2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2021-08-17 22:03:28 +00:00
|
|
|
|
2022-06-06 20:52:52 +00:00
|
|
|
//go:build !ios && !android && !js
|
2021-08-17 22:03:28 +00:00
|
|
|
|
|
|
|
package localapi
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
2023-02-01 21:43:06 +00:00
|
|
|
"strings"
|
2021-08-17 22:03:28 +00:00
|
|
|
|
2022-11-08 04:49:46 +00:00
|
|
|
"tailscale.com/ipn/ipnlocal"
|
2021-08-17 22:03:28 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func (h *Handler) serveCert(w http.ResponseWriter, r *http.Request) {
|
2022-01-25 18:33:11 +00:00
|
|
|
if !h.PermitWrite && !h.PermitCert {
|
2021-08-17 22:03:28 +00:00
|
|
|
http.Error(w, "cert access denied", http.StatusForbidden)
|
|
|
|
return
|
|
|
|
}
|
2023-02-01 21:43:06 +00:00
|
|
|
domain, ok := strings.CutPrefix(r.URL.Path, "/localapi/v0/cert/")
|
2022-09-16 05:08:45 +00:00
|
|
|
if !ok {
|
2021-08-17 22:03:28 +00:00
|
|
|
http.Error(w, "internal handler config wired wrong", 500)
|
|
|
|
return
|
|
|
|
}
|
2022-11-08 05:26:26 +00:00
|
|
|
pair, err := h.b.GetCertPEM(r.Context(), domain)
|
2022-11-08 04:49:46 +00:00
|
|
|
if err != nil {
|
2022-11-08 05:26:26 +00:00
|
|
|
// TODO(bradfitz): 500 is a little lazy here. The errors returned from
|
|
|
|
// GetCertPEM (and everywhere) should carry info info to get whether
|
|
|
|
// they're 400 vs 403 vs 500 at minimum. And then we should have helpers
|
|
|
|
// (in tsweb probably) to return an error that looks at the error value
|
|
|
|
// to determine the HTTP status code.
|
2022-11-08 04:49:46 +00:00
|
|
|
http.Error(w, fmt.Sprint(err), 500)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
serveKeyPair(w, r, pair)
|
|
|
|
}
|
|
|
|
|
2022-11-08 05:26:26 +00:00
|
|
|
func serveKeyPair(w http.ResponseWriter, r *http.Request, p *ipnlocal.TLSCertKeyPair) {
|
2021-08-17 22:03:28 +00:00
|
|
|
w.Header().Set("Content-Type", "text/plain")
|
|
|
|
switch r.URL.Query().Get("type") {
|
|
|
|
case "", "crt", "cert":
|
2022-11-08 05:26:26 +00:00
|
|
|
w.Write(p.CertPEM)
|
2021-08-17 22:03:28 +00:00
|
|
|
case "key":
|
2022-11-08 05:26:26 +00:00
|
|
|
w.Write(p.KeyPEM)
|
2021-08-17 22:03:28 +00:00
|
|
|
case "pair":
|
2022-11-08 05:26:26 +00:00
|
|
|
w.Write(p.KeyPEM)
|
|
|
|
w.Write(p.CertPEM)
|
2021-08-17 22:03:28 +00:00
|
|
|
default:
|
|
|
|
http.Error(w, `invalid type; want "cert" (default), "key", or "pair"`, 400)
|
|
|
|
}
|
|
|
|
}
|