mirror of https://github.com/docker/docs.git
191 lines
5.4 KiB
Go
191 lines
5.4 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"github.com/docker/notary/signer"
|
|
"github.com/docker/notary/signer/keys"
|
|
"github.com/gorilla/mux"
|
|
|
|
pb "github.com/docker/notary/proto"
|
|
)
|
|
|
|
// Handlers sets up all the handers for the routes, injecting a specific SigningService object for them to use
|
|
func Handlers(sigServices signer.SigningServiceIndex) *mux.Router {
|
|
r := mux.NewRouter()
|
|
|
|
r.Methods("GET").Path("/{ID}").Handler(KeyInfo(sigServices))
|
|
r.Methods("POST").Path("/new/{Algorithm}").Handler(CreateKey(sigServices))
|
|
r.Methods("POST").Path("/delete").Handler(DeleteKey(sigServices))
|
|
r.Methods("POST").Path("/sign").Handler(Sign(sigServices))
|
|
return r
|
|
}
|
|
|
|
// getSigningService handles looking up the correct signing service, given the
|
|
// algorithm specified in the HTTP request. If the algorithm isn't specified
|
|
// or isn't supported, an error is returned to the client and this function
|
|
// returns a nil SigningService
|
|
func getSigningService(w http.ResponseWriter, algorithm string, sigServices signer.SigningServiceIndex) signer.SigningService {
|
|
if algorithm == "" {
|
|
http.Error(w, "algorithm not specified", http.StatusBadRequest)
|
|
return nil
|
|
}
|
|
|
|
service := sigServices[algorithm]
|
|
|
|
if service == nil {
|
|
http.Error(w, "algorithm "+algorithm+" not supported", http.StatusBadRequest)
|
|
return nil
|
|
}
|
|
|
|
return service
|
|
}
|
|
|
|
// KeyInfo returns a Handler that given a specific Key ID param, returns the public key bits of that key
|
|
func KeyInfo(sigServices signer.SigningServiceIndex) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
|
|
key, _, err := FindKeyByID(sigServices, &pb.KeyID{ID: vars["ID"]})
|
|
if err != nil {
|
|
switch err {
|
|
// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
|
|
case keys.ErrInvalidKeyID:
|
|
w.WriteHeader(http.StatusNotFound)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
// If we received anything else, it is unexpected, and we return a 500
|
|
default:
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
}
|
|
json.NewEncoder(w).Encode(key)
|
|
return
|
|
})
|
|
}
|
|
|
|
// CreateKey returns a handler that generates a new
|
|
func CreateKey(sigServices signer.SigningServiceIndex) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
sigService := getSigningService(w, vars["Algorithm"], sigServices)
|
|
if sigService == nil {
|
|
// Error handled inside getSigningService
|
|
return
|
|
}
|
|
|
|
key, err := sigService.CreateKey()
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
json.NewEncoder(w).Encode(key)
|
|
return
|
|
})
|
|
}
|
|
|
|
// DeleteKey returns a handler that delete a specific KeyID
|
|
func DeleteKey(sigServices signer.SigningServiceIndex) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
var keyID *pb.KeyID
|
|
err := json.NewDecoder(r.Body).Decode(&keyID)
|
|
defer r.Body.Close()
|
|
if err != nil || keyID.ID == "" {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
jsonErr, _ := json.Marshal("Malformed request")
|
|
w.Write([]byte(jsonErr))
|
|
return
|
|
}
|
|
|
|
_, sigService, err := FindKeyByID(sigServices, keyID)
|
|
|
|
if err != nil {
|
|
switch err {
|
|
// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
|
|
case keys.ErrInvalidKeyID:
|
|
w.WriteHeader(http.StatusNotFound)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
// If we received anything else, it is unexpected, and we return a 500
|
|
default:
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
}
|
|
|
|
_, err = sigService.DeleteKey(keyID)
|
|
|
|
if err != nil {
|
|
switch err {
|
|
// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
|
|
case keys.ErrInvalidKeyID:
|
|
w.WriteHeader(http.StatusNotFound)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
// If we received anything else, it is unexpected, and we return a 500
|
|
default:
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
}
|
|
// In case we successfully delete this key, return 200
|
|
return
|
|
})
|
|
}
|
|
|
|
// Sign returns a handler that is able to perform signatures on a given blob
|
|
func Sign(sigServices signer.SigningServiceIndex) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
var sigRequest *pb.SignatureRequest
|
|
err := json.NewDecoder(r.Body).Decode(&sigRequest)
|
|
defer r.Body.Close()
|
|
if err != nil || sigRequest.Content == nil ||
|
|
sigRequest.KeyID == nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
jsonErr, _ := json.Marshal("Malformed request")
|
|
w.Write([]byte(jsonErr))
|
|
return
|
|
}
|
|
|
|
_, sigService, err := FindKeyByID(sigServices, sigRequest.KeyID)
|
|
if err == keys.ErrInvalidKeyID {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
} else if err != nil {
|
|
// We got an unexpected error
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
|
|
signer, err := sigService.Signer(sigRequest.KeyID)
|
|
if err == keys.ErrInvalidKeyID {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
} else if err != nil {
|
|
// We got an unexpected error
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
|
|
signature, err := signer.Sign(sigRequest)
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(signature)
|
|
return
|
|
})
|
|
}
|