secrets migration

cmd/dkl-local-server/ws-clusters.go

@@ -2,10 +2,12 @@ package main
 
 import (
 	"log"
-	"sort"
+	"net/url"
+	"strconv"
 
 	restful "github.com/emicklei/go-restful"
 
+	"novit.tech/direktil/local-server/pkg/mime"
 	"novit.tech/direktil/pkg/localconfig"
 )
 
@@ -83,53 +85,39 @@ func wsClusterAddons(req *restful.Request, resp *restful.Response) {
 }
 
 func wsClusterCACert(req *restful.Request, resp *restful.Response) {
-	cs := secretData.clusters[req.PathParameter("cluster-name")]
-	if cs == nil {
-		wsNotFound(resp)
-		return
-	}
-
-	ca := cs.CAs[req.PathParameter("ca-name")]
-	if ca == nil {
+	clusterName := req.PathParameter("cluster-name")
+	caName := req.PathParameter("ca-name")
+
+	ca, found, err := clusterCAs.Get(clusterName + "/" + caName)
+	if err != nil {
+		wsError(resp, err)
+		return
+	}
+	if !found {
 		wsNotFound(resp)
 		return
 	}
 
+	resp.Header().Set("Content-Type", mime.CERT)
 	resp.Write(ca.Cert)
 }
 
 func wsClusterSignedCert(req *restful.Request, resp *restful.Response) {
-	cs := secretData.clusters[req.PathParameter("cluster-name")]
-	if cs == nil {
-		wsNotFound(resp)
-		return
-	}
-
-	ca := cs.CAs[req.PathParameter("ca-name")]
-	if ca == nil {
-		wsNotFound(resp)
-		return
-	}
-
+	clusterName := req.PathParameter("cluster-name")
+	caName := req.PathParameter("ca-name")
 	name := req.QueryParameter("name")
 
-	if name == "" {
-		keys := make([]string, 0, len(ca.Signed))
-		for k := range ca.Signed {
-			keys = append(keys, k)
-		}
-
-		sort.Strings(keys)
-
-		resp.WriteJson(keys, restful.MIME_JSON)
+	kc, found, err := clusterCASignedKeys.Get(clusterName + "/" + caName + "/" + name)
+	if err != nil {
+		wsError(resp, err)
 		return
 	}
-
-	kc := ca.Signed[name]
-	if kc == nil {
+	if !found {
 		wsNotFound(resp)
 		return
 	}
 
+	resp.AddHeader("Content-Type", mime.CERT)
+	resp.AddHeader("Content-Disposition", "attachment; filename="+strconv.Quote(clusterName+"_"+caName+"_"+url.PathEscape(name)+".crt"))
 	resp.Write(kc.Cert)
 }