lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 09:29:13 +00:00
Code Issues Activity

Add long poll support for CRL API call

Browse Source
This commit is contained in:
Lauri Võsandi
2017-01-30 06:29:01 +00:00
parent c979d73bec
commit 4ae40c5d45
3 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
certidude/api/revoked.py
View File

@@ -2,7 +2,7 @@
import falcon import falcon
import json import json
import logging import logging
from certidude import const from certidude import const, config
from certidude.authority import export_crl, list_revoked from certidude.authority import export_crl, list_revoked
from certidude.decorators import MyEncoder from certidude.decorators import MyEncoder
from cryptography import x509 from cryptography import x509
@@ -26,6 +26,12 @@ class RevocationListResource(object):
resp.body = x509.load_pem_x509_crl(export_crl(), resp.body = x509.load_pem_x509_crl(export_crl(),
default_backend()).public_bytes(Encoding.DER) default_backend()).public_bytes(Encoding.DER)
elif req.client_accepts("application/x-pem-file"): elif req.client_accepts("application/x-pem-file"):
if req.get_param_as_bool("wait"):
url = config.PUSH_LONG_POLL % "crl"
resp.status = falcon.HTTP_SEE_OTHER
resp.set_header("Location", url.encode("ascii"))
logger.debug(u"Redirecting to CRL request to %s", url)
else:
resp.set_header("Content-Type", "application/x-pem-file") resp.set_header("Content-Type", "application/x-pem-file")
resp.append_header( resp.append_header(
"Content-Disposition", "Content-Disposition",

8
certidude/authority.py
View File

@@ -131,6 +131,14 @@ def revoke_certificate(common_name):
revoked_filename = os.path.join(config.REVOKED_DIR, "%s.pem" % cert.serial_number) revoked_filename = os.path.join(config.REVOKED_DIR, "%s.pem" % cert.serial_number)
os.rename(cert.path, revoked_filename) os.rename(cert.path, revoked_filename)
push.publish("certificate-revoked", cert.common_name) push.publish("certificate-revoked", cert.common_name)
# Publish CRL for long polls
if config.PUSH_PUBLISH:
url = config.PUSH_PUBLISH % "crl"
click.echo("Publishing CRL at %s ..." % url)
requests.post(url, data=export_crl(),
headers={"User-Agent": "Certidude API", "Content-Type": "application/x-pem-file"})
mailer.send("certificate-revoked.md", attachments=(cert,), certificate=cert) mailer.send("certificate-revoked.md", attachments=(cert,), certificate=cert)

3
certidude/static/views/authority.html
View File

@@ -181,7 +181,8 @@ cat example.csr
<section id="revoked"> <section id="revoked">
<h1>Revoked certificates</h1> <h1>Revoked certificates</h1>
<p>To fetch <a href="{{window.location.href}}api/revoked/">certificate revocation list</a>:</p> <p>To fetch <a href="{{window.location.href}}api/revoked/">certificate revocation list</a>:</p>
<pre>curl {{window.location.href}}api/revoked/ | openssl crl -inform der -text -noout</pre> <pre>curl {{window.location.href}}api/revoked/ > crl.der
curl http://ca2.koodur.lan/api/revoked/?wait=yes -H "Accept: application/x-pem-file" > crl.pem</pre>
<!-- <!--
<p>To perform online certificate status request</p> <p>To perform online certificate status request</p>