1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 08:15:18 +00:00

api: Check keypair algorithm compatbility during request submission

This commit is contained in:
Lauri Võsandi 2018-04-13 13:11:48 +00:00
parent d7df17dc2c
commit 1493c0f4a0

View File

@ -41,9 +41,20 @@ class RequestListResource(AuthorityHandler):
header, _, der_bytes = pem.unarmor(body) header, _, der_bytes = pem.unarmor(body)
csr = CertificationRequest.load(der_bytes) csr = CertificationRequest.load(der_bytes)
except ValueError: except ValueError:
logger.info("Malformed certificate signing request submission from %s blocked", req.context.get("remote_addr"))
raise falcon.HTTPBadRequest( raise falcon.HTTPBadRequest(
"Bad request", "Bad request",
"Malformed certificate signing request") "Malformed certificate signing request")
else:
req_public_key = asymmetric.load_public_key(csr["certification_request_info"]["subject_pk_info"])
if self.authority.public_key.algorithm != req_public_key.algorithm:
logger.info("Attempt to submit %s based request from %s blocked, only %s allowed" % (
req_public_key.algorithm.upper(),
req.context.get("remote_addr"),
self.authority.public_key.algorithm.upper()))
raise falcon.HTTPBadRequest(
"Bad request",
"Incompatible asymmetric key algorithms")
common_name = csr["certification_request_info"]["subject"].native["common_name"] common_name = csr["certification_request_info"]["subject"].native["common_name"]