forked from TrueCloudLab/lego
169 lines
4.9 KiB
Go
169 lines
4.9 KiB
Go
package cloudflare
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"net/url"
|
|
"time"
|
|
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// OriginCACertificate represents a Cloudflare-issued certificate.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#cloudflare-ca
|
|
type OriginCACertificate struct {
|
|
ID string `json:"id"`
|
|
Certificate string `json:"certificate"`
|
|
Hostnames []string `json:"hostnames"`
|
|
ExpiresOn time.Time `json:"expires_on"`
|
|
RequestType string `json:"request_type"`
|
|
RequestValidity int `json:"requested_validity"`
|
|
CSR string `json:"csr"`
|
|
}
|
|
|
|
// OriginCACertificateListOptions represents the parameters used to list Cloudflare-issued certificates.
|
|
type OriginCACertificateListOptions struct {
|
|
ZoneID string
|
|
}
|
|
|
|
// OriginCACertificateID represents the ID of the revoked certificate from the Revoke Certificate endpoint.
|
|
type OriginCACertificateID struct {
|
|
ID string `json:"id"`
|
|
}
|
|
|
|
// originCACertificateResponse represents the response from the Create Certificate and the Certificate Details endpoints.
|
|
type originCACertificateResponse struct {
|
|
Response
|
|
Result OriginCACertificate `json:"result"`
|
|
}
|
|
|
|
// originCACertificateResponseList represents the response from the List Certificates endpoint.
|
|
type originCACertificateResponseList struct {
|
|
Response
|
|
Result []OriginCACertificate `json:"result"`
|
|
ResultInfo ResultInfo `json:"result_info"`
|
|
}
|
|
|
|
// originCACertificateResponseRevoke represents the response from the Revoke Certificate endpoint.
|
|
type originCACertificateResponseRevoke struct {
|
|
Response
|
|
Result OriginCACertificateID `json:"result"`
|
|
}
|
|
|
|
// CreateOriginCertificate creates a Cloudflare-signed certificate.
|
|
//
|
|
// This function requires api.APIUserServiceKey be set to your Certificates API key.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#cloudflare-ca-create-certificate
|
|
func (api *API) CreateOriginCertificate(certificate OriginCACertificate) (*OriginCACertificate, error) {
|
|
uri := "/certificates"
|
|
res, err := api.makeRequestWithAuthType(context.TODO(), "POST", uri, certificate, AuthUserService)
|
|
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errMakeRequestError)
|
|
}
|
|
|
|
var originResponse *originCACertificateResponse
|
|
|
|
err = json.Unmarshal(res, &originResponse)
|
|
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errUnmarshalError)
|
|
}
|
|
|
|
if !originResponse.Success {
|
|
return nil, errors.New(errRequestNotSuccessful)
|
|
}
|
|
|
|
return &originResponse.Result, nil
|
|
}
|
|
|
|
// OriginCertificates lists all Cloudflare-issued certificates.
|
|
//
|
|
// This function requires api.APIUserServiceKey be set to your Certificates API key.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#cloudflare-ca-list-certificates
|
|
func (api *API) OriginCertificates(options OriginCACertificateListOptions) ([]OriginCACertificate, error) {
|
|
v := url.Values{}
|
|
if options.ZoneID != "" {
|
|
v.Set("zone_id", options.ZoneID)
|
|
}
|
|
uri := "/certificates" + "?" + v.Encode()
|
|
res, err := api.makeRequestWithAuthType(context.TODO(), "GET", uri, nil, AuthUserService)
|
|
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errMakeRequestError)
|
|
}
|
|
|
|
var originResponse *originCACertificateResponseList
|
|
|
|
err = json.Unmarshal(res, &originResponse)
|
|
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errUnmarshalError)
|
|
}
|
|
|
|
if !originResponse.Success {
|
|
return nil, errors.New(errRequestNotSuccessful)
|
|
}
|
|
|
|
return originResponse.Result, nil
|
|
}
|
|
|
|
// OriginCertificate returns the details for a Cloudflare-issued certificate.
|
|
//
|
|
// This function requires api.APIUserServiceKey be set to your Certificates API key.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#cloudflare-ca-certificate-details
|
|
func (api *API) OriginCertificate(certificateID string) (*OriginCACertificate, error) {
|
|
uri := "/certificates/" + certificateID
|
|
res, err := api.makeRequestWithAuthType(context.TODO(), "GET", uri, nil, AuthUserService)
|
|
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errMakeRequestError)
|
|
}
|
|
|
|
var originResponse *originCACertificateResponse
|
|
|
|
err = json.Unmarshal(res, &originResponse)
|
|
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errUnmarshalError)
|
|
}
|
|
|
|
if !originResponse.Success {
|
|
return nil, errors.New(errRequestNotSuccessful)
|
|
}
|
|
|
|
return &originResponse.Result, nil
|
|
}
|
|
|
|
// RevokeOriginCertificate revokes a created certificate for a zone.
|
|
//
|
|
// This function requires api.APIUserServiceKey be set to your Certificates API key.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#cloudflare-ca-revoke-certificate
|
|
func (api *API) RevokeOriginCertificate(certificateID string) (*OriginCACertificateID, error) {
|
|
uri := "/certificates/" + certificateID
|
|
res, err := api.makeRequestWithAuthType(context.TODO(), "DELETE", uri, nil, AuthUserService)
|
|
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errMakeRequestError)
|
|
}
|
|
|
|
var originResponse *originCACertificateResponseRevoke
|
|
|
|
err = json.Unmarshal(res, &originResponse)
|
|
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errUnmarshalError)
|
|
}
|
|
|
|
if !originResponse.Success {
|
|
return nil, errors.New(errRequestNotSuccessful)
|
|
}
|
|
|
|
return &originResponse.Result, nil
|
|
|
|
}
|