admin: Improve CA API
This commit is contained in:
parent
740a735ba6
commit
97427fc690
|
@ -1,6 +1,7 @@
|
||||||
package api
|
package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
|
@ -10,21 +11,47 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
router.GET("/api/ca", apiHandler(genCA))
|
router.GET("/api/ca.pem", apiHandler(GetCAPEM))
|
||||||
|
router.POST("/api/ca/new", apiHandler(
|
||||||
|
func(_ httprouter.Params, _ []byte) (interface{}, error) { return fic.GenerateCA() }))
|
||||||
|
router.GET("/api/ca/crl", apiHandler(GetCRL))
|
||||||
|
router.POST("/api/ca/crl", apiHandler(
|
||||||
|
func(_ httprouter.Params, _ []byte) (interface{}, error) { return fic.GenerateCRL() }))
|
||||||
|
|
||||||
|
|
||||||
router.GET("/api/teams/:tid/certificate/", apiHandler(teamHandler(GetTeamCertificate)))
|
router.GET("/api/teams/:tid/certificate/", apiHandler(teamHandler(GetTeamCertificate)))
|
||||||
router.GET("/api/teams/:tid/certificate/generate", apiHandler(teamHandler(
|
router.GET("/api/teams/:tid/certificate/generate", apiHandler(teamHandler(
|
||||||
func(team fic.Team, _ []byte) (interface{}, error) { return team.GenerateCert(), nil })))
|
func(team fic.Team, _ []byte) (interface{}, error) { return team.GenerateCert() })))
|
||||||
router.GET("/api/teams/:tid/certificate/revoke", apiHandler(teamHandler(
|
router.GET("/api/teams/:tid/certificate/revoke", apiHandler(teamHandler(
|
||||||
func(team fic.Team, _ []byte) (interface{}, error) { return team.RevokeCert(), nil })))
|
func(team fic.Team, _ []byte) (interface{}, error) { return team.RevokeCert() })))
|
||||||
}
|
}
|
||||||
|
|
||||||
func genCA(_ httprouter.Params, body []byte) (interface{}, error) {
|
|
||||||
return fic.GenerateCA(), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func GetTeamCertificate(team fic.Team, body []byte) (interface{}, error) {
|
func GetCAPEM(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||||
if fd, err := os.Open("../PKI/pkcs/" + team.Name + ".p12"); err == nil {
|
if _, err := os.Stat("../PKI/shared/cacert.crt"); os.IsNotExist(err) {
|
||||||
|
return nil, errors.New("Unable to locate the CA root certificate. Have you generated it?")
|
||||||
|
} else if fd, err := os.Open("../PKI/shared/cacert.crt"); err == nil {
|
||||||
|
return ioutil.ReadAll(fd)
|
||||||
|
} else {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetCRL(_ httprouter.Params, _ []byte) (interface{}, error) {
|
||||||
|
if _, err := os.Stat("../PKI/shared/crl.pem"); os.IsNotExist(err) {
|
||||||
|
return nil, errors.New("Unable to locate the CRL. Have you generated it?")
|
||||||
|
} else if fd, err := os.Open("../PKI/shared/crl.pem"); err == nil {
|
||||||
|
return ioutil.ReadAll(fd)
|
||||||
|
} else {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
func GetTeamCertificate(team fic.Team, _ []byte) (interface{}, error) {
|
||||||
|
if _, err := os.Stat("../PKI/pkcs/" + team.Name + ".p12"); os.IsNotExist(err) {
|
||||||
|
return nil, errors.New("Unable to locate the p12. Have you generated it?")
|
||||||
|
} else if fd, err := os.Open("../PKI/pkcs/" + team.Name + ".p12"); err == nil {
|
||||||
return ioutil.ReadAll(fd)
|
return ioutil.ReadAll(fd)
|
||||||
} else {
|
} else {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -4,33 +4,32 @@ import (
|
||||||
"os/exec"
|
"os/exec"
|
||||||
)
|
)
|
||||||
|
|
||||||
func GenerateCA() string {
|
func convOutput(in []byte, err error) (string, error) {
|
||||||
|
return string(in), err
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
func GenerateCA() (string, error) {
|
||||||
// Call the script and return its standard and error output
|
// Call the script and return its standard and error output
|
||||||
cmd := exec.Command("./CA.sh", "-newca")
|
cmd := exec.Command("./CA.sh", "-newca")
|
||||||
|
|
||||||
if output, err := cmd.CombinedOutput(); err != nil {
|
return convOutput(cmd.CombinedOutput())
|
||||||
return string(output) + err.Error()
|
|
||||||
} else {
|
|
||||||
return string(output)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t Team) GenerateCert() string {
|
func GenerateCRL() (string, error) {
|
||||||
|
cmd := exec.Command("./CA.sh", "-gencrl")
|
||||||
|
|
||||||
|
return convOutput(cmd.CombinedOutput())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t Team) GenerateCert() (string, error) {
|
||||||
cmd := exec.Command("./CA.sh", "-newclient", t.Name)
|
cmd := exec.Command("./CA.sh", "-newclient", t.Name)
|
||||||
|
|
||||||
if output, err := cmd.CombinedOutput(); err != nil {
|
return convOutput(cmd.CombinedOutput())
|
||||||
return string(output) + err.Error()
|
|
||||||
} else {
|
|
||||||
return string(output)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t Team) RevokeCert() string {
|
func (t Team) RevokeCert() (string, error) {
|
||||||
cmd := exec.Command("./CA.sh", "-revoke", t.Name)
|
cmd := exec.Command("./CA.sh", "-revoke", t.Name)
|
||||||
|
|
||||||
if output, err := cmd.CombinedOutput(); err != nil {
|
return convOutput(cmd.CombinedOutput())
|
||||||
return string(output) + err.Error()
|
|
||||||
} else {
|
|
||||||
return string(output)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user