package main
import (
"fmt"
"log"
"net/http"
"os"
"os/exec"
"path/filepath"
"strings"
"github.com/docopt/docopt-go"
"gopkg.in/ini.v1"
)
var (
appVersion string
buildTime string
webDir string
jsonConverter string
bearerToken string
WarningLogger *log.Logger
InfoLogger *log.Logger
ErrorLogger *log.Logger
verboseBool bool
)
func init() {
InfoLogger = log.New(os.Stdout, "INFO: ", log.Ldate|log.Ltime)
WarningLogger = log.New(os.Stdout, "WARNING: ", log.Ldate|log.Ltime)
ErrorLogger = log.New(os.Stdout, "ERROR: ", log.Ldate|log.Ltime)
}
// write to file
func writeFile(fileContent string, filePath string) {
content := []byte(fileContent)
err := os.WriteFile(filePath, content, 0644)
if err != nil {
WarningLogger.Println(err)
}
}
// serve certificates JSON
func renderJSON(w http.ResponseWriter, req *http.Request) {
provider := strings.Split(req.URL.Path, "/")[2]
serveFile := fmt.Sprintf("%v/%v/%v.json", webDir, provider, provider)
cmd := exec.Command(jsonConverter, "-p", provider)
err := cmd.Run()
if err != nil {
WarningLogger.Println(err)
w.WriteHeader(http.StatusServiceUnavailable)
} else {
if verboseBool {
InfoLogger.Printf("HTTP Status %v", http.StatusOK)
}
w.Header().Set("Content-Type", "application/json")
}
http.ServeFile(w, req, serveFile)
}
// serve certificates list
func renderPage(w http.ResponseWriter, req *http.Request) {
provider := strings.Split(req.URL.Path, "/")
serveFile := filepath.Join(webDir, req.URL.Path)
cmd := exec.Command(jsonConverter, "-p", provider[1])
err := cmd.Run()
if err != nil {
WarningLogger.Println(err)
w.WriteHeader(http.StatusServiceUnavailable)
} else {
if verboseBool {
InfoLogger.Printf("HTTP Status %v", http.StatusOK)
}
w.Header().Set("Content-Type", "text/html")
}
http.ServeFile(w, req, serveFile)
}
// trigger puppet
func triggerPuppet(w http.ResponseWriter, req *http.Request) {
//cmd := exec.Command("/usr/bin/pkill", "-f", "/opt/puppetlabs/puppet/bin/puppet", "-s", "SIGUSR1")
cmd := exec.Command("/usr/bin/touch", "/TEST")
authToken := strings.Split(req.Header.Get("Authorization"), "Bearer ")[1]
statusFile := "/tmp/200.json"
ok := fmt.Sprintf("{\n \"status\": \"OK\",\n \"response\": 200\n \"token\": %v\n}", authToken)
ko := fmt.Sprintf("{\n \"status\": \"OK\",\n \"response\": 401\n \"token\": %v\n}", authToken)
writeFile(ok, "/tmp/200.json")
writeFile(ko, "/tmp/401.json")
w.Header().Set("Content-Type", "application/json")
if authToken != bearerToken {
statusFile = "/tmp/401.json"
//w.WriteHeader(http.StatusUnauthorized)
http.Error(w, ko, http.StatusUnauthorized)
http.ServeFile(w, req, "/tmp/401.json")
//http.ServeFile(w, req, statusFile)
} else {
cmd.Run()
if verboseBool {
InfoLogger.Printf("HTTP Status %v", http.StatusOK)
}
http.ServeFile(w, req, statusFile)
}
}
// function redirect
func redirect(w http.ResponseWriter, req *http.Request) {
redirectURL := filepath.Join(req.URL.Path, "/by_name.html")
http.Redirect(w, req, redirectURL, http.StatusMovedPermanently)
}
func main() {
progName := filepath.Base(os.Args[0])
usage := fmt.Sprintf(`ACME Web:
- serve ACME HTML pages, trigger Puppet, expose API
Usage:
%v [--json-converter=JSONCONVERTER] [--listen-address=LISTENADDRESS] [--listen-port=LISTENPORT] [--verbose]
%v -h | --help
%v -b | --build
%v -v | --version
Options:
-h --help Show this screen
-b --build Print version and build information and exit
-v --version Print version information and exit
--json-converter=JSONCONVERTER Path to json converter script [default: /usr/bin/cert2json.py]
--listen-address=LISTENADDRESS Web server address. Check Go net/http documentation [default: any]
--listen-port=LISTENPORT Web server port [default: 8000]
--verbose Log also successful connections
`, progName, progName, progName, progName)
arguments, _ := docopt.ParseArgs(usage, nil, appVersion)
if arguments["--build"] == true {
fmt.Printf("%v version: %v, built on: %v\n", progName, appVersion, buildTime)
os.Exit(0)
}
cfg, err := ini.Load("/root/.acme.ini")
if err != nil {
fmt.Printf("Fail to read file: %v", err)
os.Exit(1)
}
//bearerToken = fmt.Sprintf("Bearer %v", cfg.Section("acme").Key("bearer_token").String())
bearerToken = cfg.Section("acme").Key("bearer_token").String()
webDir = "/var/www/acme_web"
jsonConverter = arguments["--json-converter"].(string)
verboseBool = arguments["--verbose"].(bool)
listenAddress := arguments["--listen-address"].(string)
listenPort := arguments["--listen-port"].(string)
baseURLs := [6]string{"/sectigo_ev", "/sectigo_ov", "/letsencrypt", "/sectigo_ev/", "/sectigo_ov/", "/letsencrypt/"}
apiURLs := [6]string{"/api/sectigo_ev", "/api/sectigo_ov", "/api/letsencrypt",
"/api/sectigo_ev/", "/api/sectigo_ov/", "/api/letsencrypt/"}
otherURLs := [12]string{"/letsencrypt/by_name.html", "/letsencrypt/by_date.html",
"/letsencrypt/letsencrypt.json", "/letsencrypt/letsencrypt_expired.json",
"/sectigo_ov/by_name.html", "/sectigo_ov/by_date.html",
"/sectigo_ov/sectigo_ov.json", "/sectigo_ov/sectigo_ov_expired.json",
"/sectigo_ev/by_name.html", "/sectigo_ev/by_date.html",
"/sectigo_ev/sectigo_ev.json", "/sectigo_ev/sectigo_ev_expired.json"}
puppetURL := "/puppet"
fs := http.FileServer(http.Dir("/var/www/acme_web/static"))
http.Handle("/static/", http.StripPrefix("/static/", fs))
http.HandleFunc(puppetURL, triggerPuppet)
http.HandleFunc("/", func(res http.ResponseWriter, req *http.Request) {
http.ServeFile(res, req, filepath.Join(webDir, "index.html"))
})
for _, apiElement := range apiURLs {
http.HandleFunc(apiElement, renderJSON)
}
for _, element := range baseURLs {
http.HandleFunc(element, redirect)
}
for _, otherElement := range otherURLs {
http.HandleFunc(otherElement, renderPage)
}
if listenAddress == "any" {
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%v", listenPort), nil))
} else {
log.Fatal(http.ListenAndServe(fmt.Sprintf("%v:%v", listenAddress, listenPort), nil))
}
}