MCPcopy
hub / github.com/caddyserver/caddy / handleCACerts

Method handleCACerts

modules/caddypki/adminapi.go:144–172  ·  view source on GitHub ↗

handleCACerts returns the certificate chain for a particular CA by its ID. If the CA ID is the default, then the CA will be provisioned if it has not already been. Other CA IDs will return an error if they have not been previously provisioned.

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

142// provisioned if it has not already been. Other CA IDs will return an
143// error if they have not been previously provisioned.
144func (a *adminAPI) handleCACerts(w http.ResponseWriter, r *http.Request) error {
145 if r.Method != http.MethodGet {
146 return caddy.APIError{
147 HTTPStatus: http.StatusMethodNotAllowed,
148 Err: fmt.Errorf("method not allowed: %v", r.Method),
149 }
150 }
151
152 ca, err := a.getCAFromAPIRequestPath(r)
153 if err != nil {
154 return err
155 }
156
157 rootCert, interCert, err := rootAndIntermediatePEM(ca)
158 if err != nil {
159 return caddy.APIError{
160 HTTPStatus: http.StatusInternalServerError,
161 Err: fmt.Errorf("failed to get root and intermediate cert for CA %s: %v", ca.ID, err),
162 }
163 }
164
165 w.Header().Set("Content-Type", "application/pem-certificate-chain")
166 _, err = w.Write(interCert) //nolint:gosec // false positive... no XSS in a PEM for cryin' out loud
167 if err == nil {
168 _, _ = w.Write(rootCert) //nolint:gosec // false positive... no XSS in a PEM for cryin' out loud
169 }
170
171 return nil
172}
173
174func (a *adminAPI) getCAFromAPIRequestPath(r *http.Request) (*CA, error) {
175 // Grab the CA ID from the request path, it should be the 4th segment (/pki/ca/<ca>)

Callers 1

handleAPIEndpointsMethod · 0.95

Calls 5

rootAndIntermediatePEMFunction · 0.85
SetMethod · 0.45
HeaderMethod · 0.45
WriteMethod · 0.45

Tested by

no test coverage detected