github.com/vnforks/kid@v5.11.1+incompatible/app/saml.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "io/ioutil" 8 "mime/multipart" 9 "net/http" 10 11 "github.com/mattermost/mattermost-server/model" 12 ) 13 14 const ( 15 SamlPublicCertificateName = "saml-public.crt" 16 SamlPrivateKeyName = "saml-private.key" 17 SamlIdpCertificateName = "saml-idp.crt" 18 ) 19 20 func (a *App) GetSamlMetadata() (string, *model.AppError) { 21 if a.Saml == nil { 22 err := model.NewAppError("GetSamlMetadata", "api.admin.saml.not_available.app_error", nil, "", http.StatusNotImplemented) 23 return "", err 24 } 25 26 result, err := a.Saml.GetMetadata() 27 if err != nil { 28 return "", model.NewAppError("GetSamlMetadata", "api.admin.saml.metadata.app_error", nil, "err="+err.Message, err.StatusCode) 29 } 30 return result, nil 31 } 32 33 func (a *App) writeSamlFile(filename string, fileData *multipart.FileHeader) *model.AppError { 34 file, err := fileData.Open() 35 if err != nil { 36 return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error(), http.StatusInternalServerError) 37 } 38 defer file.Close() 39 40 data, err := ioutil.ReadAll(file) 41 if err != nil { 42 return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error(), http.StatusInternalServerError) 43 } 44 45 err = a.Srv.configStore.SetFile(filename, data) 46 if err != nil { 47 return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error(), http.StatusInternalServerError) 48 } 49 50 return nil 51 } 52 53 func (a *App) AddSamlPublicCertificate(fileData *multipart.FileHeader) *model.AppError { 54 if err := a.writeSamlFile(SamlPublicCertificateName, fileData); err != nil { 55 return err 56 } 57 58 cfg := a.Config().Clone() 59 *cfg.SamlSettings.PublicCertificateFile = SamlPublicCertificateName 60 61 if err := cfg.IsValid(); err != nil { 62 return err 63 } 64 65 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 66 67 return nil 68 } 69 70 func (a *App) AddSamlPrivateCertificate(fileData *multipart.FileHeader) *model.AppError { 71 if err := a.writeSamlFile(SamlPrivateKeyName, fileData); err != nil { 72 return err 73 } 74 75 cfg := a.Config().Clone() 76 *cfg.SamlSettings.PrivateKeyFile = SamlPrivateKeyName 77 78 if err := cfg.IsValid(); err != nil { 79 return err 80 } 81 82 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 83 84 return nil 85 } 86 87 func (a *App) AddSamlIdpCertificate(fileData *multipart.FileHeader) *model.AppError { 88 if err := a.writeSamlFile(SamlIdpCertificateName, fileData); err != nil { 89 return err 90 } 91 92 cfg := a.Config().Clone() 93 *cfg.SamlSettings.IdpCertificateFile = SamlIdpCertificateName 94 95 if err := cfg.IsValid(); err != nil { 96 return err 97 } 98 99 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 100 101 return nil 102 } 103 104 func (a *App) removeSamlFile(filename string) *model.AppError { 105 if err := a.Srv.configStore.RemoveFile(filename); err != nil { 106 return model.NewAppError("RemoveSamlFile", "api.admin.remove_certificate.delete.app_error", map[string]interface{}{"Filename": filename}, err.Error(), http.StatusInternalServerError) 107 } 108 109 return nil 110 } 111 112 func (a *App) RemoveSamlPublicCertificate() *model.AppError { 113 if err := a.removeSamlFile(*a.Config().SamlSettings.PublicCertificateFile); err != nil { 114 return err 115 } 116 117 cfg := a.Config().Clone() 118 *cfg.SamlSettings.PublicCertificateFile = "" 119 *cfg.SamlSettings.Encrypt = false 120 121 if err := cfg.IsValid(); err != nil { 122 return err 123 } 124 125 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 126 127 return nil 128 } 129 130 func (a *App) RemoveSamlPrivateCertificate() *model.AppError { 131 if err := a.removeSamlFile(*a.Config().SamlSettings.PrivateKeyFile); err != nil { 132 return err 133 } 134 135 cfg := a.Config().Clone() 136 *cfg.SamlSettings.PrivateKeyFile = "" 137 *cfg.SamlSettings.Encrypt = false 138 139 if err := cfg.IsValid(); err != nil { 140 return err 141 } 142 143 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 144 145 return nil 146 } 147 148 func (a *App) RemoveSamlIdpCertificate() *model.AppError { 149 if err := a.removeSamlFile(*a.Config().SamlSettings.IdpCertificateFile); err != nil { 150 return err 151 } 152 153 cfg := a.Config().Clone() 154 *cfg.SamlSettings.IdpCertificateFile = "" 155 *cfg.SamlSettings.Enable = false 156 157 if err := cfg.IsValid(); err != nil { 158 return err 159 } 160 161 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 162 163 return nil 164 } 165 166 func (a *App) GetSamlCertificateStatus() *model.SamlCertificateStatus { 167 status := &model.SamlCertificateStatus{} 168 169 status.IdpCertificateFile, _ = a.Srv.configStore.HasFile(*a.Config().SamlSettings.IdpCertificateFile) 170 status.PrivateKeyFile, _ = a.Srv.configStore.HasFile(*a.Config().SamlSettings.PrivateKeyFile) 171 status.PublicCertificateFile, _ = a.Srv.configStore.HasFile(*a.Config().SamlSettings.PublicCertificateFile) 172 173 return status 174 }