1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 08:15:18 +00:00

api: Save enrollment IP address

This commit is contained in:
Lauri Võsandi 2017-08-10 00:45:43 +03:00
parent 783bba3474
commit 789d80d712
4 changed files with 18 additions and 5 deletions

View File

@ -39,6 +39,7 @@ class SessionResource(object):
yield dict(
common_name = common_name,
server = server,
address = getxattr(path, "user.request.address"), # TODO: move to authority.py
md5sum = hashlib.md5(buf).hexdigest(),
sha1sum = hashlib.sha1(buf).hexdigest(),
sha256sum = hashlib.sha256(buf).hexdigest(),

View File

@ -18,9 +18,17 @@ from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.exceptions import InvalidSignature
from cryptography.x509.oid import NameOID
from datetime import datetime
from xattr import getxattr
logger = logging.getLogger(__name__)
"""
openssl genrsa -out test.key 1024
openssl req -new -sha256 -key test.key -out test.csr -subj "/CN=test"
curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \
http://ca.example.lan/api/request/?wait=yes
"""
class RequestListResource(object):
@login_optional
@whitelist_subnets(config.REQUEST_SUBNETS)
@ -139,7 +147,8 @@ class RequestListResource(object):
# Attempt to save the request otherwise
try:
csr = authority.store_request(body.decode("ascii"))
request_path, _, _ = authority.store_request(body.decode("ascii"),
address=str(req.context.get("remote_addr")))
except errors.RequestExists:
reasons.append("Same request already uploaded exists")
# We should still redirect client to long poll URL below
@ -175,7 +184,7 @@ class RequestDetailResource(object):
"""
try:
_, buf, _ = authority.get_request(cn)
path, buf, _ = authority.get_request(cn)
except errors.RequestDoesNotExist:
logger.warning(u"Failed to serve non-existant request %s to %s",
cn, req.context.get("remote_addr"))
@ -199,6 +208,7 @@ class RequestDetailResource(object):
resp.body = json.dumps(dict(
common_name = cn,
server = authority.server_flags(cn),
address = getxattr(path, "user.request.address"), # TODO: move to authority.py
md5sum = hashlib.md5(buf).hexdigest(),
sha1sum = hashlib.sha1(buf).hexdigest(),
sha256sum = hashlib.sha256(buf).hexdigest(),

View File

@ -77,7 +77,7 @@ def get_attributes(cn, namespace=None):
return path, buf, cert, attribs
def store_request(buf, overwrite=False):
def store_request(buf, overwrite=False, address="", user=""):
"""
Store CSR for later processing
"""
@ -116,7 +116,9 @@ def store_request(buf, overwrite=False):
mailer.send("request-stored.md",
attachments=(attach_csr,),
common_name=common_name.value)
return csr, common_name.value
setxattr(request_path, "user.request.address", address)
setxattr(request_path, "user.request.user", user)
return request_path, csr, common_name.value
def signer_exec(cmd, *bits):

View File

@ -12,7 +12,7 @@
{% include 'img/iconmonstr-certificate-15.svg' %}
{% endif %}
{{request.common_name}}
{{request.common_name}} from {{request.address}}
</div>
{% if request.email_address %}