Exemplo n.º 1
0
func PostCert(store *liftca.Store, r *ht.Request) *ht.Answer {
	ca, answer := ObtainCA(store, r)
	if answer != nil {
		return answer
	}
	certReq := &JSONCertRequest{}
	err := r.BodyAsJSON(certReq)
	if err != nil {
		return ht.Failure(err)
	}
	id, err := store.Add(true, ca.SerialNumber(), certReq.Host)
	if err != nil {
		return ht.Failure(err)
	}
	return ht.RedirectTo(CertUrl(ca.SerialNumber(), id))
}
Exemplo n.º 2
0
func PostCRL(store *liftca.Store, r *ht.Request) *ht.Answer {
	req := &JSONCRLRequest{}
	r.BodyAsJSON(req)
	certID, err := strconv.ParseInt(req.SerialNumber, 10, 64)
	if err != nil {
		return ht.Failure(err)
	}
	ca, answer := ObtainCA(store, r)
	if answer != nil {
		return answer
	}
	if p, _ := store.GetParent(certID); p != ca.SerialNumber() {
		return ht.Failure(fmt.Errorf("certificate %v does not belong to CA %v", certID, ca.SerialNumber()))
	}
	store.SetRevoked(certID, true)
	return ht.RedirectTo(CACRLURL(ca.SerialNumber()))
}
Exemplo n.º 3
0
func PostCA(store *liftca.Store, r *ht.Request) *ht.Answer {
	caReq := &JSONCARequest{}
	err := r.BodyAsJSON(caReq)
	if err != nil {
		return ht.Failure(err)
	}
	var id int64
	if caReq.PEMCertificate != "" || caReq.PEMKey != "" || caReq.PEMKeyPassword != "" {
		id, err = store.AddExistingCA(caReq.Visible, []byte(caReq.PEMCertificate), []byte(caReq.PEMKey), []byte(caReq.PEMKeyPassword))
	} else {
		id, err = store.AddCA(caReq.Visible, caReq.Name)
	}

	if err != nil {
		return ht.Failure(err)
	}
	return ht.RedirectTo(CAUrl(id))
}
Exemplo n.º 4
0
func GetCACRLPEMTXT(store *liftca.Store, r *ht.Request) *ht.Answer {
	ca, answer := ObtainCA(store, r)
	if answer != nil {
		return answer
	}
	revoked := store.GetRevokedChildren(ca.SerialNumber())
	crl, err := ca.PEMCRL(revoked)
	if err != nil {
		return ht.Failure(err)
	}
	return ht.Read("text/plain", crl)
}
Exemplo n.º 5
0
func GetCACRLCER(store *liftca.Store, r *ht.Request) *ht.Answer {
	ca, answer := ObtainCA(store, r)
	if answer != nil {
		return answer
	}
	revoked := store.GetRevokedChildren(ca.SerialNumber())
	crl, err := ca.DERCRL(revoked)
	if err != nil {
		return ht.Failure(err)
	}
	return ht.Read("application/pkix-crl", crl)
}
Exemplo n.º 6
0
func ObtainCAAndCert(store *liftca.Store, r *ht.Request) (*liftca.Parcel, *liftca.Parcel, *ht.Answer) {
	ca, answer := ObtainCA(store, r)
	if answer != nil {
		return nil, nil, answer
	}

	certID, err := r.VarInt64("cert_id")
	if err != nil {
		return nil, nil, ht.Failure(err)
	}
	cert, found := store.Get(certID)
	if !found {
		return nil, nil, ht.NotFound()
	}
	parent, _ := store.GetParent(certID)
	if parent != ca.SerialNumber() {
		return nil, nil, ht.Failure(fmt.Errorf("certificate %v does not belong to CA %v", certID, ca.SerialNumber()))
	}

	return ca, cert, nil
}
Exemplo n.º 7
0
func ObtainCA(store *liftca.Store, r *ht.Request) (*liftca.Parcel, *ht.Answer) {
	caID, err := r.VarInt64("ca_id")
	if err != nil {
		return nil, ht.Failure(err)
	}
	auth, found := store.Get(caID)
	if !found {
		return nil, ht.NotFound()
	}

	if _, found := store.GetParent(caID); found {
		return nil, ht.NotFound()
	}

	return auth, nil
}