mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Add long poll support for CRL API call
This commit is contained in:
parent
c979d73bec
commit
4ae40c5d45
@ -2,7 +2,7 @@
|
||||
import falcon
|
||||
import json
|
||||
import logging
|
||||
from certidude import const
|
||||
from certidude import const, config
|
||||
from certidude.authority import export_crl, list_revoked
|
||||
from certidude.decorators import MyEncoder
|
||||
from cryptography import x509
|
||||
@ -26,11 +26,17 @@ class RevocationListResource(object):
|
||||
resp.body = x509.load_pem_x509_crl(export_crl(),
|
||||
default_backend()).public_bytes(Encoding.DER)
|
||||
elif req.client_accepts("application/x-pem-file"):
|
||||
resp.set_header("Content-Type", "application/x-pem-file")
|
||||
resp.append_header(
|
||||
"Content-Disposition",
|
||||
("attachment; filename=%s-crl.pem" % const.HOSTNAME).encode("ascii"))
|
||||
resp.body = export_crl()
|
||||
if req.get_param_as_bool("wait"):
|
||||
url = config.PUSH_LONG_POLL % "crl"
|
||||
resp.status = falcon.HTTP_SEE_OTHER
|
||||
resp.set_header("Location", url.encode("ascii"))
|
||||
logger.debug(u"Redirecting to CRL request to %s", url)
|
||||
else:
|
||||
resp.set_header("Content-Type", "application/x-pem-file")
|
||||
resp.append_header(
|
||||
"Content-Disposition",
|
||||
("attachment; filename=%s-crl.pem" % const.HOSTNAME).encode("ascii"))
|
||||
resp.body = export_crl()
|
||||
elif req.accept.startswith("application/json"):
|
||||
resp.set_header("Content-Type", "application/json")
|
||||
resp.set_header("Content-Disposition", "inline")
|
||||
|
@ -131,6 +131,14 @@ def revoke_certificate(common_name):
|
||||
revoked_filename = os.path.join(config.REVOKED_DIR, "%s.pem" % cert.serial_number)
|
||||
os.rename(cert.path, revoked_filename)
|
||||
push.publish("certificate-revoked", cert.common_name)
|
||||
|
||||
# Publish CRL for long polls
|
||||
if config.PUSH_PUBLISH:
|
||||
url = config.PUSH_PUBLISH % "crl"
|
||||
click.echo("Publishing CRL at %s ..." % url)
|
||||
requests.post(url, data=export_crl(),
|
||||
headers={"User-Agent": "Certidude API", "Content-Type": "application/x-pem-file"})
|
||||
|
||||
mailer.send("certificate-revoked.md", attachments=(cert,), certificate=cert)
|
||||
|
||||
|
||||
|
@ -181,7 +181,8 @@ cat example.csr
|
||||
<section id="revoked">
|
||||
<h1>Revoked certificates</h1>
|
||||
<p>To fetch <a href="{{window.location.href}}api/revoked/">certificate revocation list</a>:</p>
|
||||
<pre>curl {{window.location.href}}api/revoked/ | openssl crl -inform der -text -noout</pre>
|
||||
<pre>curl {{window.location.href}}api/revoked/ > crl.der
|
||||
curl http://ca2.koodur.lan/api/revoked/?wait=yes -H "Accept: application/x-pem-file" > crl.pem</pre>
|
||||
<!--
|
||||
<p>To perform online certificate status request</p>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user