mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Add long poll support for CRL API call
This commit is contained in:
parent
c979d73bec
commit
4ae40c5d45
@ -2,7 +2,7 @@
|
|||||||
import falcon
|
import falcon
|
||||||
import json
|
import json
|
||||||
import logging
|
import logging
|
||||||
from certidude import const
|
from certidude import const, config
|
||||||
from certidude.authority import export_crl, list_revoked
|
from certidude.authority import export_crl, list_revoked
|
||||||
from certidude.decorators import MyEncoder
|
from certidude.decorators import MyEncoder
|
||||||
from cryptography import x509
|
from cryptography import x509
|
||||||
@ -26,11 +26,17 @@ class RevocationListResource(object):
|
|||||||
resp.body = x509.load_pem_x509_crl(export_crl(),
|
resp.body = x509.load_pem_x509_crl(export_crl(),
|
||||||
default_backend()).public_bytes(Encoding.DER)
|
default_backend()).public_bytes(Encoding.DER)
|
||||||
elif req.client_accepts("application/x-pem-file"):
|
elif req.client_accepts("application/x-pem-file"):
|
||||||
resp.set_header("Content-Type", "application/x-pem-file")
|
if req.get_param_as_bool("wait"):
|
||||||
resp.append_header(
|
url = config.PUSH_LONG_POLL % "crl"
|
||||||
"Content-Disposition",
|
resp.status = falcon.HTTP_SEE_OTHER
|
||||||
("attachment; filename=%s-crl.pem" % const.HOSTNAME).encode("ascii"))
|
resp.set_header("Location", url.encode("ascii"))
|
||||||
resp.body = export_crl()
|
logger.debug(u"Redirecting to CRL request to %s", url)
|
||||||
|
else:
|
||||||
|
resp.set_header("Content-Type", "application/x-pem-file")
|
||||||
|
resp.append_header(
|
||||||
|
"Content-Disposition",
|
||||||
|
("attachment; filename=%s-crl.pem" % const.HOSTNAME).encode("ascii"))
|
||||||
|
resp.body = export_crl()
|
||||||
elif req.accept.startswith("application/json"):
|
elif req.accept.startswith("application/json"):
|
||||||
resp.set_header("Content-Type", "application/json")
|
resp.set_header("Content-Type", "application/json")
|
||||||
resp.set_header("Content-Disposition", "inline")
|
resp.set_header("Content-Disposition", "inline")
|
||||||
|
@ -131,6 +131,14 @@ def revoke_certificate(common_name):
|
|||||||
revoked_filename = os.path.join(config.REVOKED_DIR, "%s.pem" % cert.serial_number)
|
revoked_filename = os.path.join(config.REVOKED_DIR, "%s.pem" % cert.serial_number)
|
||||||
os.rename(cert.path, revoked_filename)
|
os.rename(cert.path, revoked_filename)
|
||||||
push.publish("certificate-revoked", cert.common_name)
|
push.publish("certificate-revoked", cert.common_name)
|
||||||
|
|
||||||
|
# Publish CRL for long polls
|
||||||
|
if config.PUSH_PUBLISH:
|
||||||
|
url = config.PUSH_PUBLISH % "crl"
|
||||||
|
click.echo("Publishing CRL at %s ..." % url)
|
||||||
|
requests.post(url, data=export_crl(),
|
||||||
|
headers={"User-Agent": "Certidude API", "Content-Type": "application/x-pem-file"})
|
||||||
|
|
||||||
mailer.send("certificate-revoked.md", attachments=(cert,), certificate=cert)
|
mailer.send("certificate-revoked.md", attachments=(cert,), certificate=cert)
|
||||||
|
|
||||||
|
|
||||||
|
@ -181,7 +181,8 @@ cat example.csr
|
|||||||
<section id="revoked">
|
<section id="revoked">
|
||||||
<h1>Revoked certificates</h1>
|
<h1>Revoked certificates</h1>
|
||||||
<p>To fetch <a href="{{window.location.href}}api/revoked/">certificate revocation list</a>:</p>
|
<p>To fetch <a href="{{window.location.href}}api/revoked/">certificate revocation list</a>:</p>
|
||||||
<pre>curl {{window.location.href}}api/revoked/ | openssl crl -inform der -text -noout</pre>
|
<pre>curl {{window.location.href}}api/revoked/ > crl.der
|
||||||
|
curl http://ca2.koodur.lan/api/revoked/?wait=yes -H "Accept: application/x-pem-file" > crl.pem</pre>
|
||||||
<!--
|
<!--
|
||||||
<p>To perform online certificate status request</p>
|
<p>To perform online certificate status request</p>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user