diff --git a/certidude/api/__init__.py b/certidude/api/__init__.py index 445df83..df4975a 100644 --- a/certidude/api/__init__.py +++ b/certidude/api/__init__.py @@ -250,7 +250,7 @@ def certidude_app(log_handlers=[]): # Add CRL handler if we have any whitelisted subnets if config.CRL_SUBNETS: from .revoked import RevocationListResource - app.add_route("/api/revoked/", RevocationListResource()) + app.add_route("/api/revoked/", RevocationListResource(authority)) # Add SCEP handler if we have any whitelisted subnets if config.SCEP_SUBNETS: diff --git a/certidude/api/revoked.py b/certidude/api/revoked.py index 5851848..07ee0a6 100644 --- a/certidude/api/revoked.py +++ b/certidude/api/revoked.py @@ -4,12 +4,14 @@ import falcon import json import logging from certidude import const, config -from certidude.authority import export_crl, list_revoked from certidude.firewall import whitelist_subnets logger = logging.getLogger(__name__) class RevocationListResource(object): + def __init__(self, authority): + self.authority = authority + @whitelist_subnets(config.CRL_SUBNETS) def on_get(self, req, resp): # Primarily offer DER encoded CRL as per RFC5280 @@ -21,7 +23,7 @@ class RevocationListResource(object): ("attachment; filename=%s.crl" % const.HOSTNAME)) # Convert PEM to DER logger.debug("Serving revocation list (DER) to %s", req.context.get("remote_addr")) - resp.body = export_crl(pem=False) + resp.body = self.authority.export_crl(pem=False) elif req.client_accepts("application/x-pem-file"): if req.get_param_as_bool("wait"): url = config.LONG_POLL_SUBSCRIBE % "crl" @@ -35,7 +37,7 @@ class RevocationListResource(object): "Content-Disposition", ("attachment; filename=%s-crl.pem" % const.HOSTNAME)) logger.debug("Serving revocation list (PEM) to %s", req.context.get("remote_addr")) - resp.body = export_crl() + resp.body = self.authority.export_crl() else: logger.debug("Client %s asked revocation list in unsupported format" % req.context.get("remote_addr")) raise falcon.HTTPUnsupportedMediaType(