// NewAuthHandler generates a new AuthHandler using the certificate
// authority private key and certficate to sign certificates. If remote
// is not an empty string, the handler will send signature requests to
// the CFSSL instance contained in remote by default.
func NewAuthHandler(caFile, caKeyFile string, policy *config.Signing) (http.Handler, error) {
root := universal.Root{
Config: map[string]string{
"cert-file": caFile,
"key-file": caKeyFile,
},
}
s, err := universal.NewSigner(root, policy)
if err != nil {
log.Errorf("setting up signer failed: %v", err)
return nil, err
}
return signhandler.NewAuthHandlerFromSigner(s)
}
var errBadSigner = errors.New("signer not initialized")
var errNoCertDBConfigured = errors.New("cert db not configured (missing -db-config)")
var endpoints = map[string]func() (http.Handler, error){
"sign": func() (http.Handler, error) {
if s == nil {
return nil, errBadSigner
}
return signhandler.NewHandlerFromSigner(s)
},
"authsign": func() (http.Handler, error) {
if s == nil {
return nil, errBadSigner
}
return signhandler.NewAuthHandlerFromSigner(s)
},
"info": func() (http.Handler, error) {
if s == nil {
return nil, errBadSigner
}
return info.NewHandler(s)
},
"gencrl": func() (http.Handler, error) {
if s == nil {
return nil, errBadSigner
}
return crl.NewHandler(), nil
},