代码拉取完成,页面将自动刷新
package remote
import (
"crypto/x509"
"encoding/json"
"errors"
"net/http"
"gitee.com/hyperledger-fabric-gm/cfssl/api/client"
"gitee.com/hyperledger-fabric-gm/cfssl/certdb"
"gitee.com/hyperledger-fabric-gm/cfssl/config"
cferr "gitee.com/hyperledger-fabric-gm/cfssl/errors"
"gitee.com/hyperledger-fabric-gm/cfssl/helpers"
"gitee.com/hyperledger-fabric-gm/cfssl/info"
"gitee.com/hyperledger-fabric-gm/cfssl/signer"
)
// A Signer represents a CFSSL instance running as signing server.
// fulfills the signer.Signer interface
type Signer struct {
policy *config.Signing
reqModifier func(*http.Request, []byte)
}
// NewSigner creates a new remote Signer directly from a
// signing policy.
func NewSigner(policy *config.Signing) (*Signer, error) {
if policy != nil {
if !policy.Valid() {
return nil, cferr.New(cferr.PolicyError,
cferr.InvalidPolicy)
}
return &Signer{policy: policy}, nil
}
return nil, cferr.New(cferr.PolicyError,
cferr.InvalidPolicy)
}
// Sign sends a signature request to the remote CFSSL server,
// receiving a signed certificate or an error in response. The hostname,
// csr, and profileName are used as with a local signing operation, and
// the label is used to select a signing root in a multi-root CA.
func (s *Signer) Sign(req signer.SignRequest) (cert []byte, err error) {
resp, err := s.remoteOp(req, req.Profile, "sign")
if err != nil {
return
}
if cert, ok := resp.([]byte); ok {
return cert, nil
}
return
}
// Info sends an info request to the remote CFSSL server, receiving an
// Resp struct or an error in response.
func (s *Signer) Info(req info.Req) (resp *info.Resp, err error) {
respInterface, err := s.remoteOp(req, req.Profile, "info")
if err != nil {
return
}
if resp, ok := respInterface.(*info.Resp); ok {
return resp, nil
}
return
}
// Helper function to perform a remote sign or info request.
func (s *Signer) remoteOp(req interface{}, profile, target string) (resp interface{}, err error) {
jsonData, err := json.Marshal(req)
if err != nil {
return nil, cferr.Wrap(cferr.APIClientError, cferr.JSONError, err)
}
p, err := signer.Profile(s, profile)
if err != nil {
return
}
server := client.NewServerTLS(p.RemoteServer, helpers.CreateTLSConfig(p.RemoteCAs, p.ClientCert))
if server == nil {
return nil, cferr.Wrap(cferr.PolicyError, cferr.InvalidRequest,
errors.New("failed to connect to remote"))
}
server.SetReqModifier(s.reqModifier)
// There's no auth provider for the "info" method
if target == "info" {
resp, err = server.Info(jsonData)
} else if p.RemoteProvider != nil {
resp, err = server.AuthSign(jsonData, nil, p.RemoteProvider)
} else {
resp, err = server.Sign(jsonData)
}
if err != nil {
return nil, err
}
return
}
// SigAlgo returns the RSA signer's signature algorithm.
func (s *Signer) SigAlgo() x509.SignatureAlgorithm {
// TODO: implement this as a remote info call
return x509.UnknownSignatureAlgorithm
}
// SetPolicy sets the signer's signature policy.
func (s *Signer) SetPolicy(policy *config.Signing) {
s.policy = policy
}
// SetDBAccessor sets the signers' cert db accessor, currently noop.
func (s *Signer) SetDBAccessor(dba certdb.Accessor) {
// noop
}
// GetDBAccessor returns the signers' cert db accessor, currently noop.
func (s *Signer) GetDBAccessor() certdb.Accessor {
return nil
}
// SetReqModifier sets the function to call to modify the HTTP request prior to sending it
func (s *Signer) SetReqModifier(mod func(*http.Request, []byte)) {
s.reqModifier = mod
}
// Policy returns the signer's policy.
func (s *Signer) Policy() *config.Signing {
return s.policy
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手