certificates/api/crl.go

52 lines
1.2 KiB
Go

package api
import (
"encoding/pem"
"fmt"
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"net/http"
)
// CRL is an HTTP handler that returns the current CRL in DER or PEM format
func CRL(w http.ResponseWriter, r *http.Request) {
crlBytes, err := mustAuthority(r.Context()).GetCertificateRevocationList()
_, formatAsPEM := r.URL.Query()["pem"]
if err != nil {
caErr, isCaErr := err.(*errs.Error)
if isCaErr {
http.Error(w, caErr.Msg, caErr.Status)
return
}
w.WriteHeader(500)
_, err = fmt.Fprintf(w, "%v\n", err)
if err != nil {
panic(errors.Wrap(err, "error writing http response"))
}
return
}
if formatAsPEM {
pemBytes := pem.EncodeToMemory(&pem.Block{
Type: "X509 CRL",
Bytes: crlBytes,
})
w.Header().Add("Content-Type", "application/x-pem-file")
w.Header().Add("Content-Disposition", "attachment; filename=\"crl.pem\"")
_, err = w.Write(pemBytes)
} else {
w.Header().Add("Content-Type", "application/pkix-crl")
w.Header().Add("Content-Disposition", "attachment; filename=\"crl.der\"")
_, err = w.Write(crlBytes)
}
if err != nil {
panic(errors.Wrap(err, "error writing http response"))
}
}