Esempio n. 1
0
// serveFuzzyBlacklistCertificates serves certificates using a blacklist. The
// expected form of the URL is /generate/all/except/name1+name2+name3, where
// name1 and friends are the labels to exclude from the list.
//
// This uses fuzzy matching: specifically, if any of the label fragments
// passed appear in the label then a cert will be considered to match. This is
// not secure but is clean. Verify the output you get!
func serveFuzzyBlacklistCertificates(w http.ResponseWriter, r *http.Request) {
	exceptionsMap := getExceptionsFromPath(r.URL.Path, "/generate/all/except/")
	exceptions := make([]string, 0, len(exceptionsMap))
	for k, _ := range exceptionsMap {
		exceptions = append(exceptions, k)
	}

	w.Header().Set("Content-Type", "application/x-pem-file")

	certMapLock.RLock()
	certs.WriteCerts(w, certificates, certs.SubstringBlacklistMatcher(exceptions))
	certMapLock.RUnlock()
}
Esempio n. 2
0
// serveBlacklistCertificates serves certificates using a blacklist. The
// expected form of the URL is: /generate/all/except/. We expect a request
// body that contains a JSON list of exact labels to exclude.
func serveBlacklistCertificates(w http.ResponseWriter, r *http.Request) {
	exceptions, err := getExceptionsFromBody(r)
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	w.Header().Set("Content-Type", "application/x-pem-file")

	certMapLock.RLock()
	certs.WriteCerts(w, certificates, certs.BlacklistMatcher(exceptions))
	certMapLock.RUnlock()
}