1package cloudflare 2 3import ( 4 "context" 5 "encoding/json" 6 "net/url" 7 "time" 8 9 "github.com/pkg/errors" 10) 11 12// OriginCACertificate represents a Cloudflare-issued certificate. 13// 14// API reference: https://api.cloudflare.com/#cloudflare-ca 15type OriginCACertificate struct { 16 ID string `json:"id"` 17 Certificate string `json:"certificate"` 18 Hostnames []string `json:"hostnames"` 19 ExpiresOn time.Time `json:"expires_on"` 20 RequestType string `json:"request_type"` 21 RequestValidity int `json:"requested_validity"` 22 CSR string `json:"csr"` 23} 24 25// OriginCACertificateListOptions represents the parameters used to list Cloudflare-issued certificates. 26type OriginCACertificateListOptions struct { 27 ZoneID string 28} 29 30// OriginCACertificateID represents the ID of the revoked certificate from the Revoke Certificate endpoint. 31type OriginCACertificateID struct { 32 ID string `json:"id"` 33} 34 35// originCACertificateResponse represents the response from the Create Certificate and the Certificate Details endpoints. 36type originCACertificateResponse struct { 37 Response 38 Result OriginCACertificate `json:"result"` 39} 40 41// originCACertificateResponseList represents the response from the List Certificates endpoint. 42type originCACertificateResponseList struct { 43 Response 44 Result []OriginCACertificate `json:"result"` 45 ResultInfo ResultInfo `json:"result_info"` 46} 47 48// originCACertificateResponseRevoke represents the response from the Revoke Certificate endpoint. 49type originCACertificateResponseRevoke struct { 50 Response 51 Result OriginCACertificateID `json:"result"` 52} 53 54// CreateOriginCertificate creates a Cloudflare-signed certificate. 55// 56// This function requires api.APIUserServiceKey be set to your Certificates API key. 57// 58// API reference: https://api.cloudflare.com/#cloudflare-ca-create-certificate 59func (api *API) CreateOriginCertificate(certificate OriginCACertificate) (*OriginCACertificate, error) { 60 uri := "/certificates" 61 res, err := api.makeRequestWithAuthType(context.TODO(), "POST", uri, certificate, AuthUserService) 62 63 if err != nil { 64 return nil, errors.Wrap(err, errMakeRequestError) 65 } 66 67 var originResponse *originCACertificateResponse 68 69 err = json.Unmarshal(res, &originResponse) 70 71 if err != nil { 72 return nil, errors.Wrap(err, errUnmarshalError) 73 } 74 75 if !originResponse.Success { 76 return nil, errors.New(errRequestNotSuccessful) 77 } 78 79 return &originResponse.Result, nil 80} 81 82// OriginCertificates lists all Cloudflare-issued certificates. 83// 84// This function requires api.APIUserServiceKey be set to your Certificates API key. 85// 86// API reference: https://api.cloudflare.com/#cloudflare-ca-list-certificates 87func (api *API) OriginCertificates(options OriginCACertificateListOptions) ([]OriginCACertificate, error) { 88 v := url.Values{} 89 if options.ZoneID != "" { 90 v.Set("zone_id", options.ZoneID) 91 } 92 uri := "/certificates" + "?" + v.Encode() 93 res, err := api.makeRequestWithAuthType(context.TODO(), "GET", uri, nil, AuthUserService) 94 95 if err != nil { 96 return nil, errors.Wrap(err, errMakeRequestError) 97 } 98 99 var originResponse *originCACertificateResponseList 100 101 err = json.Unmarshal(res, &originResponse) 102 103 if err != nil { 104 return nil, errors.Wrap(err, errUnmarshalError) 105 } 106 107 if !originResponse.Success { 108 return nil, errors.New(errRequestNotSuccessful) 109 } 110 111 return originResponse.Result, nil 112} 113 114// OriginCertificate returns the details for a Cloudflare-issued certificate. 115// 116// This function requires api.APIUserServiceKey be set to your Certificates API key. 117// 118// API reference: https://api.cloudflare.com/#cloudflare-ca-certificate-details 119func (api *API) OriginCertificate(certificateID string) (*OriginCACertificate, error) { 120 uri := "/certificates/" + certificateID 121 res, err := api.makeRequestWithAuthType(context.TODO(), "GET", uri, nil, AuthUserService) 122 123 if err != nil { 124 return nil, errors.Wrap(err, errMakeRequestError) 125 } 126 127 var originResponse *originCACertificateResponse 128 129 err = json.Unmarshal(res, &originResponse) 130 131 if err != nil { 132 return nil, errors.Wrap(err, errUnmarshalError) 133 } 134 135 if !originResponse.Success { 136 return nil, errors.New(errRequestNotSuccessful) 137 } 138 139 return &originResponse.Result, nil 140} 141 142// RevokeOriginCertificate revokes a created certificate for a zone. 143// 144// This function requires api.APIUserServiceKey be set to your Certificates API key. 145// 146// API reference: https://api.cloudflare.com/#cloudflare-ca-revoke-certificate 147func (api *API) RevokeOriginCertificate(certificateID string) (*OriginCACertificateID, error) { 148 uri := "/certificates/" + certificateID 149 res, err := api.makeRequestWithAuthType(context.TODO(), "DELETE", uri, nil, AuthUserService) 150 151 if err != nil { 152 return nil, errors.Wrap(err, errMakeRequestError) 153 } 154 155 var originResponse *originCACertificateResponseRevoke 156 157 err = json.Unmarshal(res, &originResponse) 158 159 if err != nil { 160 return nil, errors.Wrap(err, errUnmarshalError) 161 } 162 163 if !originResponse.Success { 164 return nil, errors.New(errRequestNotSuccessful) 165 } 166 167 return &originResponse.Result, nil 168 169} 170