// serveFuzzyBlacklistCertificates serves certificates using a blacklist. The // expected form of the URL is /generate/all/except/name1+name2+name3, where // name1 and friends are the labels to exclude from the list. // // This uses fuzzy matching: specifically, if any of the label fragments // passed appear in the label then a cert will be considered to match. This is // not secure but is clean. Verify the output you get! func serveFuzzyBlacklistCertificates(w http.ResponseWriter, r *http.Request) { exceptionsMap := getExceptionsFromPath(r.URL.Path, "/generate/all/except/") exceptions := make([]string, 0, len(exceptionsMap)) for k, _ := range exceptionsMap { exceptions = append(exceptions, k) } w.Header().Set("Content-Type", "application/x-pem-file") certMapLock.RLock() certs.WriteCerts(w, certificates, certs.SubstringBlacklistMatcher(exceptions)) certMapLock.RUnlock() }
// serveBlacklistCertificates serves certificates using a blacklist. The // expected form of the URL is: /generate/all/except/. We expect a request // body that contains a JSON list of exact labels to exclude. func serveBlacklistCertificates(w http.ResponseWriter, r *http.Request) { exceptions, err := getExceptionsFromBody(r) if err != nil { w.WriteHeader(http.StatusBadRequest) return } w.Header().Set("Content-Type", "application/x-pem-file") certMapLock.RLock() certs.WriteCerts(w, certificates, certs.BlacklistMatcher(exceptions)) certMapLock.RUnlock() }