diff options
| author | Matthew Holt <mholt@users.noreply.github.com> | 2022-03-02 13:00:37 -0700 |
|---|---|---|
| committer | Matthew Holt <mholt@users.noreply.github.com> | 2022-03-02 13:00:37 -0700 |
| commit | 78e381b29f64c07a0572a172ff5f89876e8d84db (patch) | |
| tree | ce6802c3728614b693be17aa40ae9695361f119f /modules/caddypki/command.go | |
| parent | de490c7cadc8c17759f747f5bb554967454c6529 (diff) | |
caddypki: Refactor /pki/ admin endpoints
Remove /pki/certificates/<ca> endpoint and split into two endpoints:
- GET /pki/ca/<id> to get CA info and certs in JSON format
- GET /pki/ca/<id>/certificates to get cert in PEM chain
Diffstat (limited to 'modules/caddypki/command.go')
| -rw-r--r-- | modules/caddypki/command.go | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index fa37ab0..4744c68 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -22,6 +22,7 @@ import ( "fmt" "net/http" "os" + "path" "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" @@ -132,7 +133,7 @@ func cmdTrust(fl caddycmd.Flags) (int, error) { ca := CA{ log: caddy.Log(), root: rootCert, - rootCertPath: adminAddr + adminPKICertificatesEndpoint + caID, + rootCertPath: adminAddr + path.Join(adminPKIEndpointBase, caID, "certificates"), } // Install the cert! @@ -204,9 +205,9 @@ func cmdUntrust(fl caddycmd.Flags) (int, error) { return caddy.ExitCodeSuccess, nil } -// rootCertFromAdmin makes the API request to fetch the +// rootCertFromAdmin makes the API request to fetch the root certificate for the named CA via admin API. func rootCertFromAdmin(adminAddr string, caID string) (*x509.Certificate, error) { - uri := adminPKICertificatesEndpoint + caID + uri := path.Join(adminPKIEndpointBase, caID, "certificates") // Make the request to fetch the CA info resp, err := caddycmd.AdminAPIRequest(adminAddr, http.MethodGet, uri, make(http.Header), nil) @@ -216,14 +217,14 @@ func rootCertFromAdmin(adminAddr string, caID string) (*x509.Certificate, error) defer resp.Body.Close() // Decode the resposne - caInfo := new(CAInfo) + caInfo := new(caInfo) err = json.NewDecoder(resp.Body).Decode(caInfo) if err != nil { return nil, fmt.Errorf("failed to decode JSON response: %v", err) } - // Decode the root - rootBlock, _ := pem.Decode([]byte(caInfo.Root)) + // Decode the root cert + rootBlock, _ := pem.Decode([]byte(caInfo.RootCert)) if rootBlock == nil { return nil, fmt.Errorf("failed to decode root certificate: %v", err) } |