탐색 도움말
로그인
cloudflare
/
cfssl
의 미러 https://github.com/cloudflare/cfssl
Watch 1
Star 0
포크 0
파일 이슈
브렌치: nicky/goreleaser-action
브랜치 태그
cfssl
/
api
/
bundle
/
bundle.go

bundle.go 2.3 KB
고유링크 히스토리 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. // Package bundle implements the HTTP handler for the bundle command.
    2. 

  2. package bundle
    3. 

  3. 

  4. import (
    5. 

  5. 	"net/http"
    6. 

  6. 

  7. 	"github.com/cloudflare/cfssl/api"
    8. 

  8. 	"github.com/cloudflare/cfssl/bundler"
    9. 

  9. 	"github.com/cloudflare/cfssl/errors"
    10. 

  10. 	"github.com/cloudflare/cfssl/log"
    11. 

  11. )
    12. 

  12. 

  13. // Handler accepts requests for either remote or uploaded
    14. 

  14. // certificates to be bundled, and returns a certificate bundle (or
    15. 

  15. // error).
    16. 

  16. type Handler struct {
    17. 

  17. 	bundler *bundler.Bundler
    18. 

  18. }
    19. 

  19. 

  20. // NewHandler creates a new bundler that uses the root bundle and
    21. 

  21. // intermediate bundle in the trust chain.
    22. 

  22. func NewHandler(caBundleFile, intBundleFile string) (http.Handler, error) {
    23. 

  23. 	var err error
    24. 

  24. 

  25. 	b := new(Handler)
    26. 

  26. 	if b.bundler, err = bundler.NewBundler(caBundleFile, intBundleFile); err != nil {
    27. 

  27. 		return nil, err
    28. 

  28. 	}
    29. 

  29. 

  30. 	log.Info("bundler API ready")
    31. 

  31. 	return api.HTTPHandler{Handler: b, Methods: []string{"POST"}}, nil
    32. 

  32. }
    33. 

  33. 

  34. // Handle implements an http.Handler interface for the bundle handler.
    35. 

  35. func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error {
    36. 

  36. 	blob, matched, err := api.ProcessRequestFirstMatchOf(r,
    37. 

  37. 		[][]string{
    38. 

  38. 			{"certificate"},
    39. 

  39. 			{"domain"},
    40. 

  40. 		})
    41. 

  41. 	if err != nil {
    42. 

  42. 		log.Warningf("invalid request: %v", err)
    43. 

  43. 		return err
    44. 

  44. 	}
    45. 

  45. 

  46. 	flavor := blob["flavor"]
    47. 

  47. 	bf := bundler.Ubiquitous
    48. 

  48. 	if flavor != "" {
    49. 

  49. 		bf = bundler.BundleFlavor(flavor)
    50. 

  50. 	}
    51. 

  51. 	log.Infof("request for flavor %v", bf)
    52. 

  52. 

  53. 	var result *bundler.Bundle
    54. 

  54. 	switch matched[0] {
    55. 

  55. 	case "domain":
    56. 

  56. 		bundle, err := h.bundler.BundleFromRemote(blob["domain"], blob["ip"], bf)
    57. 

  57. 		if err != nil {
    58. 

  58. 			log.Warningf("couldn't bundle from remote: %v", err)
    59. 

  59. 			return err
    60. 

  60. 		}
    61. 

  61. 		result = bundle
    62. 

  62. 	case "certificate":
    63. 

  63. 		bundle, err := h.bundler.BundleFromPEMorDER([]byte(blob["certificate"]), []byte(blob["private_key"]), bf, "")
    64. 

  64. 		if err != nil {
    65. 

  65. 			log.Warning("bad PEM certificate or private key")
    66. 

  66. 			return err
    67. 

  67. 		}
    68. 

  68. 

  69. 		serverName := blob["domain"]
    70. 

  70. 		ip := blob["ip"]
    71. 

  71. 

  72. 		if serverName != "" {
    73. 

  73. 			err := bundle.Cert.VerifyHostname(serverName)
    74. 

  74. 			if err != nil {
    75. 

  75. 				return errors.Wrap(errors.CertificateError, errors.VerifyFailed, err)
    76. 

  76. 			}
    77. 

  77. 

  78. 		}
    79. 

  79. 

  80. 		if ip != "" {
    81. 

  81. 			err := bundle.Cert.VerifyHostname(ip)
    82. 

  82. 			if err != nil {
    83. 

  83. 				return errors.Wrap(errors.CertificateError, errors.VerifyFailed, err)
    84. 

  84. 			}
    85. 

  85. 		}
    86. 

  86. 

  87. 		result = bundle
    88. 

  88. 	}
    89. 

  89. 	log.Info("wrote response")
    90. 

  90. 	return api.SendResponse(w, result)
    91. 

  91. }
    92. 

  92.