forked from cloudflare/cfssl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcfssl_serve.go
101 lines (83 loc) · 3.07 KB
/
cfssl_serve.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package main
import (
"errors"
"fmt"
"net/http"
"github.com/cloudflare/cfssl/api"
"github.com/cloudflare/cfssl/bundler"
"github.com/cloudflare/cfssl/log"
"github.com/cloudflare/cfssl/ubiquity"
)
// Usage text of 'cfssl serve'
var serverUsageText = `cfssl serve -- set up a HTTP server handles CF SSL requests
Usage of serve:
cfssl serve [-address address] [-ca cert] [-ca-bundle bundle] \
[-ca-key key] [-int-bundle bundle] [-port port] [-metadata file]
Flags:
`
// Flags used by 'cfssl serve'
var serverFlags = []string{"address", "port", "ca", "ca-key", "ca-bundle", "int-bundle", "int-dir", "metadata", "remote", "f"}
// registerHandlers instantiates various handlers and assoicate them to corresponding endpoints.
func registerHandlers() error {
log.Info("Setting up signer endpoint")
signHandler, err := api.NewSignHandler(Config.caFile, Config.caKeyFile)
if err != nil {
log.Warningf("endpoint '/api/v1/cfssl/sign' is disabled: %v", err)
} else {
http.Handle("/api/v1/cfssl/sign", signHandler)
}
log.Info("Setting up bundler endpoint")
bundleHandler, err := api.NewBundleHandler(Config.caBundleFile, Config.intBundleFile)
if err != nil {
log.Warningf("endpoint '/api/v1/cfssl/bundle' is disabled: %v", err)
} else {
http.Handle("/api/v1/cfssl/bundle", bundleHandler)
}
log.Info("Setting up CSR endpoint")
generatorHandler, err := api.NewGeneratorHandler(api.CSRValidate)
if err != nil {
log.Errorf("Failed to set up CSR endpoint: %v", err)
return err
}
http.Handle("/api/v1/cfssl/newkey", generatorHandler)
log.Info("Setting up new cert endpoint")
newCertGenerator, err := api.NewCertGeneratorHandler(api.CSRValidate,
Config.caFile, Config.caKeyFile)
if err != nil {
log.Errorf("endpoint '/api/v1/cfssl/newcert' is disabled")
} else {
http.Handle("/api/v1/cfssl/newcert", newCertGenerator)
}
log.Info("Setting up initial CA endpoint")
http.Handle("/api/v1/cfssl/init_ca", api.NewInitCAHandler())
if Config.remote != "" {
log.Info("Remote CFSSL endpoint given, setting up remote certificate generator")
if rcg, err := api.NewRemoteCertGenerator(api.CSRValidate, Config.remote); err != nil {
log.Errorf("Failed to set up remote certificate generator: %v", err)
return err
} else {
http.Handle("/api/v1/cfssl/remotecert", rcg)
}
}
log.Info("Handler set up complete.")
return nil
}
// serverMain is the command line entry point to the API server. It sets up a
// new HTTP server to handle sign, bundle, and validate requests.
func serverMain(args []string) error {
// serve doesn't support arguments.
if len(args) > 0 {
return errors.New("Arguments is provided but not defined. Please refer to the usage by flag -h.")
}
bundler.IntermediateStash = Config.intDir
ubiquity.LoadPlatforms(Config.metadata)
err := registerHandlers()
if err != nil {
return err
}
addr := fmt.Sprintf("%s:%d", Config.address, Config.port)
log.Info("Now listening on ", addr)
return http.ListenAndServe(addr, nil)
}
// CLIServer assembles the definition of Command 'serve'
var CLIServer = &Command{serverUsageText, serverFlags, serverMain}