svc, err := certs.NewService(context.Background(), cRepo, &config)
 	require.NoError(t, err)
 	repoCall.Unset()
 	repoCall1.Unset()
@@ -435,7 +440,7 @@ func TestGenerateCRL(t *testing.T) {
 		{Type: certs.IntermediateCA, Certificate: pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}), Key: pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})},
 	}, nil)
 	repoCall1 := cRepo.On("CreateCert", mock.Anything, mock.Anything).Return(nil)
-	svc, err := certs.NewService(context.Background(), cRepo)
+	svc, err := certs.NewService(context.Background(), cRepo, &config)
 	require.NoError(t, err)
 	repoCall.Unset()
 	repoCall1.Unset()

cmd/certs/main.go

@@ -43,6 +43,7 @@ const (
 	defDB          = "certs"
 	defSvcHTTPPort = "9010"
 	defSvcGRPCPort = "7012"
+	configFile     = "/config/config.yml"
 )
 
 type config struct {
@@ -99,7 +100,13 @@ func main() {
 		logger.Error(fmt.Sprintf("failed to load %s gRPC server configuration : %s", svcName, err))
 	}
 
-	svc, err := newService(ctx, db, tracer, logger, dbConfig)
+	config, err := certs.LoadConfig(configFile)
+	if err != nil {
+		logger.Error(fmt.Sprintf("failed to load CA config file : %s", err))
+		return
+	}
+
+	svc, err := newService(ctx, db, tracer, logger, dbConfig, config)
 	if err != nil {
 		logger.Error(fmt.Sprintf("failed to create %s service: %s", svcName, err))
 		return
@@ -136,10 +143,10 @@ func main() {
 	}
 }
 
-func newService(ctx context.Context, db *sqlx.DB, tracer trace.Tracer, logger *slog.Logger, dbConfig pgClient.Config) (certs.Service, error) {
+func newService(ctx context.Context, db *sqlx.DB, tracer trace.Tracer, logger *slog.Logger, dbConfig pgClient.Config, config *certs.Config) (certs.Service, error) {
 	database := postgres.NewDatabase(db, dbConfig, tracer)
 	repo := cpostgres.NewRepository(database)
-	svc, err := certs.NewService(ctx, repo)
+	svc, err := certs.NewService(ctx, repo, config)
 	if err != nil {
 		return nil, err
 	}

config.go

@@ -0,0 +1,61 @@
+// Copyright (c) Abstract Machines
+// SPDX-License-Identifier: Apache-2.0
+
+package certs
+
+import (
+	"net"
+	"os"
+
+	"gopkg.in/yaml.v2"
+)
+
+type CAConfig struct {
+	CommonName         string   `yaml:"common_name"`
+	Organization       []string `yaml:"organization"`
+	OrganizationalUnit []string `yaml:"organizational_unit"`
+	Country            []string `yaml:"country"`
+	Province           []string `yaml:"province"`
+	Locality           []string `yaml:"locality"`
+	StreetAddress      []string `yaml:"street_address"`
+	PostalCode         []string `yaml:"postal_code"`
+	DNSNames           []string `yaml:"dns_names"`
+	IPAddresses        []string `yaml:"ip_addresses"`
+	ValidityPeriod     string   `yaml:"validity_period"`
+}
+
+func LoadConfig(filename string) (*Config, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	var config CAConfig
+	decoder := yaml.NewDecoder(file)
+	if err := decoder.Decode(&config); err != nil {
+		return nil, err
+	}
+	return &Config{
+		CommonName:         config.CommonName,
+		Organization:       config.Organization,
+		OrganizationalUnit: config.OrganizationalUnit,
+		Country:            config.Country,
+		Province:           config.Province,
+		Locality:           config.Locality,
+		StreetAddress:      config.StreetAddress,
+		PostalCode:         config.PostalCode,
+		DNSNames:           config.DNSNames,
+		IPAddresses:        parseIPs(config.IPAddresses),
+	}, nil
+}
+
+func parseIPs(ipStrings []string) []net.IP {
+	var ips []net.IP
+	for _, ipString := range ipStrings {
+		if ip := net.ParseIP(ipString); ip != nil {
+			ips = append(ips, ip)
+		}
+	}
+	return ips
+}

docker/config.yml

@@ -0,0 +1,21 @@
+# Copyright (c) Abstract Machines
+# SPDX-License-Identifier: Apache-2.0
+
+common_name: "AbstractMachines_Selfsigned_ca"
+organization:
+  - "AbstractMacines"
+organizational_unit:
+  - "AbstractMachines_ca"
+country:
+  - "France"
+province:
+  - "Paris"
+locality:
+  - "Quai de Valmy"
+postal_code:
+  - "75010 Paris"
+dns_names:
+  - "localhost"
+ip_addresses:
+  - "localhost"
+validity_period: "8760h"

docker/docker-compose.yml

@@ -34,6 +34,8 @@ services:
     ports:
       - ${AM_CERTS_HTTP_PORT}:${AM_CERTS_HTTP_PORT}
       - ${AM_CERTS_GRPC_PORT}:${AM_CERTS_GRPC_PORT}
+    volumes:
+     - ./config.yml:/config/config.yml
 
   certs-db:
     image: postgres:16.2-alpine

go.mod

@@ -29,6 +29,7 @@ require (
 	golang.org/x/sync v0.8.0
 	google.golang.org/grpc v1.65.0
 	google.golang.org/protobuf v1.34.2
+	gopkg.in/yaml.v2 v2.4.0
 	moul.io/http2curl v1.0.0
 )
 
@@ -87,6 +88,5 @@ require (
 	golang.org/x/text v0.17.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )