mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
26f397afc01e9221b5388385e00fc309dc7d4925
metacrypt/internal/grpcserver/pki.go
Kyle Isom bbe382dc10 Migrate module path from kyle/ to mc/ org 
All import paths updated to git.wntrmute.dev/mc/. Bumps mcdsl to v1.2.0.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 02:05:59 -07:00

103 lines
2.9 KiB
Go
Raw Blame History

package grpcserver
import (
"context"
"errors"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
"git.wntrmute.dev/mc/metacrypt/internal/engine"
"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
)
type pkiServer struct {
pb.UnimplementedPKIServiceServer
s *GRPCServer
}
func (ps *pkiServer) GetRootCert(_ context.Context, req *pb.GetRootCertRequest) (*pb.GetRootCertResponse, error) {
caEng, err := ps.getCAEngine(req.Mount)
if err != nil {
return nil, err
}
certPEM, err := caEng.GetRootCertPEM()
if err != nil {
return nil, status.Error(codes.Unavailable, "sealed")
}
return &pb.GetRootCertResponse{CertPem: certPEM}, nil
}
func (ps *pkiServer) GetChain(_ context.Context, req *pb.GetChainRequest) (*pb.GetChainResponse, error) {
if req.Issuer == "" {
return nil, status.Error(codes.InvalidArgument, "issuer is required")
}
caEng, err := ps.getCAEngine(req.Mount)
if err != nil {
return nil, err
}
chainPEM, err := caEng.GetChainPEM(req.Issuer)
if err != nil {
if errors.Is(err, ca.ErrIssuerNotFound) {
return nil, status.Error(codes.NotFound, "issuer not found")
}
return nil, status.Error(codes.Unavailable, "sealed")
}
return &pb.GetChainResponse{ChainPem: chainPEM}, nil
}
func (ps *pkiServer) GetIssuerCert(_ context.Context, req *pb.GetIssuerCertRequest) (*pb.GetIssuerCertResponse, error) {
if req.Issuer == "" {
return nil, status.Error(codes.InvalidArgument, "issuer is required")
}
caEng, err := ps.getCAEngine(req.Mount)
if err != nil {
return nil, err
}
certPEM, err := caEng.GetIssuerCertPEM(req.Issuer)
if err != nil {
if errors.Is(err, ca.ErrIssuerNotFound) {
return nil, status.Error(codes.NotFound, "issuer not found")
}
return nil, status.Error(codes.Unavailable, "sealed")
}
return &pb.GetIssuerCertResponse{CertPem: certPEM}, nil
}
func (ps *pkiServer) GetCRL(ctx context.Context, req *pb.GetCRLRequest) (*pb.GetCRLResponse, error) {
if req.Issuer == "" {
return nil, status.Error(codes.InvalidArgument, "issuer is required")
}
caEng, err := ps.getCAEngine(req.Mount)
if err != nil {
return nil, err
}
crlDER, err := caEng.GetCRLDER(ctx, req.Issuer)
if err != nil {
if errors.Is(err, ca.ErrIssuerNotFound) {
return nil, status.Error(codes.NotFound, "issuer not found")
}
if errors.Is(err, ca.ErrSealed) {
return nil, status.Error(codes.Unavailable, "sealed")
}
return nil, status.Error(codes.Internal, err.Error())
}
return &pb.GetCRLResponse{CrlDer: crlDER}, nil
}
func (ps *pkiServer) getCAEngine(mountName string) (*ca.CAEngine, error) {
mount, err := ps.s.engines.GetMount(mountName)
if err != nil {
return nil, status.Error(codes.NotFound, err.Error())
}
if mount.Type != engine.EngineTypeCA {
return nil, status.Error(codes.NotFound, "mount is not a CA engine")
}
caEng, ok := mount.Engine.(*ca.CAEngine)
if !ok {
return nil, status.Error(codes.NotFound, "mount is not a CA engine")
}
return caEng, nil
}
Reference in New Issue View Git Blame Copy Permalink