-
-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[BACK-2637] Add palmtree partner certificate fetching api.
- Loading branch information
1 parent
dd63082
commit a812081
Showing
6 changed files
with
230 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,162 @@ | ||
package appvalidate | ||
|
||
import ( | ||
"bytes" | ||
"context" | ||
"crypto/tls" | ||
"encoding/json" | ||
"errors" | ||
"fmt" | ||
"net/http" | ||
"net/url" | ||
"path" | ||
|
||
"github.com/kelseyhightower/envconfig" | ||
|
||
"github.com/tidepool-org/platform/structure" | ||
structValidator "github.com/tidepool-org/platform/structure/validator" | ||
) | ||
|
||
const ( | ||
PartnerPalmTree = "PalmTree" | ||
) | ||
|
||
type PalmTreeSecretsConfig struct { | ||
BaseURL string `envconfig:"PALMTREE_BASE_URL"` | ||
CalID string `envconfig:"PALMTREE_CAL_ID"` | ||
ProfileID string `envconfig:"PALMTREE_PROFILE_ID"` | ||
CertFile string `envconfig:"PALMTREE_TLS_CERT_FILE"` | ||
KeyFile string `envconfig:"PALMTREE_TLS_KEY_FILE"` | ||
} | ||
|
||
type PalmTreeSecrets struct { | ||
Config PalmTreeSecretsConfig | ||
client *http.Client | ||
} | ||
|
||
func NewPalmTreeSecretsConfig() (*PalmTreeSecretsConfig, error) { | ||
cfg := &PalmTreeSecretsConfig{} | ||
if err := envconfig.Process("", cfg); err != nil { | ||
return nil, err | ||
} | ||
return cfg, nil | ||
} | ||
|
||
func NewPalmTreeSecrets(c *PalmTreeSecretsConfig) (*PalmTreeSecrets, error) { | ||
if c == nil { | ||
return nil, errors.New("empty PalmTree config") | ||
} | ||
cert, err := tls.LoadX509KeyPair(c.CertFile, c.KeyFile) | ||
if err != nil { | ||
return nil, fmt.Errorf("unable to load PalmTree X.509 key pair: %w", err) | ||
} | ||
tr := &http.Transport{ | ||
TLSClientConfig: &tls.Config{ | ||
Certificates: []tls.Certificate{cert}, | ||
}, | ||
} | ||
|
||
return &PalmTreeSecrets{ | ||
Config: *c, | ||
client: &http.Client{Transport: tr}, | ||
}, nil | ||
} | ||
|
||
type PalmTreePayload struct { | ||
CSR string `json:"csr"` | ||
ProfileID string `json:"profileId"` | ||
RequiredFormat palmTreeRequiredFormat `json:"requiredFormat"` | ||
CertificateRequestDetails palmTreeCertificateRequestDetails `json:"optionalCertificateRequestDetails"` | ||
} | ||
|
||
type palmTreeCertificateRequestDetails struct { | ||
SubjectDN string `json:"subjectDn"` | ||
} | ||
|
||
type palmTreeRequiredFormat struct { | ||
Format string `json:"format"` | ||
} | ||
|
||
type PalmTreeResponse struct { | ||
Type string `json:"type"` | ||
|
||
Message struct { | ||
Message string `json:"message"` | ||
Details []any `json:"details"` | ||
} `json:"message"` | ||
|
||
Enrollment struct { | ||
ID string `json:"id"` | ||
SerialNumber string `json:"serialNumber"` | ||
SubjectName string `json:"subjectName"` | ||
IssuerName string `json:"issuerName"` | ||
ValidityPeroid string `json:"validityPeriod"` | ||
Status string `json:"status"` | ||
Body string `json:"body"` | ||
} `json:"enrollment"` | ||
} | ||
|
||
func (pt *PalmTreeSecrets) GetSecret(ctx context.Context, partnerDataRaw []byte) (*PalmTreeResponse, error) { | ||
payload := newPalmtreePayload(pt.Config.ProfileID) | ||
|
||
if err := json.Unmarshal(partnerDataRaw, payload); err != nil { | ||
return nil, fmt.Errorf("unable to unmarshal PalmTree payload: %w", err) | ||
} | ||
|
||
if err := structValidator.New().Validate(payload); err != nil { | ||
return nil, fmt.Errorf("unable to validate PalmTree payload: %w", err) | ||
} | ||
|
||
var buf bytes.Buffer | ||
if err := json.NewEncoder(&buf).Encode(payload); err != nil { | ||
return nil, err | ||
} | ||
|
||
u, err := url.Parse(pt.Config.BaseURL) | ||
if err != nil { | ||
return nil, fmt.Errorf("unable to prase PalmTree API baseURL: %w", err) | ||
} | ||
u.Path = path.Join(u.Path, fmt.Sprintf("v1/certificate-authorities/%s/enrollments", url.PathEscape(pt.Config.CalID))) | ||
|
||
req, err := http.NewRequestWithContext(ctx, http.MethodPost, u.String(), &buf) | ||
if err != nil { | ||
return nil, err | ||
} | ||
req.Header.Add("content-type", "application/json") | ||
req.Header.Add("accept", "application/json") | ||
|
||
res, err := pt.client.Do(req) | ||
if err != nil { | ||
return nil, fmt.Errorf("unable to issue PalmTree API request: %w", err) | ||
} | ||
defer res.Body.Close() | ||
|
||
if res.StatusCode < 200 || res.StatusCode >= 300 { | ||
return nil, fmt.Errorf("unsuccessful PalmTree API response: %v: %v", res.StatusCode, res.Status) | ||
} | ||
|
||
var response PalmTreeResponse | ||
if err := json.NewDecoder(res.Body).Decode(&response); err != nil { | ||
return nil, fmt.Errorf("unable to read PalmTree API response: %w", err) | ||
} | ||
return &response, nil | ||
} | ||
|
||
func (p *PalmTreePayload) Validate(v structure.Validator) { | ||
v.String("csr", &p.CSR).NotEmpty() | ||
v.String("profileId", &p.ProfileID).NotEmpty() | ||
v.String("requiredFormat.format", &p.RequiredFormat.Format).NotEmpty() | ||
v.String("optionalCertificateRequestDetails.subjectDn", &p.CertificateRequestDetails.SubjectDN).NotEmpty() | ||
} | ||
|
||
func newPalmtreePayload(profileID string) *PalmTreePayload { | ||
return &PalmTreePayload{ | ||
ProfileID: profileID, | ||
RequiredFormat: palmTreeRequiredFormat{ | ||
Format: "PEM", | ||
}, | ||
CertificateRequestDetails: palmTreeCertificateRequestDetails{ | ||
SubjectDN: "C=US", | ||
}, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters