Skip to content

Commit c5155cb

Browse files
djthorpedjthorpe
committed
Updated certmanager
1 parent b7d228d commit c5155cb

File tree

1 file changed

+44
-1
lines changed

1 file changed

+44
-1
lines changed

pkg/handler/certmanager/endpoints.go

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,13 +45,15 @@ var _ server.ServiceEndpoints = (*certmanager)(nil)
4545
// GLOBALS
4646

4747
const (
48-
jsonIndent = 2
48+
jsonIndent = 2
49+
mimetypePem = "application/x-pem-file"
4950
)
5051

5152
var (
5253
reRoot = regexp.MustCompile(`^/?$`)
5354
reCA = regexp.MustCompile(`^/ca/?$`)
5455
reSerial = regexp.MustCompile(`^/([0-9]+)/?$`)
56+
rePem = regexp.MustCompile(`^/([0-9]+)/(cert\.pem|key\.pem)?$`)
5557
)
5658

5759
///////////////////////////////////////////////////////////////////////////////
@@ -86,6 +88,13 @@ func (service *certmanager) AddEndpoints(ctx context.Context, r server.Router) {
8688
// Description: Read a certificate by serial number
8789
r.AddHandlerFuncRe(ctx, reSerial, service.reqGetCert, http.MethodGet).(router.Route).
8890
SetScope(service.ScopeRead()...)
91+
92+
// Path: /<serial>/key or /<serial>/cert
93+
// Methods: GET
94+
// Scopes: read
95+
// Description: Read a PEM file for a certificate or key by serial number
96+
r.AddHandlerFuncRe(ctx, rePem, service.reqGetCertPEM, http.MethodGet).(router.Route).
97+
SetScope(service.ScopeRead()...)
8998
}
9099

91100
///////////////////////////////////////////////////////////////////////////////
@@ -145,6 +154,40 @@ func (service *certmanager) reqGetCert(w http.ResponseWriter, r *http.Request) {
145154
httpresponse.JSON(w, respCert, http.StatusOK, jsonIndent)
146155
}
147156

157+
// Get a certificate or CA
158+
func (service *certmanager) reqGetCertPEM(w http.ResponseWriter, r *http.Request) {
159+
urlParameters := router.Params(r.Context())
160+
161+
// Get the certificate
162+
cert, err := service.Read(urlParameters[0])
163+
if errors.Is(err, ErrNotFound) {
164+
httpresponse.Error(w, http.StatusNotFound, err.Error())
165+
return
166+
} else if err != nil {
167+
httpresponse.Error(w, http.StatusInternalServerError, err.Error())
168+
return
169+
}
170+
171+
// Key or Cert
172+
w.Header().Set("Content-Type", mimetypePem)
173+
switch urlParameters[1] {
174+
case "cert":
175+
if err := cert.WriteCertificate(w); err != nil {
176+
httpresponse.Error(w, http.StatusInternalServerError, err.Error())
177+
return
178+
}
179+
case "key":
180+
if cert.IsCA() {
181+
httpresponse.Error(w, http.StatusForbidden, "Cannot return private key for CA")
182+
return
183+
}
184+
if err := cert.WritePrivateKey(w); err != nil {
185+
httpresponse.Error(w, http.StatusInternalServerError, err.Error())
186+
return
187+
}
188+
}
189+
}
190+
148191
// Create a new certificate authority
149192
func (service *certmanager) reqCreateCA(w http.ResponseWriter, r *http.Request) {
150193
var req reqCreateCA

0 commit comments

Comments
 (0)