2021-05-03 19:48:20 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2022-03-30 12:21:39 +00:00
|
|
|
"net/http"
|
|
|
|
|
2021-07-22 21:48:41 +00:00
|
|
|
"github.com/smallstep/certificates/acme"
|
2021-05-03 19:48:20 +00:00
|
|
|
"github.com/smallstep/certificates/api"
|
|
|
|
"github.com/smallstep/certificates/authority/admin"
|
|
|
|
)
|
|
|
|
|
2021-12-08 14:19:38 +00:00
|
|
|
// Handler is the Admin API request handler.
|
2021-05-03 19:48:20 +00:00
|
|
|
type Handler struct {
|
2022-03-15 14:51:45 +00:00
|
|
|
adminDB admin.DB
|
|
|
|
auth adminAuthority
|
|
|
|
acmeDB acme.DB
|
|
|
|
acmeResponder acmeAdminResponderInterface
|
|
|
|
policyResponder policyAdminResponderInterface
|
2021-05-03 19:48:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewHandler returns a new Authority Config Handler.
|
2022-03-15 14:51:45 +00:00
|
|
|
func NewHandler(auth adminAuthority, adminDB admin.DB, acmeDB acme.DB, acmeResponder acmeAdminResponderInterface, policyResponder policyAdminResponderInterface) api.RouterHandler {
|
2021-07-22 21:48:41 +00:00
|
|
|
return &Handler{
|
2022-03-15 14:51:45 +00:00
|
|
|
auth: auth,
|
|
|
|
adminDB: adminDB,
|
|
|
|
acmeDB: acmeDB,
|
|
|
|
acmeResponder: acmeResponder,
|
|
|
|
policyResponder: policyResponder,
|
2021-07-22 21:48:41 +00:00
|
|
|
}
|
2021-05-03 19:48:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Route traffic and implement the Router interface.
|
|
|
|
func (h *Handler) Route(r api.Router) {
|
2022-03-15 14:51:45 +00:00
|
|
|
|
2022-03-30 12:21:39 +00:00
|
|
|
authnz := func(next http.HandlerFunc) http.HandlerFunc {
|
2022-03-21 14:53:59 +00:00
|
|
|
return h.extractAuthorizeTokenAdmin(h.requireAPIEnabled(next))
|
2021-05-03 19:48:20 +00:00
|
|
|
}
|
|
|
|
|
2022-03-30 12:21:39 +00:00
|
|
|
enabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {
|
2022-03-15 14:51:45 +00:00
|
|
|
return h.checkAction(next, true)
|
|
|
|
}
|
|
|
|
|
2022-03-30 12:21:39 +00:00
|
|
|
disabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {
|
2022-03-15 14:51:45 +00:00
|
|
|
return h.checkAction(next, false)
|
|
|
|
}
|
|
|
|
|
2022-03-31 14:12:29 +00:00
|
|
|
acmeEABMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
|
|
|
|
return authnz(h.loadProvisionerByName(h.requireEABEnabled(next)))
|
|
|
|
}
|
|
|
|
|
|
|
|
authorityPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
|
|
|
|
return authnz(enabledInStandalone(next))
|
|
|
|
}
|
|
|
|
|
|
|
|
provisionerPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
|
|
|
|
return authnz(disabledInStandalone(h.loadProvisionerByName(next)))
|
|
|
|
}
|
|
|
|
|
|
|
|
acmePolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
|
|
|
|
return authnz(disabledInStandalone(h.loadProvisionerByName(h.requireEABEnabled(next))))
|
|
|
|
}
|
|
|
|
|
2021-05-03 19:48:20 +00:00
|
|
|
// Provisioners
|
|
|
|
r.MethodFunc("GET", "/provisioners/{name}", authnz(h.GetProvisioner))
|
|
|
|
r.MethodFunc("GET", "/provisioners", authnz(h.GetProvisioners))
|
|
|
|
r.MethodFunc("POST", "/provisioners", authnz(h.CreateProvisioner))
|
|
|
|
r.MethodFunc("PUT", "/provisioners/{name}", authnz(h.UpdateProvisioner))
|
|
|
|
r.MethodFunc("DELETE", "/provisioners/{name}", authnz(h.DeleteProvisioner))
|
|
|
|
|
|
|
|
// Admins
|
|
|
|
r.MethodFunc("GET", "/admins/{id}", authnz(h.GetAdmin))
|
|
|
|
r.MethodFunc("GET", "/admins", authnz(h.GetAdmins))
|
|
|
|
r.MethodFunc("POST", "/admins", authnz(h.CreateAdmin))
|
|
|
|
r.MethodFunc("PATCH", "/admins/{id}", authnz(h.UpdateAdmin))
|
|
|
|
r.MethodFunc("DELETE", "/admins/{id}", authnz(h.DeleteAdmin))
|
2021-07-17 15:35:44 +00:00
|
|
|
|
2021-07-23 13:16:11 +00:00
|
|
|
// ACME External Account Binding Keys
|
2022-03-31 14:12:29 +00:00
|
|
|
r.MethodFunc("GET", "/acme/eab/{provisionerName}/{reference}", acmeEABMiddleware(h.acmeResponder.GetExternalAccountKeys))
|
|
|
|
r.MethodFunc("GET", "/acme/eab/{provisionerName}", acmeEABMiddleware(h.acmeResponder.GetExternalAccountKeys))
|
|
|
|
r.MethodFunc("POST", "/acme/eab/{provisionerName}", acmeEABMiddleware(h.acmeResponder.CreateExternalAccountKey))
|
|
|
|
r.MethodFunc("DELETE", "/acme/eab/{provisionerName}/{id}", acmeEABMiddleware(h.acmeResponder.DeleteExternalAccountKey))
|
2022-03-15 14:51:45 +00:00
|
|
|
|
|
|
|
// Policy - Authority
|
2022-03-31 14:12:29 +00:00
|
|
|
r.MethodFunc("GET", "/policy", authorityPolicyMiddleware(h.policyResponder.GetAuthorityPolicy))
|
|
|
|
r.MethodFunc("POST", "/policy", authorityPolicyMiddleware(h.policyResponder.CreateAuthorityPolicy))
|
|
|
|
r.MethodFunc("PUT", "/policy", authorityPolicyMiddleware(h.policyResponder.UpdateAuthorityPolicy))
|
|
|
|
r.MethodFunc("DELETE", "/policy", authorityPolicyMiddleware(h.policyResponder.DeleteAuthorityPolicy))
|
2022-03-15 14:51:45 +00:00
|
|
|
|
|
|
|
// Policy - Provisioner
|
2022-03-31 14:12:29 +00:00
|
|
|
r.MethodFunc("GET", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(h.policyResponder.GetProvisionerPolicy))
|
|
|
|
r.MethodFunc("POST", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(h.policyResponder.CreateProvisionerPolicy))
|
|
|
|
r.MethodFunc("PUT", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(h.policyResponder.UpdateProvisionerPolicy))
|
|
|
|
r.MethodFunc("DELETE", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(h.policyResponder.DeleteProvisionerPolicy))
|
2022-03-15 14:51:45 +00:00
|
|
|
|
|
|
|
// Policy - ACME Account
|
2022-03-31 14:12:29 +00:00
|
|
|
r.MethodFunc("GET", "/acme/policy/{provisionerName}/{accountID}", acmePolicyMiddleware(h.policyResponder.GetACMEAccountPolicy))
|
|
|
|
r.MethodFunc("POST", "/acme/policy/{provisionerName}/{accountID}", acmePolicyMiddleware(h.policyResponder.CreateACMEAccountPolicy))
|
|
|
|
r.MethodFunc("PUT", "/acme/policy/{provisionerName}/{accountID}", acmePolicyMiddleware(h.policyResponder.UpdateACMEAccountPolicy))
|
|
|
|
r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/{accountID}", acmePolicyMiddleware(h.policyResponder.DeleteACMEAccountPolicy))
|
2021-05-03 19:48:20 +00:00
|
|
|
}
|