// registerHandlers instantiates various handlers and associate them to corresponding endpoints.
func registerHandlers(c cli.Config) error {
log.Info("Setting up signer endpoint")
s, err := sign.SignerFromConfig(c)
if err != nil {
log.Warningf("sign and authsign endpoints are disabled: %v", err)
} else {
if signHandler, err := apisign.NewHandlerFromSigner(s); err == nil {
log.Info("Assigning handler to /sign")
http.Handle("/api/v1/cfssl/sign", signHandler)
} else {
log.Warningf("endpoint '/api/v1/cfssl/sign' is disabled: %v", err)
}
if signHandler, err := apisign.NewAuthHandlerFromSigner(s); err == nil {
log.Info("Assigning handler to /authsign")
http.Handle("/api/v1/cfssl/authsign", signHandler)
} else {
log.Warningf("endpoint '/api/v1/cfssl/authsign' is disabled: %v", err)
}
}
log.Info("Setting up info endpoint")
infoHandler, err := info.NewHandler(s)
if err != nil {
log.Warningf("endpoint '/api/v1/cfssl/info' is disabled: %v", err)
} else {
http.Handle("/api/v1/cfssl/info", infoHandler)
}
log.Info("Setting up new cert endpoint")
if err != nil {
log.Errorf("endpoint '/api/v1/cfssl/newcert' is disabled")
} else {
newCertGenerator := generator.NewCertGeneratorHandlerFromSigner(generator.CSRValidate, s)
http.Handle("/api/v1/cfssl/newcert", newCertGenerator)
}
log.Info("Setting up bundler endpoint")
bundleHandler, err := bundle.NewHandler(c.CABundleFile, c.IntBundleFile)
if err != nil {
log.Warningf("endpoint '/api/v1/cfssl/bundle' is disabled: %v", err)
} else {
http.Handle("/api/v1/cfssl/bundle", bundleHandler)
}
log.Info("Setting up CSR endpoint")
generatorHandler, err := generator.NewHandler(generator.CSRValidate)
if err != nil {
log.Errorf("Failed to set up CSR endpoint: %v", err)
return err
}
http.Handle("/api/v1/cfssl/newkey", generatorHandler)
log.Info("Setting up initial CA endpoint")
http.Handle("/api/v1/cfssl/init_ca", initca.NewHandler())
log.Info("Setting up scan endpoint")
http.Handle("/api/v1/cfssl/scan", scan.NewHandler())
log.Info("Setting up scaninfo endpoint")
http.Handle("/api/v1/cfssl/scaninfo", scan.NewInfoHandler())
log.Info("Handler set up complete.")
return nil
}
func gencertMain(args []string, c cli.Config) (err error) {
csrJSONFile, args, err := cli.PopFirstArgument(args)
if err != nil {
return
}
csrJSONFileBytes, err := cli.ReadStdin(csrJSONFile)
if err != nil {
return
}
var req csr.CertificateRequest
err = json.Unmarshal(csrJSONFileBytes, &req)
if err != nil {
return
}
if c.IsCA {
var key, cert []byte
cert, err = initca.NewFromPEM(&req, c.CAKeyFile)
if err != nil {
log.Errorf("%v\n", err)
log.Infof("generating a new CA key and certificate from CSR")
cert, key, err = initca.New(&req)
if err != nil {
return
}
}
cli.PrintCert(key, nil, cert)
} else {
if req.CA != nil {
err = errors.New("ca section only permitted in initca")
return
}
// Remote can be forced on the command line or in the config
if c.Remote == "" && c.CFG == nil {
if c.CAFile == "" {
log.Error("need a CA certificate (provide one with -ca)")
return
}
if c.CAKeyFile == "" {
log.Error("need a CA key (provide one with -ca-key)")
return
}
}
var key, csrBytes []byte
g := &csr.Generator{Validator: genkey.Validator}
csrBytes, key, err = g.ProcessRequest(&req)
if err != nil {
key = nil
return
}
s, err := sign.SignerFromConfig(c)
if err != nil {
return err
}
var cert []byte
req := signer.SignRequest{
Request: string(csrBytes),
Hosts: signer.SplitHosts(c.Hostname),
Profile: c.Profile,
Label: c.Label,
}
cert, err = s.Sign(req)
if err != nil {
return err
}
cli.PrintCert(key, csrBytes, cert)
}
return nil
}
