mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 08:15:18 +00:00
api: Save enrollment IP address
This commit is contained in:
parent
783bba3474
commit
789d80d712
@ -39,6 +39,7 @@ class SessionResource(object):
|
||||
yield dict(
|
||||
common_name = common_name,
|
||||
server = server,
|
||||
address = getxattr(path, "user.request.address"), # TODO: move to authority.py
|
||||
md5sum = hashlib.md5(buf).hexdigest(),
|
||||
sha1sum = hashlib.sha1(buf).hexdigest(),
|
||||
sha256sum = hashlib.sha256(buf).hexdigest(),
|
||||
|
@ -18,9 +18,17 @@ from cryptography.hazmat.primitives.asymmetric import padding
|
||||
from cryptography.exceptions import InvalidSignature
|
||||
from cryptography.x509.oid import NameOID
|
||||
from datetime import datetime
|
||||
from xattr import getxattr
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
"""
|
||||
openssl genrsa -out test.key 1024
|
||||
openssl req -new -sha256 -key test.key -out test.csr -subj "/CN=test"
|
||||
curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \
|
||||
http://ca.example.lan/api/request/?wait=yes
|
||||
"""
|
||||
|
||||
class RequestListResource(object):
|
||||
@login_optional
|
||||
@whitelist_subnets(config.REQUEST_SUBNETS)
|
||||
@ -139,7 +147,8 @@ class RequestListResource(object):
|
||||
|
||||
# Attempt to save the request otherwise
|
||||
try:
|
||||
csr = authority.store_request(body.decode("ascii"))
|
||||
request_path, _, _ = authority.store_request(body.decode("ascii"),
|
||||
address=str(req.context.get("remote_addr")))
|
||||
except errors.RequestExists:
|
||||
reasons.append("Same request already uploaded exists")
|
||||
# We should still redirect client to long poll URL below
|
||||
@ -175,7 +184,7 @@ class RequestDetailResource(object):
|
||||
"""
|
||||
|
||||
try:
|
||||
_, buf, _ = authority.get_request(cn)
|
||||
path, buf, _ = authority.get_request(cn)
|
||||
except errors.RequestDoesNotExist:
|
||||
logger.warning(u"Failed to serve non-existant request %s to %s",
|
||||
cn, req.context.get("remote_addr"))
|
||||
@ -199,6 +208,7 @@ class RequestDetailResource(object):
|
||||
resp.body = json.dumps(dict(
|
||||
common_name = cn,
|
||||
server = authority.server_flags(cn),
|
||||
address = getxattr(path, "user.request.address"), # TODO: move to authority.py
|
||||
md5sum = hashlib.md5(buf).hexdigest(),
|
||||
sha1sum = hashlib.sha1(buf).hexdigest(),
|
||||
sha256sum = hashlib.sha256(buf).hexdigest(),
|
||||
|
@ -77,7 +77,7 @@ def get_attributes(cn, namespace=None):
|
||||
return path, buf, cert, attribs
|
||||
|
||||
|
||||
def store_request(buf, overwrite=False):
|
||||
def store_request(buf, overwrite=False, address="", user=""):
|
||||
"""
|
||||
Store CSR for later processing
|
||||
"""
|
||||
@ -116,7 +116,9 @@ def store_request(buf, overwrite=False):
|
||||
mailer.send("request-stored.md",
|
||||
attachments=(attach_csr,),
|
||||
common_name=common_name.value)
|
||||
return csr, common_name.value
|
||||
setxattr(request_path, "user.request.address", address)
|
||||
setxattr(request_path, "user.request.user", user)
|
||||
return request_path, csr, common_name.value
|
||||
|
||||
|
||||
def signer_exec(cmd, *bits):
|
||||
|
@ -12,7 +12,7 @@
|
||||
{% include 'img/iconmonstr-certificate-15.svg' %}
|
||||
{% endif %}
|
||||
|
||||
{{request.common_name}}
|
||||
{{request.common_name}} from {{request.address}}
|
||||
</div>
|
||||
|
||||
{% if request.email_address %}
|
||||
|
Loading…
Reference in New Issue
Block a user