implement changes from review

api/api.go

@@ -50,7 +50,8 @@ type Authority interface {
 	GetRoots() ([]*x509.Certificate, error)
 	GetFederation() ([]*x509.Certificate, error)
 	Version() authority.Version
-	GenerateCertificateRevocationList(force bool) ([]byte, error)
+	GenerateCertificateRevocationList() error
+	GetCertificateRevocationList() ([]byte, error)
 }
 
 // TimeDuration is an alias of provisioner.TimeDuration

api/crl.go

@@ -2,23 +2,53 @@ package api
 
 import (
 	"encoding/pem"
+	"fmt"
+	"github.com/pkg/errors"
 	"net/http"
 )
 
-// CRL is an HTTP handler that returns the current CRL in PEM format
+// CRL is an HTTP handler that returns the current CRL in DER or PEM format
 func (h *caHandler) CRL(w http.ResponseWriter, r *http.Request) {
-	crlBytes, err := h.Authority.GenerateCertificateRevocationList(false)
+	crlBytes, err := h.Authority.GetCertificateRevocationList()
+
+	_, formatAsPEM := r.URL.Query()["pem"]
 
 	if err != nil {
 		w.WriteHeader(500)
+		_, err = fmt.Fprintf(w, "%v\n", err)
+		if err != nil {
+			panic(errors.Wrap(err, "error writing http response"))
+		}
 		return
 	}
 
-	pemBytes := pem.EncodeToMemory(&pem.Block{
-		Type:  "X509 CRL",
-		Bytes: crlBytes,
-	})
+	if crlBytes == nil {
+		w.WriteHeader(404)
+		_, err = fmt.Fprintln(w, "No CRL available")
+		if err != nil {
+			panic(errors.Wrap(err, "error writing http response"))
+		}
+		return
+	}
+
+	if formatAsPEM {
+		pemBytes := pem.EncodeToMemory(&pem.Block{
+			Type:  "X509 CRL",
+			Bytes: crlBytes,
+		})
+		w.Header().Add("Content-Type", "application/x-pem-file")
+		w.Header().Add("Content-Disposition", "attachment; filename=\"crl.pem\"")
+		_, err = w.Write(pemBytes)
+	} else {
+		w.Header().Add("Content-Type", "application/pkix-crl")
+		w.Header().Add("Content-Disposition", "attachment; filename=\"crl.der\"")
+		_, err = w.Write(crlBytes)
+	}
 
 	w.WriteHeader(200)
-	_, err = w.Write(pemBytes)
+
+	if err != nil {
+		panic(errors.Wrap(err, "error writing http response"))
+	}
+
 }