func (a *API) sign(w http.ResponseWriter, r *http.Request) {
var signRequest signer.SignRequest
if err := json.NewDecoder(r.Body).Decode(&signRequest); err != nil {
http.Error(w, "invalid signing request", http.StatusBadRequest)
return
}
signer, ok := a.signers[signRequest.Label]
if !ok {
http.Error(w, "unable to find signer with specified label", http.StatusBadRequest)
return
}
if !isCSRValid(&signRequest) {
http.Error(w, "invalid signing request", http.StatusBadRequest)
return
}
cert, err := signer.Sign(signRequest)
if err != nil {
http.Error(w, "error signing request", http.StatusInternalServerError)
return
}
certificate := &CertificateResponse{
Certificate: string(cert),
}
if err := json.NewEncoder(w).Encode(certificate); err != nil {
http.Error(w, "error encoding certificate", http.StatusInternalServerError)
return
}
}
// create a test intermediate cert in PEM
func createInterCert(t *testing.T, csrFile string, policy *config.Signing, profileName string) (certPEM []byte) {
signer, err := signer.NewSigner(testCAFile, testCAKeyFile, policy)
if err != nil {
t.Fatal(err)
}
csr, err := ioutil.ReadFile(csrFile)
if err != nil {
t.Fatal(err)
}
certPEM, err = signer.Sign("cloudflare-inter.com", csr, profileName)
if err != nil {
t.Fatal(err)
}
return
}
// signerMain is the main CLI of signer functionality.
// [TODO: zi] Decide whether to drop the argument list and only use flags to specify all the inputs.
func signerMain(args []string) (err error) {
// Grab values through args only if corresponding flags are absent
if Config.hostname == "" {
Config.hostname, args, err = popFirstArgument(args)
if err != nil {
return
}
}
if Config.certFile == "" {
Config.certFile, args, err = popFirstArgument(args)
if err != nil {
return
}
}
// Read the certificate and sign it with CA files
log.Debug("Loading Client certificate: ", Config.certFile)
clientCert, err := ioutil.ReadFile(Config.certFile)
if err != nil {
return
}
var policy *config.Signing
// If there is a config, use its signing policy. Otherwise, leave policy == nil
// and NewSigner will use DefaultConfig().
if Config.cfg != nil {
policy = Config.cfg.Signing
}
signer, err := signer.NewSigner(Config.caFile, Config.caKeyFile, policy)
if err != nil {
return
}
cert, err := signer.Sign(Config.hostname, clientCert, Config.profile)
if err != nil {
return
}
fmt.Printf("%s", cert)
return
}
