package service import ( "io/ioutil" "log" "net/http" "strings" ) type Status int const ( OK Status = iota WAITING ERROR ) type HttpServer struct { manager *Manager status Status } type CreateCSRRequest struct { *BaseMessage Hostname string } type CreateCSRResponse struct { *BaseMessage CSR string `json:"csr"` } type UpdateOpenVPNConfigRequest struct { *BaseMessage Config string } type DeliverCertificateRequest struct { *BaseMessage Certificate string } func NewHttpServer(manager *Manager) *HttpServer { return &HttpServer{manager, WAITING} } func (it *HttpServer) Start() { http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { log.Printf("%s /", strings.ToUpper(request.Method)) writer.WriteHeader(200) writer.Write([]byte("Don't")) }) http.HandleFunc("/create-csr", func(writer http.ResponseWriter, request *http.Request) { log.Printf("%s /create-csr", strings.ToUpper(request.Method)) req := &CreateCSRRequest{} err := it.verifyRequest(request, req) if err != nil { log.Printf("Error on %s %s: %s", request.Method, request.URL.Path, err) writer.WriteHeader(400) return } csr, err := it.manager.CreateCSR(req.Hostname) if err != nil { writer.WriteHeader(500) return } it.writeResponse(writer, CreateCSRResponse{ CSR: string(csr), }) }) http.HandleFunc("/deliver-crt", func(writer http.ResponseWriter, request *http.Request) { log.Printf("%s /deliver-crt", strings.ToUpper(request.Method)) req := &DeliverCertificateRequest{} err := it.verifyRequest(request, req) if err != nil { log.Printf("Error on %s %s: %s", request.Method, request.URL.Path, err) writer.WriteHeader(400) return } err = it.manager.UpdateCertificate(req.Certificate) if err != nil { writer.WriteHeader(500) return } it.manager.openVPN.Start() }) http.HandleFunc("/update-openvpn-config", func(writer http.ResponseWriter, request *http.Request) { log.Printf("%s /update-openvpn-config", strings.ToUpper(request.Method)) req := &UpdateOpenVPNConfigRequest{} err := it.verifyRequest(request, req) if err != nil { log.Printf("Error on %s %s: %s", request.Method, request.URL.Path, err) writer.WriteHeader(400) return } err = it.manager.openVPN.UpdateConfig(req.Config) if err != nil { writer.WriteHeader(500) return } it.manager.openVPN.Restart() }) http.ListenAndServe(":7864", nil) } func (it *HttpServer) writeResponse(writer http.ResponseWriter, v interface{}) error { return EncryptAndSign(v, it.manager.privateKey, it.manager.CAPublicKey(), it.manager.GetServerFingerprint(), writer) } func (it *HttpServer) verifyRequest(r *http.Request, v interface{}) (error) { hexBody, err := ioutil.ReadAll(r.Body) if err != nil { return err } return DecryptAndVerify(hexBody, it.manager.privateKey, it.manager.CAPublicKey(), it.manager.GetServerFingerprint(), v) }