Пример #1
0
// newHandler generates a new sign handler (or info handler) using the certificate
// authority private key and certficate to sign certificates.
func newHandler(t *testing.T, caFile, caKeyFile, op string) (http.Handler, error) {
	var expiry = 1 * time.Minute
	var CAConfig = &config.Config{
		Signing: &config.Signing{
			Profiles: map[string]*config.SigningProfile{
				"signature": &config.SigningProfile{
					Usage:  []string{"digital signature"},
					Expiry: expiry,
				},
			},
			Default: &config.SigningProfile{
				Usage:        []string{"cert sign", "crl sign"},
				ExpiryString: "43800h",
				Expiry:       expiry,
				CA:           true,
				UseSerialSeq: true,
			},
		},
	}
	s, err := local.NewSignerFromFile(testCaFile, testCaKeyFile, CAConfig.Signing)
	if err != nil {
		t.Fatal(err)
	}
	if op == "sign" {
		return NewSignHandlerFromSigner(s)
	} else if op == "info" {
		return info.NewHandler(s)
	}

	t.Fatal("Bad op code")
	return nil, nil
}
Пример #2
0
// registerHandlers instantiates various handlers and associate them to corresponding endpoints.
func registerHandlers(c cli.Config) error {
	log.Info("Setting up signer endpoint")
	s, err := sign.SignerFromConfig(c)
	if err != nil {
		log.Warningf("sign and authsign endpoints are disabled: %v", err)
	} else {
		if signHandler, err := apisign.NewHandlerFromSigner(s); err == nil {
			log.Info("Assigning handler to /sign")
			http.Handle("/api/v1/cfssl/sign", signHandler)
		} else {
			log.Warningf("endpoint '/api/v1/cfssl/sign' is disabled: %v", err)
		}

		if signHandler, err := apisign.NewAuthHandlerFromSigner(s); err == nil {
			log.Info("Assigning handler to /authsign")
			http.Handle("/api/v1/cfssl/authsign", signHandler)
		} else {
			log.Warningf("endpoint '/api/v1/cfssl/authsign' is disabled: %v", err)
		}
	}

	log.Info("Setting up info endpoint")
	infoHandler, err := info.NewHandler(s)
	if err != nil {
		log.Warningf("endpoint '/api/v1/cfssl/info' is disabled: %v", err)
	} else {
		http.Handle("/api/v1/cfssl/info", infoHandler)
	}

	log.Info("Setting up new cert endpoint")
	if err != nil {
		log.Errorf("endpoint '/api/v1/cfssl/newcert' is disabled")
	} else {
		newCertGenerator := generator.NewCertGeneratorHandlerFromSigner(generator.CSRValidate, s)
		http.Handle("/api/v1/cfssl/newcert", newCertGenerator)
	}

	log.Info("Setting up bundler endpoint")
	bundleHandler, err := bundle.NewHandler(c.CABundleFile, c.IntBundleFile)
	if err != nil {
		log.Warningf("endpoint '/api/v1/cfssl/bundle' is disabled: %v", err)
	} else {
		http.Handle("/api/v1/cfssl/bundle", bundleHandler)
	}

	log.Info("Setting up CSR endpoint")
	generatorHandler, err := generator.NewHandler(generator.CSRValidate)
	if err != nil {
		log.Errorf("Failed to set up CSR endpoint: %v", err)
		return err
	}
	http.Handle("/api/v1/cfssl/newkey", generatorHandler)

	log.Info("Setting up initial CA endpoint")
	http.Handle("/api/v1/cfssl/init_ca", initca.NewHandler())

	log.Info("Setting up scan endpoint")
	http.Handle("/api/v1/cfssl/scan", scan.NewHandler())

	log.Info("Setting up scaninfo endpoint")
	http.Handle("/api/v1/cfssl/scaninfo", scan.NewInfoHandler())

	log.Info("Handler set up complete.")
	return nil
}