1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Add revocation list JSON serialization

This commit is contained in:
Lauri Võsandi 2016-03-30 22:00:18 +03:00
parent 5bdf986b47
commit 456fe586c3

View File

@ -1,8 +1,10 @@
import falcon
import json
import logging
from certidude import constants
from certidude.authority import export_crl
from certidude.authority import export_crl, list_revoked
from certidude.decorators import MyEncoder
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import Encoding
@ -12,7 +14,6 @@ logger = logging.getLogger("api")
class RevocationListResource(object):
def on_get(self, req, resp):
logger.debug(u"Revocation list requested by %s", req.context.get("remote_addr"))
buf = export_crl()
# Primarily offer DER encoded CRL as per RFC5280
# This is also what StrongSwan expects
@ -22,13 +23,18 @@ class RevocationListResource(object):
"Content-Disposition",
("attachment; filename=%s.crl" % constants.HOSTNAME).encode("ascii"))
# Convert PEM to DER
resp.body = x509.load_pem_x509_crl(buf, default_backend()).public_bytes(Encoding.DER)
resp.body = x509.load_pem_x509_crl(export_crl(),
default_backend()).public_bytes(Encoding.DER)
elif req.client_accepts("application/x-pem-file"):
resp.set_header("Content-Type", "application/x-pem-file")
resp.append_header(
"Content-Disposition",
("attachment; filename=%s-crl.pem" % constants.HOSTNAME).encode("ascii"))
resp.body = buf
resp.body = export_crl()
elif req.accept.startswith("application/json"):
resp.set_header("Content-Type", "application/json")
resp.set_header("Content-Disposition", "inline")
resp.body = json.dumps(list_revoked(), cls=MyEncoder)
else:
raise falcon.HTTPUnsupportedMediaType(
"Client did not accept application/x-pkcs7-crl or application/x-pem-file")