-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathWebEnrollmentServer.go
99 lines (82 loc) · 2.59 KB
/
WebEnrollmentServer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package adcs
import (
"bytes"
"crypto/tls"
"errors"
"fmt"
"net/http"
"strconv"
ntlmssp "github.com/Azure/go-ntlmssp"
)
// WebEnrollmentServer structure defines the ADCS web enrollment server
type WebEnrollmentServer struct {
URL string
Username string
Password string
}
// SubmitNewRequest will submit the WebEnrollment reqest and populate the object with the response
func (wes *WebEnrollmentServer) SubmitNewRequest(incsr []byte, template string) (WebEnrollmentResponse, error) {
wer := WebEnrollmentNewRequest{
webenrollmentserver: wes,
csr: incsr,
template: template,
}
response, err := wer.Submit()
if err != nil {
return WebEnrollmentResponse{}, err
}
return response, nil
}
// CheckPendingRequest will check to see if the request has been completed or not.
func (wes *WebEnrollmentServer) CheckPendingRequest(requestid int) (WebEnrollmentResponse, error) {
wer := WebEnrollmentPendingRequest{
webenrollmentserver: wes,
requestid: requestid,
}
response, err := wer.Submit()
if err != nil {
return WebEnrollmentResponse{}, err
}
return response, nil
}
func (wes WebEnrollmentServer) newCertificateRequestURL() string {
return fmt.Sprintf("%s/certfnsh.asp", wes.URL)
}
func (wes WebEnrollmentServer) newCertificateResponseURL() string {
return fmt.Sprintf("%s/certnew.cer", wes.URL)
}
// NewClient builds an http client object for ntlm authentication
func NewClient() *http.Client {
return &http.Client{
Transport: ntlmssp.Negotiator{
RoundTripper: &http.Transport{
TLSNextProto: map[string]func(authority string, c *tls.Conn) http.RoundTripper{},
},
},
}
}
// getCertificate will retrieve the specified certificate from the server
func (wes *WebEnrollmentServer) getCertificate(requestid string) ([]byte, error) {
client := NewClient()
url := fmt.Sprintf("%s?ReqID=%s&Enc=b64", wes.newCertificateResponseURL(), requestid)
req, _ := http.NewRequest("GET", url, nil)
req.SetBasicAuth(wes.Username, wes.Password)
resp, err := client.Do(req)
if err != nil {
return nil, err
}
if resp.StatusCode != 200 {
return nil, errors.New("unable to request certificate")
}
buf := new(bytes.Buffer)
buf.ReadFrom(resp.Body)
return buf.Bytes(), nil
}
// GetCertificate will retrieve the specified ID certificate from the server
func (wes *WebEnrollmentServer) GetCertificate(requestid int) ([]byte, error) {
return wes.getCertificate(strconv.Itoa(requestid))
}
// GetCACertificate will retrieve the CA certificate from the server
func (wes *WebEnrollmentServer) GetCACertificate() ([]byte, error) {
return wes.getCertificate("CACert")
}