2021-10-30 07:52:50 +00:00
|
|
|
package api
|
|
|
|
|
2021-11-02 05:26:07 +00:00
|
|
|
import (
|
|
|
|
"encoding/pem"
|
2021-11-04 06:05:07 +00:00
|
|
|
"fmt"
|
|
|
|
"github.com/pkg/errors"
|
2022-04-05 03:19:13 +00:00
|
|
|
"github.com/smallstep/certificates/errs"
|
2021-11-02 05:26:07 +00:00
|
|
|
"net/http"
|
|
|
|
)
|
2021-10-30 07:52:50 +00:00
|
|
|
|
2021-11-04 06:05:07 +00:00
|
|
|
// CRL is an HTTP handler that returns the current CRL in DER or PEM format
|
2021-10-30 07:52:50 +00:00
|
|
|
func (h *caHandler) CRL(w http.ResponseWriter, r *http.Request) {
|
2021-11-04 06:05:07 +00:00
|
|
|
crlBytes, err := h.Authority.GetCertificateRevocationList()
|
|
|
|
|
|
|
|
_, formatAsPEM := r.URL.Query()["pem"]
|
2021-10-30 07:52:50 +00:00
|
|
|
|
|
|
|
if err != nil {
|
2022-04-05 03:19:13 +00:00
|
|
|
|
|
|
|
caErr, isCaErr := err.(*errs.Error)
|
|
|
|
|
|
|
|
if isCaErr {
|
|
|
|
http.Error(w, caErr.Msg, caErr.Status)
|
|
|
|
return
|
2021-11-04 06:05:07 +00:00
|
|
|
}
|
2021-10-30 07:52:50 +00:00
|
|
|
|
2022-04-05 03:19:13 +00:00
|
|
|
w.WriteHeader(500)
|
|
|
|
_, err = fmt.Fprintf(w, "%v\n", err)
|
2021-11-04 06:05:07 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(errors.Wrap(err, "error writing http response"))
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if formatAsPEM {
|
|
|
|
pemBytes := pem.EncodeToMemory(&pem.Block{
|
|
|
|
Type: "X509 CRL",
|
|
|
|
Bytes: crlBytes,
|
|
|
|
})
|
|
|
|
w.Header().Add("Content-Type", "application/x-pem-file")
|
|
|
|
w.Header().Add("Content-Disposition", "attachment; filename=\"crl.pem\"")
|
|
|
|
_, err = w.Write(pemBytes)
|
|
|
|
} else {
|
|
|
|
w.Header().Add("Content-Type", "application/pkix-crl")
|
|
|
|
w.Header().Add("Content-Disposition", "attachment; filename=\"crl.der\"")
|
|
|
|
_, err = w.Write(crlBytes)
|
|
|
|
}
|
2021-11-02 05:26:07 +00:00
|
|
|
|
2021-11-04 06:05:07 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(errors.Wrap(err, "error writing http response"))
|
|
|
|
}
|
|
|
|
|
2021-10-30 07:52:50 +00:00
|
|
|
}
|