1 files changed, 77 insertions, 0 deletions

diff --git a/api/admin.go b/api/admin.go
index f0db5a4af..4d1528104 100644
--- a/api/admin.go
+++ b/api/admin.go
@@ -5,6 +5,7 @@ package api
 
 import (
 	"bufio"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"os"
@@ -41,6 +42,9 @@ func InitAdmin() {
 	BaseRoutes.Admin.Handle("/reset_mfa", ApiAdminSystemRequired(adminResetMfa)).Methods("POST")
 	BaseRoutes.Admin.Handle("/reset_password", ApiAdminSystemRequired(adminResetPassword)).Methods("POST")
 	BaseRoutes.Admin.Handle("/ldap_sync_now", ApiAdminSystemRequired(ldapSyncNow)).Methods("POST")
+	BaseRoutes.Admin.Handle("/saml_metadata", ApiAppHandler(samlMetadata)).Methods("GET")
+	BaseRoutes.Admin.Handle("/add_certificate", ApiAdminSystemRequired(addCertificate)).Methods("POST")
+	BaseRoutes.Admin.Handle("/remove_certificate", ApiAdminSystemRequired(removeCertificate)).Methods("POST")
 }
 
 func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -582,3 +586,76 @@ func ldapSyncNow(c *Context, w http.ResponseWriter, r *http.Request) {
 	rdata["status"] = "ok"
 	w.Write([]byte(model.MapToJson(rdata)))
 }
+
+func samlMetadata(c *Context, w http.ResponseWriter, r *http.Request) {
+	samlInterface := einterfaces.GetSamlInterface()
+
+	if samlInterface == nil {
+		c.Err = model.NewLocAppError("loginWithSaml", "api.admin.saml.not_available.app_error", nil, "")
+		c.Err.StatusCode = http.StatusFound
+		return
+	}
+
+	if result, err := samlInterface.GetMetadata(); err != nil {
+		c.Err = model.NewLocAppError("loginWithSaml", "api.admin.saml.metadata.app_error", nil, "err="+err.Message)
+		return
+	} else {
+		w.Header().Set("Content-Type", "application/xml")
+		w.Header().Set("Content-Disposition", "attachment; filename=\"metadata.xml\"")
+		w.Write([]byte(result))
+	}
+}
+
+func addCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
+	err := r.ParseMultipartForm(*utils.Cfg.FileSettings.MaxFileSize)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	m := r.MultipartForm
+
+	fileArray, ok := m.File["certificate"]
+	if !ok {
+		c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.no_file.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
+		return
+	}
+
+	if len(fileArray) <= 0 {
+		c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.array.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
+		return
+	}
+
+	fileData := fileArray[0]
+
+	file, err := fileData.Open()
+	defer file.Close()
+	if err != nil {
+		c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error())
+		return
+	}
+
+	out, err := os.Create(utils.FindDir("config") + fileData.Filename)
+	if err != nil {
+		c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error())
+		return
+	}
+	defer out.Close()
+
+	io.Copy(out, file)
+	ReturnStatusOK(w)
+}
+
+func removeCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
+	props := model.MapFromJson(r.Body)
+
+	filename := props["filename"]
+	if err := os.Remove(utils.FindConfigFile(filename)); err != nil {
+		c.Err = model.NewLocAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error",
+			map[string]interface{}{"Filename": filename}, err.Error())
+		return
+	}
+	ReturnStatusOK(w)
+}