github.com/minio/console@v1.3.0/pkg/kes/kes.go (about) 1 // This file is part of MinIO Console Server 2 // Copyright (c) 2021 MinIO, Inc. 3 // 4 // This program is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Affero General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // This program is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Affero General Public License for more details. 13 // 14 // You should have received a copy of the GNU Affero General Public License 15 // along with this program. If not, see <http://www.gnu.org/licenses/>. 16 17 package kes 18 19 import ( 20 "crypto/x509" 21 "encoding/pem" 22 "errors" 23 "time" 24 25 "github.com/minio/kes" 26 ) 27 28 type Identity = kes.Identity 29 30 type TLSProxyHeader struct { 31 ClientCert string `yaml:"cert,omitempty"` 32 } 33 34 type TLSProxy struct { 35 Identities *[]Identity `yaml:"identities,omitempty" json:"identities,omitempty"` 36 Header *TLSProxyHeader `yaml:"header,omitempty" json:"header,omitempty"` 37 } 38 39 type TLS struct { 40 KeyPath string `yaml:"key,omitempty" json:"key,omitempty"` 41 CertPath string `yaml:"cert,omitempty" json:"cert,omitempty"` 42 Proxy *TLSProxy `yaml:"proxy,omitempty" json:"proxy,omitempty"` 43 } 44 45 type Policy struct { 46 Paths []string `yaml:"paths,omitempty" json:"paths,omitempty"` 47 Identities []Identity `yaml:"identities,omitempty" json:"identities,omitempty"` 48 } 49 50 type Expiry struct { 51 Any time.Duration `yaml:"any,omitempty" json:"any,omitempty"` 52 Unused time.Duration `yaml:"unused,omitempty" json:"unused,omitempty"` 53 } 54 55 type Cache struct { 56 Expiry *Expiry `yaml:"expiry,omitempty" json:"expiry,omitempty"` 57 } 58 59 type Log struct { 60 Error string `yaml:"error,omitempty" json:"error,omitempty"` 61 Audit string `yaml:"audit,omitempty" json:"audit,omitempty"` 62 } 63 64 type Fs struct { 65 Path string `yaml:"path,omitempty" json:"path,omitempty"` 66 } 67 68 type AppRole struct { 69 EnginePath string `yaml:"engine,omitempty" json:"engine,omitempty"` 70 ID string `yaml:"id,omitempty" json:"id,omitempty"` 71 Secret string `yaml:"secret,omitempty" json:"secret,omitempty"` 72 Retry time.Duration `yaml:"retry,omitempty" json:"retry,omitempty"` 73 } 74 75 type VaultTLS struct { 76 KeyPath string `yaml:"key,omitempty" json:"key,omitempty"` 77 CertPath string `yaml:"cert,omitempty" json:"cert,omitempty"` 78 CAPath string `yaml:"ca,omitempty" json:"ca,omitempty"` 79 } 80 81 type VaultStatus struct { 82 Ping time.Duration `yaml:"ping,omitempty" json:"ping,omitempty"` 83 } 84 85 type Vault struct { 86 Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"` 87 EnginePath string `yaml:"engine,omitempty" json:"engine,omitempty"` 88 Namespace string `yaml:"namespace,omitempty" json:"namespace,omitempty"` 89 Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` 90 AppRole *AppRole `yaml:"approle,omitempty" json:"approle,omitempty"` 91 TLS *VaultTLS `yaml:"tls,omitempty" json:"tls,omitempty"` 92 Status *VaultStatus `yaml:"status,omitempty" json:"status,omitempty"` 93 } 94 95 type AwsSecretManagerLogin struct { 96 AccessKey string `yaml:"accesskey" json:"accesskey"` 97 SecretKey string `yaml:"secretkey" json:"secretkey"` 98 SessionToken string `yaml:"token" json:"token"` 99 } 100 101 type AwsSecretManager struct { 102 Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"` 103 Region string `yaml:"region,omitempty" json:"region,omitempty"` 104 KmsKey string `yaml:"kmskey,omitempty" json:"kmskey,omitempty"` 105 Login *AwsSecretManagerLogin `yaml:"credentials,omitempty" json:"credentials,omitempty"` 106 } 107 108 type Aws struct { 109 SecretsManager *AwsSecretManager `yaml:"secretsmanager,omitempty" json:"secretsmanager,omitempty"` 110 } 111 112 type GemaltoCredentials struct { 113 Token string `yaml:"token,omitempty" json:"token,omitempty"` 114 Domain string `yaml:"domain,omitempty" json:"domain,omitempty"` 115 Retry time.Duration `yaml:"retry,omitempty" json:"retry,omitempty"` 116 } 117 118 type GemaltoTLS struct { 119 CAPath string `yaml:"ca,omitempty"` 120 } 121 122 type GemaltoKeySecure struct { 123 Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"` 124 Credentials *GemaltoCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"` 125 TLS *GemaltoTLS `yaml:"tls,omitempty" json:"tls,omitempty"` 126 } 127 128 type Gemalto struct { 129 KeySecure *GemaltoKeySecure `yaml:"keysecure,omitempty" json:"keysecure,omitempty"` 130 } 131 132 type GcpCredentials struct { 133 ClientEmail string `yaml:"client_email" json:"client_email"` 134 ClientID string `yaml:"client_id" json:"client_id"` 135 PrivateKeyID string `yaml:"private_key_id" json:"private_key_id"` 136 PrivateKey string `yaml:"private_key" json:"private_key"` 137 } 138 139 type GcpSecretManager struct { 140 ProjectID string `yaml:"project_id" json:"project_id"` 141 Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"` 142 Credentials *GcpCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"` 143 } 144 145 type Gcp struct { 146 SecretManager *GcpSecretManager `yaml:"secretmanager,omitempty" json:"secretmanager,omitempty"` 147 } 148 149 type AzureCredentials struct { 150 TenantID string `yaml:"tenant_id" json:"tenant_id"` 151 ClientID string `yaml:"client_id" json:"client_id"` 152 ClientSecret string `yaml:"client_secret" json:"client_secret"` 153 } 154 155 type AzureKeyVault struct { 156 Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"` 157 Credentials *AzureCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"` 158 } 159 160 type Azure struct { 161 KeyVault *AzureKeyVault `yaml:"keyvault,omitempty" json:"keyvault,omitempty"` 162 } 163 164 type Keys struct { 165 Fs *Fs `yaml:"fs,omitempty" json:"fs,omitempty"` 166 Vault *Vault `yaml:"vault,omitempty" json:"vault,omitempty"` 167 Aws *Aws `yaml:"aws,omitempty" json:"aws,omitempty"` 168 Gemalto *Gemalto `yaml:"gemalto,omitempty" json:"gemalto,omitempty"` 169 Gcp *Gcp `yaml:"gcp,omitempty" json:"gcp,omitempty"` 170 Azure *Azure `yaml:"azure,omitempty" json:"azure,omitempty"` 171 } 172 173 type ServerConfig struct { 174 Addr string `yaml:"address,omitempty" json:"address,omitempty"` 175 Root Identity `yaml:"root,omitempty" json:"root,omitempty"` 176 TLS TLS `yaml:"tls,omitempty" json:"tls,omitempty"` 177 Policies map[string]Policy `yaml:"policy,omitempty" json:"policy,omitempty"` 178 Cache Cache `yaml:"cache,omitempty" json:"cache,omitempty"` 179 Log Log `yaml:"log,omitempty" json:"log,omitempty"` 180 Keys Keys `yaml:"keys,omitempty" json:"keys,omitempty"` 181 } 182 183 func ParseCertificate(cert []byte) (*x509.Certificate, error) { 184 for { 185 var certDERBlock *pem.Block 186 certDERBlock, cert = pem.Decode(cert) 187 if certDERBlock == nil { 188 break 189 } 190 191 if certDERBlock.Type == "CERTIFICATE" { 192 return x509.ParseCertificate(certDERBlock.Bytes) 193 } 194 } 195 return nil, errors.New("found no (non-CA) certificate in any PEM block") 196 }