1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

api: Fix request submission form

This commit is contained in:
Lauri Võsandi 2018-01-02 14:49:06 +00:00
parent 3d1e6768bb
commit 345c2802ea
4 changed files with 77 additions and 45 deletions

View File

@ -11,7 +11,7 @@ from asn1crypto.csr import CertificationRequest
from base64 import b64decode from base64 import b64decode
from certidude import config, authority, push, errors from certidude import config, authority, push, errors
from certidude.auth import login_required, login_optional, authorize_admin from certidude.auth import login_required, login_optional, authorize_admin
from certidude.decorators import csrf_protection, MyEncoder from certidude.decorators import csrf_protection, MyEncoder, serialize
from certidude.firewall import whitelist_subnets, whitelist_content_types from certidude.firewall import whitelist_subnets, whitelist_content_types
from datetime import datetime from datetime import datetime
from oscrypto import asymmetric from oscrypto import asymmetric
@ -38,8 +38,14 @@ class RequestListResource(object):
reasons = [] reasons = []
body = req.stream.read(req.content_length) body = req.stream.read(req.content_length)
header, _, der_bytes = pem.unarmor(body) try:
csr = CertificationRequest.load(der_bytes) header, _, der_bytes = pem.unarmor(body)
csr = CertificationRequest.load(der_bytes)
except ValueError:
raise falcon.HTTPBadRequest(
"Bad request",
"Malformed certificate signing request")
common_name = csr["certification_request_info"]["subject"].native["common_name"] common_name = csr["certification_request_info"]["subject"].native["common_name"]
""" """
@ -164,6 +170,9 @@ class RequestListResource(object):
# Request was accepted, but not processed # Request was accepted, but not processed
resp.status = falcon.HTTP_202 resp.status = falcon.HTTP_202
resp.body = ". ".join(reasons) resp.body = ". ".join(reasons)
if req.client_accepts("application/json"):
resp.body = json.dumps({"title":"Accepted", "description":resp.body},
cls=MyEncoder)
class RequestDetailResource(object): class RequestDetailResource(object):

View File

@ -67,13 +67,15 @@ def serialize(func):
""" """
import falcon import falcon
def wrapped(instance, req, resp, **kwargs): def wrapped(instance, req, resp, **kwargs):
if not req.client_accepts("application/json"): retval = func(instance, req, resp, **kwargs)
logger.debug("Client did not accept application/json") if not resp.body and not resp.location:
raise falcon.HTTPUnsupportedMediaType( if not req.client_accepts("application/json"):
"Client did not accept application/json") logger.debug("Client did not accept application/json")
resp.set_header("Cache-Control", "no-cache, no-store, must-revalidate") raise falcon.HTTPUnsupportedMediaType(
resp.set_header("Pragma", "no-cache") "Client did not accept application/json")
resp.set_header("Expires", "0") resp.set_header("Cache-Control", "no-cache, no-store, must-revalidate")
resp.body = json.dumps(func(instance, req, resp, **kwargs), cls=MyEncoder) resp.set_header("Pragma", "no-cache")
resp.set_header("Expires", "0")
resp.body = json.dumps(retval, cls=MyEncoder)
return wrapped return wrapped

View File

@ -220,6 +220,27 @@ function onAttributeUpdated(e) {
}) })
} }
function onSubmitRequest() {
$.ajax({
method: "POST",
url: "/api/request/",
headers: {
"Accept": "application/json; charset=utf-8",
"Content-Type": "application/pkcs10"
},
data: $("#request_body").val(),
success:function(attributes, status, xhr) {
// Close the modal
$("[data-dismiss=modal]").trigger({ type: "click" });
},
error: function(xhr, status, e) {
console.info("Submitting request failed with:", status, e);
alert(e);
}
})
}
function onServerStarted() { function onServerStarted() {
console.info("Server started"); console.info("Server started");
location.reload(); location.reload();

View File

@ -5,34 +5,34 @@
<button type="button" class="close" data-dismiss="modal">&times;</button> <button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title">Request submission</h4> <h4 class="modal-title">Request submission</h4>
</div> </div>
<div class="modal-body"> <form action="/api/request/" method="post">
<div class="modal-body">
<h5>Certidude client</h5>
<h5>Certidude client</h5> <p>Submit a certificate signing request from Mac OS X, Ubuntu or Fedora:</p>
<div class="highlight">
<p>Submit a certificate signing request from Mac OS X, Ubuntu or Fedora:</p> <pre><code>easy_install pip;
<div class="highlight">
<pre><code>easy_install pip;
pip3 install certidude; pip3 install certidude;
certidude bootstrap {{session.authority.common_name}} certidude bootstrap {{session.authority.common_name}}
</code></pre> </code></pre>
</div> </div>
<h5>UNIX & UNIX-like</h5> <h5>UNIX & UNIX-like</h5>
<p>On other UNIX-like machines generate key pair and submit the signing request using OpenSSL and cURL:</p> <p>On other UNIX-like machines generate key pair and submit the signing request using OpenSSL and cURL:</p>
<div class="highlight"> <div class="highlight">
<pre class="code"><code>NAME=$(hostname); <pre class="code"><code>NAME=$(hostname);
openssl genrsa -out client_key.pem 2048; openssl genrsa -out client_key.pem 2048;
openssl req -new -sha256 -key client_key.pem -out client_req.pem -subj "/CN=$NAME"; openssl req -new -sha256 -key client_key.pem -out client_req.pem -subj "/CN=$NAME";
curl -f -L -H "Content-type: application/pkcs10" --data-binary @client_req.pem \ curl -f -L -H "Content-type: application/pkcs10" --data-binary @client_req.pem \
http://{{ window.location.hostname }}/api/request/?wait=yes > client_cert.pem</code></pre> http://{{ window.location.hostname }}/api/request/?wait=yes > client_cert.pem</code></pre>
</div> </div>
<h5>OpenWrt/LEDE</h5> <h5>OpenWrt/LEDE</h5>
<p>On OpenWrt/LEDE router to convert it into VPN gateway:</p> <p>On OpenWrt/LEDE router to convert it into VPN gateway:</p>
<div class="highlight"> <div class="highlight">
<pre class="code"><code>mkdir -p /var/lib/certidude/{{ window.location.hostname }}; \ <pre class="code"><code>mkdir -p /var/lib/certidude/{{ window.location.hostname }}; \
grep -c certidude /etc/sysupgrade.conf || echo /var/lib/certidude >> /etc/sysupgrade.conf; \ grep -c certidude /etc/sysupgrade.conf || echo /var/lib/certidude >> /etc/sysupgrade.conf; \
curl -f http://{{ window.location.hostname }}/api/certificate/ -o /var/lib/certidude/{{ window.location.hostname }}/ca_cert.pem; \ curl -f http://{{ window.location.hostname }}/api/certificate/ -o /var/lib/certidude/{{ window.location.hostname }}/ca_cert.pem; \
test -e /var/lib/certidude/{{ window.location.hostname }}/client_key.pem || openssl genrsa -out /var/lib/certidude/{{ window.location.hostname }}/client_key.pem 2048; \ test -e /var/lib/certidude/{{ window.location.hostname }}/client_key.pem || openssl genrsa -out /var/lib/certidude/{{ window.location.hostname }}/client_key.pem 2048; \
@ -43,25 +43,25 @@ curl -f -L -H "Content-type: application/pkcs10" \
--data-binary @/var/lib/certidude/{{ window.location.hostname }}/client_req.pem \ --data-binary @/var/lib/certidude/{{ window.location.hostname }}/client_req.pem \
-o /var/lib/certidude/{{ window.location.hostname }}/client_cert.pem \ -o /var/lib/certidude/{{ window.location.hostname }}/client_cert.pem \
http://{{ window.location.hostname }}/api/request/?wait=yes</code></pre> http://{{ window.location.hostname }}/api/request/?wait=yes</code></pre>
</div>
<h5>SCEP</h5>
<p>Use following as the enrollment URL: http://{{ window.location.hostname }}/cgi-bin/pkiclient.exe</p>
<h5>Copy & paste</h5>
<p>Use whatever tools you have available on your platform to generate
keypair and just paste ASCII armored PEM file contents here and hit submit:</p>
<textarea id="request_body" style="width:100%; min-height: 10em;" placeholder="-----BEGIN CERTIFICATE REQUEST-----"></textarea>
</div> </div>
<div class="modal-footer">
<h5>SCEP</h5> <div class="btn-group">
<p>Use following as the enrollment URL: http://{{ window.location.hostname }}/cgi-bin/pkiclient.exe</p> <button type="button" onclick="onSubmitRequest();" class="btn btn-primary"><i class="fa fa-upload"></i> Submit</button>
<button type="button" class="btn btn-secondary" data-dismiss="modal"><i class="fa fa-ban"></i> Close</button>
<h5>Copy & paste</h5> </div>
<p>Use whatever tools you have available on your platform to generate
keypair and just paste ASCII armored PEM file contents here and hit submit:</p>
<textarea id="request_body" style="width:100%; min-height: 4em;"
placeholder="-----BEGIN CERTIFICATE REQUEST-----\n...\n-----END CERTIFICATE REQUEST-----"></textarea>
</div>
<div class="modal-footer">
<div class="btn-group">
<button type="button" class="btn btn-success"><i class="fa fa-upload"></i> Submit</button>
<button type="button" class="btn" data-dismiss="modal"><i class="fa fa-ban"></i> Close</button>
</div> </div>
</div> </form>
</div> </div>
</div> </div>
</div> </div>