|
|
@ -177,6 +177,18 @@ func LoadConfiguration(r io.Reader) (*SignerConfig, error) {
|
|
|
|
return nil, fmt.Errorf("could not parse YAML configuration: %w", err)
|
|
|
|
return nil, fmt.Errorf("could not parse YAML configuration: %w", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if config.Global == nil {
|
|
|
|
|
|
|
|
return nil, errors.New("configuration entry 'Settings' is missing or empty")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if config.CAs == nil {
|
|
|
|
|
|
|
|
return nil, errors.New("configuration entry 'CAs' is missing or empty")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if config.KeyStorage == nil {
|
|
|
|
|
|
|
|
return nil, errors.New("configuration entry 'KeyStorage' is missing or empty")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &SignerConfig{
|
|
|
|
return &SignerConfig{
|
|
|
|
global: config.Global,
|
|
|
|
global: config.Global,
|
|
|
|
caMap: config.CAs,
|
|
|
|
caMap: config.CAs,
|
|
|
@ -192,7 +204,6 @@ type PrivateKeyInfo struct {
|
|
|
|
|
|
|
|
|
|
|
|
func (p *PrivateKeyInfo) UnmarshalYAML(value *yaml.Node) error {
|
|
|
|
func (p *PrivateKeyInfo) UnmarshalYAML(value *yaml.Node) error {
|
|
|
|
internalStructure := struct {
|
|
|
|
internalStructure := struct {
|
|
|
|
Label string `yaml:"label"`
|
|
|
|
|
|
|
|
Algorithm string `yaml:"algorithm"`
|
|
|
|
Algorithm string `yaml:"algorithm"`
|
|
|
|
EccCurve string `yaml:"ecc-curve,omitempty"`
|
|
|
|
EccCurve string `yaml:"ecc-curve,omitempty"`
|
|
|
|
RSABits *int `yaml:"rsa-bits,omitempty"`
|
|
|
|
RSABits *int `yaml:"rsa-bits,omitempty"`
|
|
|
@ -207,17 +218,25 @@ func (p *PrivateKeyInfo) UnmarshalYAML(value *yaml.Node) error {
|
|
|
|
case "RSA":
|
|
|
|
case "RSA":
|
|
|
|
p.Algorithm = x509.RSA
|
|
|
|
p.Algorithm = x509.RSA
|
|
|
|
if internalStructure.RSABits == nil {
|
|
|
|
if internalStructure.RSABits == nil {
|
|
|
|
return errors.New("RSA key length not specified")
|
|
|
|
return errors.New("element 'rsa-bits' with RSA key length required for algorithm RSA")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
p.RSABits = *internalStructure.RSABits
|
|
|
|
p.RSABits = *internalStructure.RSABits
|
|
|
|
case "EC":
|
|
|
|
case "EC":
|
|
|
|
p.Algorithm = x509.ECDSA
|
|
|
|
p.Algorithm = x509.ECDSA
|
|
|
|
|
|
|
|
if internalStructure.EccCurve == "" {
|
|
|
|
|
|
|
|
return errors.New("element 'ecc-curve' required for algorithm EC")
|
|
|
|
|
|
|
|
}
|
|
|
|
p.EccCurve, err = nameToCurve(internalStructure.EccCurve)
|
|
|
|
p.EccCurve, err = nameToCurve(internalStructure.EccCurve)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
case "":
|
|
|
|
|
|
|
|
return errors.New("element 'algorithm' must be specified as 'EC' or 'RSA'")
|
|
|
|
default:
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("unsupported key algorithm %s", internalStructure.Algorithm)
|
|
|
|
return fmt.Errorf(
|
|
|
|
|
|
|
|
"unsupported key algorithm %s, use either 'EC' or 'RSA'",
|
|
|
|
|
|
|
|
internalStructure.Algorithm,
|
|
|
|
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
return nil
|
|
|
@ -302,7 +321,16 @@ func (c *CaCertificateEntry) UnmarshalYAML(value *yaml.Node) error {
|
|
|
|
return err
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if m.KeyInfo == nil {
|
|
|
|
|
|
|
|
return errors.New("element 'key-info' must be set")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
c.KeyInfo = m.KeyInfo
|
|
|
|
c.KeyInfo = m.KeyInfo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if m.CommonName == "" {
|
|
|
|
|
|
|
|
return errors.New("element 'common-name' must be set")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
c.CommonName = m.CommonName
|
|
|
|
c.CommonName = m.CommonName
|
|
|
|
c.MaxPathLen = m.MaxPathLen
|
|
|
|
c.MaxPathLen = m.MaxPathLen
|
|
|
|
|
|
|
|
|
|
|
|