1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

api: Save enrollment IP address

This commit is contained in:
Lauri Võsandi 2017-08-10 00:45:43 +03:00
parent 783bba3474
commit 789d80d712
4 changed files with 18 additions and 5 deletions

View File

@ -39,6 +39,7 @@ class SessionResource(object):
yield dict( yield dict(
common_name = common_name, common_name = common_name,
server = server, server = server,
address = getxattr(path, "user.request.address"), # TODO: move to authority.py
md5sum = hashlib.md5(buf).hexdigest(), md5sum = hashlib.md5(buf).hexdigest(),
sha1sum = hashlib.sha1(buf).hexdigest(), sha1sum = hashlib.sha1(buf).hexdigest(),
sha256sum = hashlib.sha256(buf).hexdigest(), sha256sum = hashlib.sha256(buf).hexdigest(),

View File

@ -18,9 +18,17 @@ from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.exceptions import InvalidSignature from cryptography.exceptions import InvalidSignature
from cryptography.x509.oid import NameOID from cryptography.x509.oid import NameOID
from datetime import datetime from datetime import datetime
from xattr import getxattr
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
"""
openssl genrsa -out test.key 1024
openssl req -new -sha256 -key test.key -out test.csr -subj "/CN=test"
curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \
http://ca.example.lan/api/request/?wait=yes
"""
class RequestListResource(object): class RequestListResource(object):
@login_optional @login_optional
@whitelist_subnets(config.REQUEST_SUBNETS) @whitelist_subnets(config.REQUEST_SUBNETS)
@ -139,7 +147,8 @@ class RequestListResource(object):
# Attempt to save the request otherwise # Attempt to save the request otherwise
try: try:
csr = authority.store_request(body.decode("ascii")) request_path, _, _ = authority.store_request(body.decode("ascii"),
address=str(req.context.get("remote_addr")))
except errors.RequestExists: except errors.RequestExists:
reasons.append("Same request already uploaded exists") reasons.append("Same request already uploaded exists")
# We should still redirect client to long poll URL below # We should still redirect client to long poll URL below
@ -175,7 +184,7 @@ class RequestDetailResource(object):
""" """
try: try:
_, buf, _ = authority.get_request(cn) path, buf, _ = authority.get_request(cn)
except errors.RequestDoesNotExist: except errors.RequestDoesNotExist:
logger.warning(u"Failed to serve non-existant request %s to %s", logger.warning(u"Failed to serve non-existant request %s to %s",
cn, req.context.get("remote_addr")) cn, req.context.get("remote_addr"))
@ -199,6 +208,7 @@ class RequestDetailResource(object):
resp.body = json.dumps(dict( resp.body = json.dumps(dict(
common_name = cn, common_name = cn,
server = authority.server_flags(cn), server = authority.server_flags(cn),
address = getxattr(path, "user.request.address"), # TODO: move to authority.py
md5sum = hashlib.md5(buf).hexdigest(), md5sum = hashlib.md5(buf).hexdigest(),
sha1sum = hashlib.sha1(buf).hexdigest(), sha1sum = hashlib.sha1(buf).hexdigest(),
sha256sum = hashlib.sha256(buf).hexdigest(), sha256sum = hashlib.sha256(buf).hexdigest(),

View File

@ -77,7 +77,7 @@ def get_attributes(cn, namespace=None):
return path, buf, cert, attribs return path, buf, cert, attribs
def store_request(buf, overwrite=False): def store_request(buf, overwrite=False, address="", user=""):
""" """
Store CSR for later processing Store CSR for later processing
""" """
@ -116,7 +116,9 @@ def store_request(buf, overwrite=False):
mailer.send("request-stored.md", mailer.send("request-stored.md",
attachments=(attach_csr,), attachments=(attach_csr,),
common_name=common_name.value) common_name=common_name.value)
return csr, common_name.value setxattr(request_path, "user.request.address", address)
setxattr(request_path, "user.request.user", user)
return request_path, csr, common_name.value
def signer_exec(cmd, *bits): def signer_exec(cmd, *bits):

View File

@ -12,7 +12,7 @@
{% include 'img/iconmonstr-certificate-15.svg' %} {% include 'img/iconmonstr-certificate-15.svg' %}
{% endif %} {% endif %}
{{request.common_name}} {{request.common_name}} from {{request.address}}
</div> </div>
{% if request.email_address %} {% if request.email_address %}