Commit ed791622 authored by Heiko Reese's avatar Heiko Reese
Browse files

Added public and internal download handlers

parent 6433cc88
......@@ -4,10 +4,6 @@ import (
_ "encoding/json"
"flag"
"fmt"
. "git.scc.kit.edu/KIT-CA/websearch"
"github.com/gorilla/mux"
_ "github.com/k0kubun/pp"
"github.com/satori/go.uuid"
"log"
"net"
"net/http"
......@@ -17,6 +13,11 @@ import (
"sort"
"strings"
"time"
. "git.scc.kit.edu/KIT-CA/websearch"
"github.com/gorilla/mux"
_ "github.com/k0kubun/pp"
"github.com/satori/go.uuid"
)
const (
......@@ -33,9 +34,9 @@ var (
certRepoDir string
webrootDir string
watcherDone chan bool
initialBatchDone chan bool = make(chan bool, 1)
initialBatchDone = make(chan bool, 1)
newFileChan chan string
AllWatchers map[int]*AttributeState
allWatchers map[int]*AttributeState
)
func init() {
......@@ -91,12 +92,12 @@ func pubsearchHandler(w http.ResponseWriter, r *http.Request) {
http.Error(w, err.Error(), http.StatusBadRequest)
}
query := r.Form.Get("q")
filter := MakePublicSearchFilter(query, AllWatchers[WatchVisibile])
filter := MakePublicSearchFilter(query, allWatchers[WatchVisibile])
results := ccache.Filter(filter)
sort.Sort(results)
w.Header().Set("cache-control", "no-store")
w.Header().Set("Content-Type", "application/json")
w.Write(results.JSONString(AllWatchers))
w.Write(results.JSONString(allWatchers))
}
func searchHandler(w http.ResponseWriter, r *http.Request) {
......@@ -110,7 +111,7 @@ func searchHandler(w http.ResponseWriter, r *http.Request) {
sort.Sort(results)
w.Header().Set("cache-control", "no-store")
w.Header().Set("Content-Type", "application/json")
w.Write(results.JSONString(AllWatchers))
w.Write(results.JSONString(allWatchers))
}
func downloadHandler(w http.ResponseWriter, r *http.Request) {
......@@ -124,17 +125,49 @@ func downloadHandler(w http.ResponseWriter, r *http.Request) {
log.Printf("[%s] unable to process request %s, serial %s not in cache", uuid4, r.URL.String(), serial)
errormsg := "Invalid serial number " + serial + " (errorid " + uuid4 + ")"
http.Error(w, errormsg, http.StatusBadRequest)
} else {
switch format {
case "pem":
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.pem", serial))
w.Header().Set("Content-Type", "application/x-pem-file")
w.Write(cert.GetPEM())
case "der":
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.crt", serial))
w.Header().Set("Content-Type", "application/x-x509-user-cert")
w.Write(cert.GetDER())
}
}
switch format {
case "der":
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.crt", serial))
w.Header().Set("Content-Type", "application/x-x509-user-cert")
w.Write(cert.GetDER())
case "pem":
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.pem", serial))
w.Header().Set("Content-Type", "application/x-pem-file")
w.Write(cert.GetPEM())
}
}
func pubDownloadHandler(w http.ResponseWriter, r *http.Request) {
var (
format = mux.Vars(r)["format"]
serial = mux.Vars(r)["serial"]
)
cert := ccache.Get(serial)
if cert == nil {
uuid4 := uuid.NewV4().String()
log.Printf("[%s] unable to process request %s, serial %s not in cache", uuid4, r.URL.String(), serial)
errormsg := "Invalid serial number " + serial + " (errorid " + uuid4 + ")"
http.Error(w, errormsg, http.StatusBadRequest)
return
}
// check if certificate is public
if allWatchers[WatchVisibile].Is(cert.Serial, Public) == false {
uuid4 := uuid.NewV4().String()
//log.Printf("[%s] certificate %s, serial %s not public", uuid4, r.URL.String(), serial)
errormsg := "Certificate " + serial + " is not public (errorid " + uuid4 + "), authorization required for download."
http.Error(w, errormsg, http.StatusUnauthorized)
return
}
switch format {
case "der":
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.crt", serial))
w.Header().Set("Content-Type", "application/x-x509-user-cert")
w.Write(cert.GetDER())
case "pem":
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.pem", serial))
w.Header().Set("Content-Type", "application/x-pem-file")
w.Write(cert.GetPEM())
}
}
......@@ -145,11 +178,11 @@ func emailtocertHandler(w http.ResponseWriter, r *http.Request) {
// only valid certs
results = results.Filter(
func(c *SearchableCert) bool {
return AllWatchers[WatchValid].Is(c.Serial, Valid) && c.NotAfter.After(time.Now())
return allWatchers[WatchValid].Is(c.Serial, Valid) && c.NotAfter.After(time.Now())
})
w.Header().Set("cache-control", "no-store")
w.Header().Set("Content-Type", "application/json")
w.Write(results.JSONString(AllWatchers))
w.Write(results.JSONString(allWatchers))
}
func main() {
......@@ -163,7 +196,7 @@ func main() {
log.Println(ccache.Len(), "certificates have been loaded into the certificate cache.")
// handle Validity change
AllWatchers = CreateAllWatchers(certRepoDir)
allWatchers = CreateAllWatchers(certRepoDir)
// create http interface
r := mux.NewRouter()
......@@ -186,7 +219,12 @@ func main() {
HandlerFunc(searchHandler)
// add download handler
r.Path("/download/{format:pem|der|text}/{serial:[0-9]+}").
r.Path("/pubdownload/{format:pem|der}/{serial:[0-9]+}").
Methods("GET").
HandlerFunc(pubDownloadHandler)
// add internal download handler
r.Path("/download/{format:pem|der}/{serial:[0-9]+}").
Methods("GET").
HandlerFunc(downloadHandler)
......@@ -199,9 +237,9 @@ func main() {
r.Path("/dumpreq").
Methods("GET").
HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
requestDump, err := httputil.DumpRequest(r, true)
if err != nil {
log.Print(err)
requestDump, requestErr := httputil.DumpRequest(r, true)
if requestErr != nil {
log.Print(requestErr)
}
w.Header().Set("content-type", "text/plain")
w.Write(requestDump)
......@@ -213,9 +251,9 @@ func main() {
// DEBUG: add notfound handler
r.NotFoundHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
requestDump, err := httputil.DumpRequest(r, true)
if err != nil {
log.Print(err)
requestDump, requestErr := httputil.DumpRequest(r, true)
if requestErr != nil {
log.Print(requestErr)
}
w.Header().Set("content-type", "text/plain")
w.Write(requestDump)
......@@ -223,11 +261,12 @@ func main() {
})
log.Printf("Serving %s via %s", modeArg, localaddr)
var listener net.Listener
switch mode {
case local:
err = http.ListenAndServe(localaddr, r)
case tcp:
listener, err := net.Listen("tcp", localaddr)
listener, err = net.Listen("tcp", localaddr)
if err != nil {
log.Fatal(err)
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment