admin: new route to generate htpasswd corresponding to certificate in use by team

admin/api/certificate.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"crypto/rand"
+	"encoding/base32"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -12,6 +13,7 @@ import (
 	"path"
 	"time"
 	"strconv"
+	"strings"
 
 	"srs.epita.fr/fic-server/admin/pki"
 	"srs.epita.fr/fic-server/libfic"
@@ -22,6 +24,10 @@ import (
 var TeamsDir string
 
 func init() {
+	router.GET("/api/htpasswd", apiHandler(
+		func(httprouter.Params, []byte) (interface{}, error) {
+			return genHtpasswd()
+		}))
 	router.GET("/api/ca/", apiHandler(infoCA))
 	router.GET("/api/ca.pem", apiHandler(getCAPEM))
 	router.POST("/api/ca/new", apiHandler(
@@ -57,6 +63,49 @@ func init() {
 		func(cert fic.Certificate, _ []byte) (interface{}, error) { return cert.Revoke() })))
 }
 
+func genHtpasswd() (ret string, err error) {
+        var teams []fic.Team
+	teams, err = fic.GetTeams()
+	if err != nil {
+		return
+	}
+
+	for _, team := range teams {
+		var serials []uint64
+		serials, err = pki.GetTeamSerials(TeamsDir, team.Id)
+		if err != nil {
+			return
+		}
+
+		if len(serials) == 0 {
+			// Don't include teams that don't have associated certificates
+			continue
+		}
+
+		for _, serial := range serials {
+			var cert fic.Certificate
+			cert, err = fic.GetCertificate(serial)
+			if err != nil {
+				return
+			}
+
+			if cert.Revoked != nil {
+				continue
+			}
+
+			b := make([]byte, 5)
+			if _, err = rand.Read(b); err != nil {
+				return
+			}
+			salt := base32.StdEncoding.EncodeToString(b)
+
+			ret += fmt.Sprintf("%s:$apr1$%s$%s\n", strings.ToLower(team.Name), salt, fic.Apr1Md5(cert.Password, salt))
+		}
+	}
+
+	return
+}
+
 func infoCA(_ httprouter.Params, _ []byte) (interface{}, error) {
 	_, cacert, err := pki.LoadCA()
 	if err != nil {