1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

api: revoked: drop usage of global authority import

This commit is contained in:
Priit Laes 2018-02-03 12:51:27 +02:00
parent 916afba685
commit 239538371f
2 changed files with 6 additions and 4 deletions

View File

@ -250,7 +250,7 @@ def certidude_app(log_handlers=[]):
# Add CRL handler if we have any whitelisted subnets # Add CRL handler if we have any whitelisted subnets
if config.CRL_SUBNETS: if config.CRL_SUBNETS:
from .revoked import RevocationListResource from .revoked import RevocationListResource
app.add_route("/api/revoked/", RevocationListResource()) app.add_route("/api/revoked/", RevocationListResource(authority))
# Add SCEP handler if we have any whitelisted subnets # Add SCEP handler if we have any whitelisted subnets
if config.SCEP_SUBNETS: if config.SCEP_SUBNETS:

View File

@ -4,12 +4,14 @@ import falcon
import json import json
import logging import logging
from certidude import const, config from certidude import const, config
from certidude.authority import export_crl, list_revoked
from certidude.firewall import whitelist_subnets from certidude.firewall import whitelist_subnets
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class RevocationListResource(object): class RevocationListResource(object):
def __init__(self, authority):
self.authority = authority
@whitelist_subnets(config.CRL_SUBNETS) @whitelist_subnets(config.CRL_SUBNETS)
def on_get(self, req, resp): def on_get(self, req, resp):
# Primarily offer DER encoded CRL as per RFC5280 # Primarily offer DER encoded CRL as per RFC5280
@ -21,7 +23,7 @@ class RevocationListResource(object):
("attachment; filename=%s.crl" % const.HOSTNAME)) ("attachment; filename=%s.crl" % const.HOSTNAME))
# Convert PEM to DER # Convert PEM to DER
logger.debug("Serving revocation list (DER) to %s", req.context.get("remote_addr")) logger.debug("Serving revocation list (DER) to %s", req.context.get("remote_addr"))
resp.body = export_crl(pem=False) resp.body = self.authority.export_crl(pem=False)
elif req.client_accepts("application/x-pem-file"): elif req.client_accepts("application/x-pem-file"):
if req.get_param_as_bool("wait"): if req.get_param_as_bool("wait"):
url = config.LONG_POLL_SUBSCRIBE % "crl" url = config.LONG_POLL_SUBSCRIBE % "crl"
@ -35,7 +37,7 @@ class RevocationListResource(object):
"Content-Disposition", "Content-Disposition",
("attachment; filename=%s-crl.pem" % const.HOSTNAME)) ("attachment; filename=%s-crl.pem" % const.HOSTNAME))
logger.debug("Serving revocation list (PEM) to %s", req.context.get("remote_addr")) logger.debug("Serving revocation list (PEM) to %s", req.context.get("remote_addr"))
resp.body = export_crl() resp.body = self.authority.export_crl()
else: else:
logger.debug("Client %s asked revocation list in unsupported format" % req.context.get("remote_addr")) logger.debug("Client %s asked revocation list in unsupported format" % req.context.get("remote_addr"))
raise falcon.HTTPUnsupportedMediaType( raise falcon.HTTPUnsupportedMediaType(