1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Add long poll support for CRL API call

This commit is contained in:
Lauri Võsandi 2017-01-30 06:29:01 +00:00
parent c979d73bec
commit 4ae40c5d45
3 changed files with 22 additions and 7 deletions

View File

@ -2,7 +2,7 @@
import falcon import falcon
import json import json
import logging import logging
from certidude import const from certidude import const, config
from certidude.authority import export_crl, list_revoked from certidude.authority import export_crl, list_revoked
from certidude.decorators import MyEncoder from certidude.decorators import MyEncoder
from cryptography import x509 from cryptography import x509
@ -26,11 +26,17 @@ class RevocationListResource(object):
resp.body = x509.load_pem_x509_crl(export_crl(), resp.body = x509.load_pem_x509_crl(export_crl(),
default_backend()).public_bytes(Encoding.DER) default_backend()).public_bytes(Encoding.DER)
elif req.client_accepts("application/x-pem-file"): elif req.client_accepts("application/x-pem-file"):
resp.set_header("Content-Type", "application/x-pem-file") if req.get_param_as_bool("wait"):
resp.append_header( url = config.PUSH_LONG_POLL % "crl"
"Content-Disposition", resp.status = falcon.HTTP_SEE_OTHER
("attachment; filename=%s-crl.pem" % const.HOSTNAME).encode("ascii")) resp.set_header("Location", url.encode("ascii"))
resp.body = export_crl() logger.debug(u"Redirecting to CRL request to %s", url)
else:
resp.set_header("Content-Type", "application/x-pem-file")
resp.append_header(
"Content-Disposition",
("attachment; filename=%s-crl.pem" % const.HOSTNAME).encode("ascii"))
resp.body = export_crl()
elif req.accept.startswith("application/json"): elif req.accept.startswith("application/json"):
resp.set_header("Content-Type", "application/json") resp.set_header("Content-Type", "application/json")
resp.set_header("Content-Disposition", "inline") resp.set_header("Content-Disposition", "inline")

View File

@ -131,6 +131,14 @@ def revoke_certificate(common_name):
revoked_filename = os.path.join(config.REVOKED_DIR, "%s.pem" % cert.serial_number) revoked_filename = os.path.join(config.REVOKED_DIR, "%s.pem" % cert.serial_number)
os.rename(cert.path, revoked_filename) os.rename(cert.path, revoked_filename)
push.publish("certificate-revoked", cert.common_name) push.publish("certificate-revoked", cert.common_name)
# Publish CRL for long polls
if config.PUSH_PUBLISH:
url = config.PUSH_PUBLISH % "crl"
click.echo("Publishing CRL at %s ..." % url)
requests.post(url, data=export_crl(),
headers={"User-Agent": "Certidude API", "Content-Type": "application/x-pem-file"})
mailer.send("certificate-revoked.md", attachments=(cert,), certificate=cert) mailer.send("certificate-revoked.md", attachments=(cert,), certificate=cert)

View File

@ -181,7 +181,8 @@ cat example.csr
<section id="revoked"> <section id="revoked">
<h1>Revoked certificates</h1> <h1>Revoked certificates</h1>
<p>To fetch <a href="{{window.location.href}}api/revoked/">certificate revocation list</a>:</p> <p>To fetch <a href="{{window.location.href}}api/revoked/">certificate revocation list</a>:</p>
<pre>curl {{window.location.href}}api/revoked/ | openssl crl -inform der -text -noout</pre> <pre>curl {{window.location.href}}api/revoked/ > crl.der
curl http://ca2.koodur.lan/api/revoked/?wait=yes -H "Accept: application/x-pem-file" > crl.pem</pre>
<!-- <!--
<p>To perform online certificate status request</p> <p>To perform online certificate status request</p>