From 97427fc6908fb5d72b31b28d6a958fd50c561244 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Mon, 16 Jan 2017 11:55:09 +0100 Subject: [PATCH] admin: Improve CA API --- admin/api/certificate.go | 43 ++++++++++++++++++++++++++++++++-------- libfic/certificate.go | 35 ++++++++++++++++---------------- 2 files changed, 52 insertions(+), 26 deletions(-) diff --git a/admin/api/certificate.go b/admin/api/certificate.go index a98a755f..da669e21 100644 --- a/admin/api/certificate.go +++ b/admin/api/certificate.go @@ -1,6 +1,7 @@ package api import ( + "errors" "io/ioutil" "os" @@ -10,21 +11,47 @@ import ( ) func init() { - router.GET("/api/ca", apiHandler(genCA)) + router.GET("/api/ca.pem", apiHandler(GetCAPEM)) + router.POST("/api/ca/new", apiHandler( + func(_ httprouter.Params, _ []byte) (interface{}, error) { return fic.GenerateCA() })) + router.GET("/api/ca/crl", apiHandler(GetCRL)) + router.POST("/api/ca/crl", apiHandler( + func(_ httprouter.Params, _ []byte) (interface{}, error) { return fic.GenerateCRL() })) + router.GET("/api/teams/:tid/certificate/", apiHandler(teamHandler(GetTeamCertificate))) router.GET("/api/teams/:tid/certificate/generate", apiHandler(teamHandler( - func(team fic.Team, _ []byte) (interface{}, error) { return team.GenerateCert(), nil }))) + func(team fic.Team, _ []byte) (interface{}, error) { return team.GenerateCert() }))) router.GET("/api/teams/:tid/certificate/revoke", apiHandler(teamHandler( - func(team fic.Team, _ []byte) (interface{}, error) { return team.RevokeCert(), nil }))) + func(team fic.Team, _ []byte) (interface{}, error) { return team.RevokeCert() }))) } -func genCA(_ httprouter.Params, body []byte) (interface{}, error) { - return fic.GenerateCA(), nil -} -func GetTeamCertificate(team fic.Team, body []byte) (interface{}, error) { - if fd, err := os.Open("../PKI/pkcs/" + team.Name + ".p12"); err == nil { +func GetCAPEM(_ httprouter.Params, _ []byte) (interface{}, error) { + if _, err := os.Stat("../PKI/shared/cacert.crt"); os.IsNotExist(err) { + return nil, errors.New("Unable to locate the CA root certificate. Have you generated it?") + } else if fd, err := os.Open("../PKI/shared/cacert.crt"); err == nil { + return ioutil.ReadAll(fd) + } else { + return nil, err + } +} + +func GetCRL(_ httprouter.Params, _ []byte) (interface{}, error) { + if _, err := os.Stat("../PKI/shared/crl.pem"); os.IsNotExist(err) { + return nil, errors.New("Unable to locate the CRL. Have you generated it?") + } else if fd, err := os.Open("../PKI/shared/crl.pem"); err == nil { + return ioutil.ReadAll(fd) + } else { + return nil, err + } +} + + +func GetTeamCertificate(team fic.Team, _ []byte) (interface{}, error) { + if _, err := os.Stat("../PKI/pkcs/" + team.Name + ".p12"); os.IsNotExist(err) { + return nil, errors.New("Unable to locate the p12. Have you generated it?") + } else if fd, err := os.Open("../PKI/pkcs/" + team.Name + ".p12"); err == nil { return ioutil.ReadAll(fd) } else { return nil, err diff --git a/libfic/certificate.go b/libfic/certificate.go index 0454ca13..363813cf 100644 --- a/libfic/certificate.go +++ b/libfic/certificate.go @@ -4,33 +4,32 @@ import ( "os/exec" ) -func GenerateCA() string { +func convOutput(in []byte, err error) (string, error) { + return string(in), err +} + + +func GenerateCA() (string, error) { // Call the script and return its standard and error output cmd := exec.Command("./CA.sh", "-newca") - if output, err := cmd.CombinedOutput(); err != nil { - return string(output) + err.Error() - } else { - return string(output) - } + return convOutput(cmd.CombinedOutput()) } -func (t Team) GenerateCert() string { +func GenerateCRL() (string, error) { + cmd := exec.Command("./CA.sh", "-gencrl") + + return convOutput(cmd.CombinedOutput()) +} + +func (t Team) GenerateCert() (string, error) { cmd := exec.Command("./CA.sh", "-newclient", t.Name) - if output, err := cmd.CombinedOutput(); err != nil { - return string(output) + err.Error() - } else { - return string(output) - } + return convOutput(cmd.CombinedOutput()) } -func (t Team) RevokeCert() string { +func (t Team) RevokeCert() (string, error) { cmd := exec.Command("./CA.sh", "-revoke", t.Name) - if output, err := cmd.CombinedOutput(); err != nil { - return string(output) + err.Error() - } else { - return string(output) - } + return convOutput(cmd.CombinedOutput()) }