Address comments

Signed-off-by: nyagamunene <[email protected]>
absmach · Oct 14, 2024 · 5ee1a18 · 5ee1a18
1 parent 5f8e28c
commit 5ee1a18
Show file tree

Hide file tree

Showing 4 changed files with 94 additions and 66 deletions.
diff --git a/cmd/certs/main.go b/cmd/certs/main.go
@@ -32,7 +32,6 @@ import (
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/reflection"
-	"gopkg.in/yaml.v2"
 )
 
 const (
@@ -101,7 +100,7 @@ func main() {
 		logger.Error(fmt.Sprintf("failed to load %s gRPC server configuration : %s", svcName, err))
 	}
 
-	config, err := LoadConfig(configFile)
+	config, err := certs.LoadConfig(configFile)
 	if err != nil {
 		logger.Error(fmt.Sprintf("failed to load CA config file : %s", err))
 		return
@@ -171,18 +170,3 @@ func initLogger(levelText string) (*slog.Logger, error) {
 
 	return slog.New(logHandler), nil
 }
-
-func LoadConfig(filename string) (*certs.Config, error) {
-	file, err := os.Open(filename)
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	var config certs.Config
-	decoder := yaml.NewDecoder(file)
-	if err := decoder.Decode(&config); err != nil {
-		return nil, err
-	}
-	return &config, nil
-}
diff --git a/config.go b/config.go
@@ -0,0 +1,61 @@
+// Copyright (c) Abstract Machines
+// SPDX-License-Identifier: Apache-2.0
+
+package certs
+
+import (
+	"net"
+	"os"
+
+	"gopkg.in/yaml.v2"
+)
+
+type CAConfig struct {
+	CommonName         string   `yaml:"common_name"`
+	Organization       []string `yaml:"organization"`
+	OrganizationalUnit []string `yaml:"organizational_unit"`
+	Country            []string `yaml:"country"`
+	Province           []string `yaml:"province"`
+	Locality           []string `yaml:"locality"`
+	StreetAddress      []string `yaml:"street_address"`
+	PostalCode         []string `yaml:"postal_code"`
+	DNSNames           []string `yaml:"dns_names"`
+	IPAddresses        []string `yaml:"ip_addresses"`
+	ValidityPeriod     string   `yaml:"validity_period"`
+}
+
+func LoadConfig(filename string) (*Config, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	var config CAConfig
+	decoder := yaml.NewDecoder(file)
+	if err := decoder.Decode(&config); err != nil {
+		return nil, err
+	}
+	return &Config{
+		CommonName:         config.CommonName,
+		Organization:       config.Organization,
+		OrganizationalUnit: config.OrganizationalUnit,
+		Country:            config.Country,
+		Province:           config.Province,
+		Locality:           config.Locality,
+		StreetAddress:      config.StreetAddress,
+		PostalCode:         config.PostalCode,
+		DNSNames:           config.DNSNames,
+		IPAddresses:        parseIPs(config.IPAddresses),
+	}, nil
+}
+
+func parseIPs(ipStrings []string) []net.IP {
+	var ips []net.IP
+	for _, ipString := range ipStrings {
+		if ip := net.ParseIP(ipString); ip != nil {
+			ips = append(ips, ip)
+		}
+	}
+	return ips
+}
diff --git a/docker/config.yml b/docker/config.yml
@@ -1,25 +1,24 @@
 # Copyright (c) Abstract Machines
 # SPDX-License-Identifier: Apache-2.0
 
-ca:
-  common_name: "AbstractMachines_Selfsigned_ca"
-  organization:
-    - "AbstractMacines"
-  organizational_unit:
-    - "AbstractMachines_ca"
-  country:
-    - "France"
-  province:
-    - "Sirbea"
-  locality:
-    - "Sirbea"
-  street_address:
-    - "Sirbea"
-  postal_code:
-    - "Sirbea"
-  dns_names:
-    - "localhost"
-  ip_addresses:
-    - "192.168.100.4"
-    - "164.90.178.85"
-  validity_period: "8760h"
+common_name: "AbstractMachines_Selfsigned_ca"
+organization:
+  - "AbstractMacines"
+organizational_unit:
+  - "AbstractMachines_ca"
+country:
+  - "France"
+province:
+  - "Sirbea"
+locality:
+  - "Sirbea"
+street_address:
+  - "Sirbea"
+postal_code:
+  - "Sirbea"
+dns_names:
+  - "localhost"
+ip_addresses:
+  - "192.168.100.4"
+  - "164.90.178.85"
+validity_period: "8760h"
diff --git a/service.go b/service.go
@@ -80,7 +80,7 @@ type CA struct {
 	SerialNumber string
 }
 
-type CAConfig struct {
+type Config struct {
 	CommonName         string   `yaml:"common_name"`
 	Organization       []string `yaml:"organization"`
 	OrganizationalUnit []string `yaml:"organizational_unit"`
@@ -90,14 +90,10 @@ type CAConfig struct {
 	StreetAddress      []string `yaml:"street_address"`
 	PostalCode         []string `yaml:"postal_code"`
 	DNSNames           []string `yaml:"dns_names"`
-	IPAddresses        []string `yaml:"ip_addresses"`
+	IPAddresses        []net.IP `yaml:"ip_addresses"`
 	ValidityPeriod     string   `yaml:"validity_period"`
 }
 
-type Config struct {
-	CA CAConfig `yaml:"ca"`
-}
-
 var (
 	serialNumberLimit         = new(big.Int).Lsh(big.NewInt(1), 128)
 	ErrNotFound               = errors.New("entity not found")
@@ -143,15 +139,13 @@ func NewService(ctx context.Context, repo Repository, config *Config) (Service,
 	}
 
 	// check if root ca should be rotated
-	rotateRoot := svc.shouldRotateCA(RootCA)
-	if rotateRoot {
+	if svc.shouldRotateCA(RootCA) {
 		if err := svc.rotateCA(ctx, RootCA, config); err != nil {
 			return &svc, err
 		}
 	}
 
-	rotateIntermediate := svc.shouldRotateCA(IntermediateCA)
-	if rotateIntermediate {
+	if svc.shouldRotateCA(IntermediateCA) {
 		if err := svc.rotateCA(ctx, IntermediateCA, config); err != nil {
 			return &svc, err
 		}
@@ -471,7 +465,7 @@ func (s *service) GetSigningCA(ctx context.Context, token string) (Certificate,
 	return cert, nil
 }
 
-func (s *service) generateRootCA(ctx context.Context, config CAConfig) (*CA, error) {
+func (s *service) generateRootCA(ctx context.Context, config Config) (*CA, error) {
 	rootKey, err := rsa.GenerateKey(rand.Reader, PrivateKeyBytes)
 	if err != nil {
 		return nil, err
@@ -508,7 +502,7 @@ func (s *service) generateRootCA(ctx context.Context, config CAConfig) (*CA, err
 		BasicConstraintsValid: true,
 		IsCA:                  true,
 		DNSNames:              config.DNSNames,
-		IPAddresses:           parseIPs(config.IPAddresses),
+		IPAddresses:           config.IPAddresses,
 	}
 
 	certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, certTemplate, &rootKey.PublicKey, rootKey)
@@ -547,7 +541,7 @@ func (s *service) saveCA(ctx context.Context, cert *x509.Certificate, privateKey
 	return nil
 }
 
-func (s *service) createIntermediateCA(ctx context.Context, rootCA *CA, config CAConfig) (*CA, error) {
+func (s *service) createIntermediateCA(ctx context.Context, rootCA *CA, config Config) (*CA, error) {
 	intermediateKey, err := rsa.GenerateKey(rand.Reader, PrivateKeyBytes)
 	if err != nil {
 		return nil, err
@@ -584,7 +578,7 @@ func (s *service) createIntermediateCA(ctx context.Context, rootCA *CA, config C
 		BasicConstraintsValid: true,
 		IsCA:                  true,
 		DNSNames:              config.DNSNames,
-		IPAddresses:           parseIPs(config.IPAddresses),
+		IPAddresses:           config.IPAddresses,
 	}
 
 	certBytes, err := x509.CreateCertificate(rand.Reader, &template, rootCA.Certificate, &intermediateKey.PublicKey, rootCA.PrivateKey)
@@ -653,12 +647,12 @@ func (s *service) rotateCA(ctx context.Context, ctype CertType, config *Config)
 				return err
 			}
 		}
-		newRootCA, err := s.generateRootCA(ctx, config.CA)
+		newRootCA, err := s.generateRootCA(ctx, *config)
 		if err != nil {
 			return err
 		}
 		s.rootCA = newRootCA
-		newIntermediateCA, err := s.createIntermediateCA(ctx, newRootCA, config.CA)
+		newIntermediateCA, err := s.createIntermediateCA(ctx, newRootCA, *config)
 		if err != nil {
 			return err
 		}
@@ -674,7 +668,7 @@ func (s *service) rotateCA(ctx context.Context, ctype CertType, config *Config)
 				return err
 			}
 		}
-		newIntermediateCA, err := s.createIntermediateCA(ctx, s.rootCA, config.CA)
+		newIntermediateCA, err := s.createIntermediateCA(ctx, s.rootCA, *config)
 		if err != nil {
 			return err
 		}
@@ -774,13 +768,3 @@ func (s *service) loadCACerts(ctx context.Context) error {
 	}
 	return nil
 }
-
-func parseIPs(ipStrings []string) []net.IP {
-	var ips []net.IP
-	for _, ipString := range ipStrings {
-		if ip := net.ParseIP(ipString); ip != nil {
-			ips = append(ips, ip)
-		}
-	}
-	return ips
-}