// serveFuzzyBlacklistCertificates serves certificates using a blacklist. The
// expected form of the URL is /generate/all/except/name1+name2+name3, where
// name1 and friends are the labels to exclude from the list.
//
// This uses fuzzy matching: specifically, if any of the label fragments
// passed appear in the label then a cert will be considered to match. This is
// not secure but is clean. Verify the output you get!
func serveFuzzyBlacklistCertificates(w http.ResponseWriter, r *http.Request) {
exceptionsMap := getExceptionsFromPath(r.URL.Path, "/generate/all/except/")
exceptions := make([]string, 0, len(exceptionsMap))
for k, _ := range exceptionsMap {
exceptions = append(exceptions, k)
}
w.Header().Set("Content-Type", "application/x-pem-file")
certMapLock.RLock()
certs.WriteCerts(w, certificates, certs.SubstringBlacklistMatcher(exceptions))
certMapLock.RUnlock()
}
// serveBlacklistCertificates serves certificates using a blacklist. The
// expected form of the URL is: /generate/all/except/. We expect a request
// body that contains a JSON list of exact labels to exclude.
func serveBlacklistCertificates(w http.ResponseWriter, r *http.Request) {
exceptions, err := getExceptionsFromBody(r)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
w.Header().Set("Content-Type", "application/x-pem-file")
certMapLock.RLock()
certs.WriteCerts(w, certificates, certs.BlacklistMatcher(exceptions))
certMapLock.RUnlock()
}