// newHandler generates a new sign handler (or info handler) using the certificate
// authority private key and certficate to sign certificates.
func newHandler(t *testing.T, caFile, caKeyFile, op string) (http.Handler, error) {
var expiry = 1 * time.Minute
var CAConfig = &config.Config{
Signing: &config.Signing{
Profiles: map[string]*config.SigningProfile{
"signature": &config.SigningProfile{
Usage: []string{"digital signature"},
Expiry: expiry,
},
},
Default: &config.SigningProfile{
Usage: []string{"cert sign", "crl sign"},
ExpiryString: "43800h",
Expiry: expiry,
CA: true,
UseSerialSeq: true,
},
},
}
s, err := local.NewSignerFromFile(testCaFile, testCaKeyFile, CAConfig.Signing)
if err != nil {
t.Fatal(err)
}
if op == "sign" {
return NewSignHandlerFromSigner(s)
} else if op == "info" {
return info.NewHandler(s)
}
t.Fatal("Bad op code")
return nil, nil
}
// registerHandlers instantiates various handlers and associate them to corresponding endpoints.
func registerHandlers(c cli.Config) error {
log.Info("Setting up signer endpoint")
s, err := sign.SignerFromConfig(c)
if err != nil {
log.Warningf("sign and authsign endpoints are disabled: %v", err)
} else {
if signHandler, err := apisign.NewHandlerFromSigner(s); err == nil {
log.Info("Assigning handler to /sign")
http.Handle("/api/v1/cfssl/sign", signHandler)
} else {
log.Warningf("endpoint '/api/v1/cfssl/sign' is disabled: %v", err)
}
if signHandler, err := apisign.NewAuthHandlerFromSigner(s); err == nil {
log.Info("Assigning handler to /authsign")
http.Handle("/api/v1/cfssl/authsign", signHandler)
} else {
log.Warningf("endpoint '/api/v1/cfssl/authsign' is disabled: %v", err)
}
}
log.Info("Setting up info endpoint")
infoHandler, err := info.NewHandler(s)
if err != nil {
log.Warningf("endpoint '/api/v1/cfssl/info' is disabled: %v", err)
} else {
http.Handle("/api/v1/cfssl/info", infoHandler)
}
log.Info("Setting up new cert endpoint")
if err != nil {
log.Errorf("endpoint '/api/v1/cfssl/newcert' is disabled")
} else {
newCertGenerator := generator.NewCertGeneratorHandlerFromSigner(generator.CSRValidate, s)
http.Handle("/api/v1/cfssl/newcert", newCertGenerator)
}
log.Info("Setting up bundler endpoint")
bundleHandler, err := bundle.NewHandler(c.CABundleFile, c.IntBundleFile)
if err != nil {
log.Warningf("endpoint '/api/v1/cfssl/bundle' is disabled: %v", err)
} else {
http.Handle("/api/v1/cfssl/bundle", bundleHandler)
}
log.Info("Setting up CSR endpoint")
generatorHandler, err := generator.NewHandler(generator.CSRValidate)
if err != nil {
log.Errorf("Failed to set up CSR endpoint: %v", err)
return err
}
http.Handle("/api/v1/cfssl/newkey", generatorHandler)
log.Info("Setting up initial CA endpoint")
http.Handle("/api/v1/cfssl/init_ca", initca.NewHandler())
log.Info("Setting up scan endpoint")
http.Handle("/api/v1/cfssl/scan", scan.NewHandler())
log.Info("Setting up scaninfo endpoint")
http.Handle("/api/v1/cfssl/scaninfo", scan.NewInfoHandler())
log.Info("Handler set up complete.")
return nil
}