// Handle implements an http.Handler interface for the bundle handler.
func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error {
blob, matched, err := api.ProcessRequestFirstMatchOf(r,
[][]string{
{"certificate"},
{"domain"},
})
if err != nil {
log.Warningf("invalid request: %v", err)
return err
}
flavor := blob["flavor"]
bf := bundler.Ubiquitous
if flavor != "" {
bf = bundler.BundleFlavor(flavor)
}
log.Infof("request for flavor %v", bf)
var result *bundler.Bundle
switch matched[0] {
case "domain":
bundle, err := h.bundler.BundleFromRemote(blob["domain"], blob["ip"], bf)
if err != nil {
log.Warningf("couldn't bundle from remote: %v", err)
return err
}
result = bundle
case "certificate":
bundle, err := h.bundler.BundleFromPEMorDER([]byte(blob["certificate"]), []byte(blob["private_key"]), bf, "")
if err != nil {
log.Warning("bad PEM certifcate or private key")
return err
}
serverName := blob["domain"]
ip := blob["ip"]
if serverName != "" {
err := bundle.Cert.VerifyHostname(serverName)
if err != nil {
return errors.Wrap(errors.CertificateError, errors.VerifyFailed, err)
}
}
if ip != "" {
err := bundle.Cert.VerifyHostname(ip)
if err != nil {
return errors.Wrap(errors.CertificateError, errors.VerifyFailed, err)
}
}
result = bundle
}
log.Info("wrote response")
return api.SendResponse(w, result)
}
// bundlerMain is the main CLI of bundler functionality.
func bundlerMain(args []string, c cli.Config) (err error) {
bundler.IntermediateStash = c.IntDir
ubiquity.LoadPlatforms(c.Metadata)
flavor := bundler.BundleFlavor(c.Flavor)
var b *bundler.Bundler
// If it is a force bundle, don't require ca bundle and intermediate bundle
// Otherwise, initialize a bundler with CA bundle and intermediate bundle.
if flavor == bundler.Force {
b = &bundler.Bundler{}
} else {
b, err = bundler.NewBundler(c.CABundleFile, c.IntBundleFile)
if err != nil {
return
}
}
var bundle *bundler.Bundle
if c.CertFile != "" {
if c.CertFile == "-" {
var certPEM, keyPEM []byte
certPEM, err = cli.ReadStdin(c.CertFile)
if err != nil {
return
}
if c.KeyFile != "" {
keyPEM, err = cli.ReadStdin(c.KeyFile)
if err != nil {
return
}
}
bundle, err = b.BundleFromPEMorDER(certPEM, keyPEM, flavor, "")
if err != nil {
return
}
} else {
// Bundle the client cert
bundle, err = b.BundleFromFile(c.CertFile, c.KeyFile, flavor, c.Password)
if err != nil {
return
}
}
} else if c.Domain != "" {
bundle, err = b.BundleFromRemote(c.Domain, c.IP, flavor)
if err != nil {
return
}
} else {
return errors.New("Must specify bundle target through -cert or -domain")
}
marshaled, err := bundle.MarshalJSON()
if err != nil {
return
}
fmt.Printf("%s", marshaled)
return
}
func (h *BundlerHandler) Handle(w http.ResponseWriter, r *http.Request) error {
blob, matched, err := processRequestOneOf(r,
[][]string{
{"domain"},
{"certificate"},
})
if err != nil {
log.Warningf("invalid request: %v", err)
return err
}
var result *bundler.Bundle
switch matched[0] {
case "domain":
bundle, err := h.bundler.BundleFromRemote(blob["domain"], blob["ip"])
if err != nil {
log.Warningf("couldn't bundle from remote: %v", err)
return errors.NewBadRequest(err)
}
result = bundle
case "certificate":
flavor := blob["flavor"]
var bf bundler.BundleFlavor = bundler.Ubiquitous
if flavor != "" {
bf = bundler.BundleFlavor(flavor)
}
bundle, err := h.bundler.BundleFromPEM([]byte(blob["certificate"]), []byte(blob["private_key"]), bf)
if err != nil {
log.Warning("bad PEM certifcate or private key")
return errors.NewBadRequest(err)
}
log.Infof("request for flavour %v", flavor)
result = bundle
}
response := newSuccessResponse(result)
w.Header().Set("Content-Type", "application/json")
enc := json.NewEncoder(w)
err = enc.Encode(response)
return err
}
// bundlerMain is the main CLI of bundler functionality.
// TODO(zi): Decide whether to drop the argument list and only use flags to specify all the inputs.
// There are debates on whether flag or arg is more appropriate for required parameters.
func bundlerMain(args []string) (err error) {
// Grab cert file through args only if flag values for cert and domain are absent
if Config.certFile == "" && Config.domain == "" {
Config.certFile, args, err = popFirstArgument(args)
if err != nil {
return
}
}
ubiquity.LoadPlatforms(Config.metadata)
flavor := bundler.BundleFlavor(Config.flavor)
// Initialize a bundler with CA bundle and intermediate bundle.
b, err := bundler.NewBundler(Config.caBundleFile, Config.intBundleFile)
if err != nil {
return
}
var bundle *bundler.Bundle
if Config.certFile != "" {
// Bundle the client cert
bundle, err = b.BundleFromFile(Config.certFile, Config.keyFile, flavor)
if err != nil {
return
}
} else if Config.domain != "" {
bundle, err = b.BundleFromRemote(Config.domain, Config.ip)
if err != nil {
return
}
}
marshaled, err := bundle.MarshalJSON()
if err != nil {
return
}
fmt.Printf("%s", marshaled)
return
}
