@@ -42,6 +42,7 @@ type Authority interface {
4242 GetEncryptedKey (kid string ) (string , error )
4343 GetRoots () (federation []* x509.Certificate , err error )
4444 GetFederation () ([]* x509.Certificate , error )
45+ Version () authority.Version
4546}
4647
4748// TimeDuration is an alias of provisioner.TimeDuration
@@ -71,6 +72,13 @@ func NewCertificate(cr *x509.Certificate) Certificate {
7172 }
7273}
7374
75+ // reset sets the inner x509.CertificateRequest to nil
76+ func (c * Certificate ) reset () {
77+ if c != nil {
78+ c .Certificate = nil
79+ }
80+ }
81+
7482// MarshalJSON implements the json.Marshaler interface. The certificate is
7583// quoted string using the PEM encoding.
7684func (c Certificate ) MarshalJSON () ([]byte , error ) {
@@ -91,6 +99,13 @@ func (c *Certificate) UnmarshalJSON(data []byte) error {
9199 if err := json .Unmarshal (data , & s ); err != nil {
92100 return errors .Wrap (err , "error decoding certificate" )
93101 }
102+
103+ // Make sure the inner x509.Certificate is nil
104+ if s == "null" || s == "" {
105+ c .reset ()
106+ return nil
107+ }
108+
94109 block , _ := pem .Decode ([]byte (s ))
95110 if block == nil {
96111 return errors .New ("error decoding certificate" )
@@ -117,6 +132,13 @@ func NewCertificateRequest(cr *x509.CertificateRequest) CertificateRequest {
117132 }
118133}
119134
135+ // reset sets the inner x509.CertificateRequest to nil
136+ func (c * CertificateRequest ) reset () {
137+ if c != nil {
138+ c .CertificateRequest = nil
139+ }
140+ }
141+
120142// MarshalJSON implements the json.Marshaler interface. The certificate request
121143// is a quoted string using the PEM encoding.
122144func (c CertificateRequest ) MarshalJSON () ([]byte , error ) {
@@ -137,6 +159,13 @@ func (c *CertificateRequest) UnmarshalJSON(data []byte) error {
137159 if err := json .Unmarshal (data , & s ); err != nil {
138160 return errors .Wrap (err , "error decoding csr" )
139161 }
162+
163+ // Make sure the inner x509.CertificateRequest is nil
164+ if s == "null" || s == "" {
165+ c .reset ()
166+ return nil
167+ }
168+
140169 block , _ := pem .Decode ([]byte (s ))
141170 if block == nil {
142171 return errors .New ("error decoding csr" )
@@ -162,6 +191,13 @@ type RouterHandler interface {
162191 Route (r Router )
163192}
164193
194+ // VersionResponse is the response object that returns the version of the
195+ // server.
196+ type VersionResponse struct {
197+ Version string `json:"version"`
198+ RequireClientAuthentication bool `json:"requireClientAuthentication,omitempty"`
199+ }
200+
165201// HealthResponse is the response object that returns the health of the server.
166202type HealthResponse struct {
167203 Status string `json:"status"`
@@ -241,6 +277,7 @@ func New(authority Authority) RouterHandler {
241277}
242278
243279func (h * caHandler ) Route (r Router ) {
280+ r .MethodFunc ("GET" , "/version" , h .Version )
244281 r .MethodFunc ("GET" , "/health" , h .Health )
245282 r .MethodFunc ("GET" , "/root/{sha}" , h .Root )
246283 r .MethodFunc ("POST" , "/sign" , h .Sign )
@@ -268,6 +305,15 @@ func (h *caHandler) Route(r Router) {
268305 r .MethodFunc ("POST" , "/sign-ssh" , h .SSHSign )
269306}
270307
308+ // Version is an HTTP handler that returns the version of the server.
309+ func (h * caHandler ) Version (w http.ResponseWriter , r * http.Request ) {
310+ v := h .Authority .Version ()
311+ JSON (w , VersionResponse {
312+ Version : v .Version ,
313+ RequireClientAuthentication : v .RequireClientAuthentication ,
314+ })
315+ }
316+
271317// Health is an HTTP handler that returns the status of the server.
272318func (h * caHandler ) Health (w http.ResponseWriter , r * http.Request ) {
273319 JSON (w , HealthResponse {Status : "ok" })
0 commit comments