(as-json-or-pson x context)This is a stupid hack because of PSON. We shouldn't have to do this, but liberator does not know how to serialize a map as PSON (as it does with JSON), so we have to tell it how.
This is a stupid hack because of PSON. We shouldn't have to do this, but liberator does not know how to serialize a map as PSON (as it does with JSON), so we have to tell it how.
(as-plain-text-response context message)Create a ring response based on the response info in the supplied context and a specific message. The message is assumed to be plain text and so is marked with a 'text/plain; charset=UTF-8' Content-Type header. This is needed for cases where liberator would not mark the Content-Type in the response as 'text/plain' on its own, which could otherwise result in the underlying webserver dumbly constructing the Content-Type as ';charset=UTF-8'. A Content-Type with a charset and no MIME value would be problematic for some clients to interpret.
Create a ring response based on the response info in the supplied context and a specific message. The message is assumed to be plain text and so is marked with a 'text/plain; charset=UTF-8' Content-Type header. This is needed for cases where liberator would not mark the Content-Type in the response as 'text/plain' on its own, which could otherwise result in the underlying webserver dumbly constructing the Content-Type as ';charset=UTF-8'. A Content-Type with a charset and no MIME value would be problematic for some clients to interpret.
(certificate-issued? settings subject)Inputs: [settings :- ca/CaSettings subject :- schema/Str] Returns: schema/Bool
Inputs: [settings :- ca/CaSettings subject :- schema/Str] Returns: schema/Bool
(conflict message)Returns a value indicating to liberator that the request is conflict with the server, with the given error message assoc'ed into the context.
Returns a value indicating to liberator that the request is conflict with the server, with the given error message assoc'ed into the context.
(format-http-date http-date)Inputs: [http-date :- (schema/maybe schema/Str)] Returns: (schema/maybe DateTime)
Formats an http-date into joda time. Returns nil for malformed or nil http-dates
Inputs: [http-date :- (schema/maybe schema/Str)] Returns: (schema/maybe DateTime) Formats an http-date into joda time. Returns nil for malformed or nil http-dates
(get-wrapped-handler route-handler
ca-settings
path
authorization-fn
puppet-version)Inputs: [route-handler :- IFn ca-settings :- ca/CaSettings path :- schema/Str authorization-fn :- IFn puppet-version :- schema/Str] Returns: IFn
Inputs: [route-handler :- IFn ca-settings :- ca/CaSettings path :- schema/Str authorization-fn :- IFn puppet-version :- schema/Str] Returns: IFn
(handle-bulk-cert-signing request ca-settings report-activity)Inputs: [request ca-settings :- ca/CaSettings report-activity]
Inputs: [request ca-settings :- ca/CaSettings report-activity]
(handle-bulk-cert-signing-all ca-settings report-activity)Inputs: [ca-settings :- ca/CaSettings report-activity]
Inputs: [ca-settings :- ca/CaSettings report-activity]
(handle-cert-clean request ca-settings report-activity)Inputs: [request ca-settings :- ca/CaSettings report-activity]
Inputs: [request ca-settings :- ca/CaSettings report-activity]
(handle-cert-renewal request
{:keys [cacert cakey allow-auto-renewal] :as ca-settings}
report-activity)Inputs: [request {:keys [cacert cakey allow-auto-renewal], :as ca-settings} :- ca/CaSettings report-activity]
Given a request and the CA settings, if there is a cert present in the request (either in the ssl-client-cert property of the request, or as an x-client-cert field in the header when allow-header-cert-info is set to true) and the cert in the request is valid and signed by the this CA. then generate a renewed cert and return it in the response body
Inputs: [request {:keys [cacert cakey allow-auto-renewal], :as ca-settings} :- ca/CaSettings report-activity]
Given a request and the CA settings, if there is a cert present in the request
(either in the ssl-client-cert property of the request, or as an x-client-cert
field in the header when allow-header-cert-info is set to true) and the cert in
the request is valid and signed by the this CA. then generate a renewed cert and
return it in the response body(handle-delete-certificate-request! subject ca-settings)Inputs: [subject :- String ca-settings :- ca/CaSettings]
Inputs: [subject :- String ca-settings :- ca/CaSettings]
(handle-get-ca-expirations ca-settings)Inputs: [ca-settings :- ca/CaSettings]
Inputs: [ca-settings :- ca/CaSettings]
(handle-get-certificate-revocation-list request ca-settings)Always return the crl if no 'If-Modified-Since' header is provided or if that header is not in correct http-date format. If the header is present and has correct format, only return the crl if the server cacrl is newer than the agent crl.
Always return the crl if no 'If-Modified-Since' header is provided or if that header is not in correct http-date format. If the header is present and has correct format, only return the crl if the server cacrl is newer than the agent crl.
(handle-put-certificate-request!
ca-settings
report-activity
{:keys [body] {:keys [subject]} :route-params :as request})Inputs: [ca-settings :- ca/CaSettings report-activity {:keys [body], {:keys [subject]} :route-params, :as request}]
Inputs: [ca-settings :- ca/CaSettings report-activity {:keys [body], {:keys [subject]} :route-params, :as request}]
(handle-put-certificate-revocation-list! incoming-crl-pem
{:keys [cacrl cacert] :as ca-settings})Inputs: [incoming-crl-pem :- InputStream {:keys [cacrl cacert], :as ca-settings} :- ca/CaSettings]
Inputs: [incoming-crl-pem :- InputStream {:keys [cacrl cacert], :as ca-settings} :- ca/CaSettings]
(malformed message)Returns a value indicating to liberator that the request is malformed, with the given error message assoc'ed into the context.
Returns a value indicating to liberator that the request is malformed, with the given error message assoc'ed into the context.
(request->cert request
{:keys [allow-header-cert-info infra-nodes-path]
:as ca-settings})Inputs: [request :- ring/Request {:keys [allow-header-cert-info infra-nodes-path], :as ca-settings} :- ca/CaSettings] Returns: (schema/maybe X509Certificate)
Pull the client certificate from the request. Response includes the certificate as a java.security.cert.X509Certificate object or, if none can be found, nil. allow-header-cert-info determines whether to try to pull the certificate from an HTTP header (true) or from the certificate provided during SSL session negotiation (false).
If allow-header-cert-info is false, and the cert is present in both the header and the request, validate that the cert in the request is in the infra list. If it isn't in the infra list, log the issue and return nil. If the header isn't set, return the cert from the request.
Inputs: [request :- ring/Request {:keys [allow-header-cert-info infra-nodes-path], :as ca-settings} :- ca/CaSettings]
Returns: (schema/maybe X509Certificate)
Pull the client certificate from the request. Response includes the
certificate as a java.security.cert.X509Certificate object or, if none
can be found, nil. allow-header-cert-info determines whether to try to
pull the certificate from an HTTP header (true) or from the certificate
provided during SSL session negotiation (false).
If allow-header-cert-info is false, and the cert is present in both the header
and the request, validate that the cert in the request is in the infra list.
If it isn't in the infra list, log the issue and return nil.
If the header isn't set, return the cert from the request.
(resolve-crl-information {:keys [enable-infra-crl cacrl infra-crl-path crl-lock
crl-lock-timeout-seconds]})Inputs: [{:keys [enable-infra-crl cacrl infra-crl-path crl-lock crl-lock-timeout-seconds]} :- ca/CaSettings]
Create a map that has the appropriate path, lock, timeout and descriptor for the crl being used
Inputs: [{:keys [enable-infra-crl cacrl infra-crl-path crl-lock crl-lock-timeout-seconds]} :- ca/CaSettings]
Create a map that has the appropriate path, lock, timeout and descriptor for the crl being used(v1-status _level)Inputs: [_level :- status-core/ServiceStatusDetailLevel] Returns: status-core/StatusCallbackResponse
Inputs: [_level :- status-core/ServiceStatusDetailLevel] Returns: status-core/StatusCallbackResponse
(validate-cert-in-infra-list request-cert infra-nodes-path)Inputs: [request-cert :- X509Certificate infra-nodes-path :- schema/Str] Returns: schema/Bool
Inputs: [request-cert :- X509Certificate infra-nodes-path :- schema/Str] Returns: schema/Bool
(validate-header-cert-not-revoked cert ca-settings)Inputs: [cert :- X509Certificate ca-settings :- ca/CaSettings] Returns: (schema/maybe X509Certificate)
Given a certificate, validate that the certificate is not in the CRL. The messaging is specific to the header method of certificate delivery. If the certificate is valid, it is returned, otherwise return nil
Inputs: [cert :- X509Certificate ca-settings :- ca/CaSettings] Returns: (schema/maybe X509Certificate) Given a certificate, validate that the certificate is not in the CRL. The messaging is specific to the header method of certificate delivery. If the certificate is valid, it is returned, otherwise return nil
(web-routes ca-settings report-activity)Inputs: [ca-settings :- ca/CaSettings report-activity] Returns: bidi-schema/RoutePair
Inputs: [ca-settings :- ca/CaSettings report-activity] Returns: bidi-schema/RoutePair
(wrap-middleware handler puppet-version)Inputs: [handler :- IFn puppet-version :- schema/Str] Returns: IFn
Inputs: [handler :- IFn puppet-version :- schema/Str] Returns: IFn
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |