mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
api: Save enrollment IP address
This commit is contained in:
parent
783bba3474
commit
789d80d712
@ -39,6 +39,7 @@ class SessionResource(object):
|
|||||||
yield dict(
|
yield dict(
|
||||||
common_name = common_name,
|
common_name = common_name,
|
||||||
server = server,
|
server = server,
|
||||||
|
address = getxattr(path, "user.request.address"), # TODO: move to authority.py
|
||||||
md5sum = hashlib.md5(buf).hexdigest(),
|
md5sum = hashlib.md5(buf).hexdigest(),
|
||||||
sha1sum = hashlib.sha1(buf).hexdigest(),
|
sha1sum = hashlib.sha1(buf).hexdigest(),
|
||||||
sha256sum = hashlib.sha256(buf).hexdigest(),
|
sha256sum = hashlib.sha256(buf).hexdigest(),
|
||||||
|
@ -18,9 +18,17 @@ from cryptography.hazmat.primitives.asymmetric import padding
|
|||||||
from cryptography.exceptions import InvalidSignature
|
from cryptography.exceptions import InvalidSignature
|
||||||
from cryptography.x509.oid import NameOID
|
from cryptography.x509.oid import NameOID
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
from xattr import getxattr
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
"""
|
||||||
|
openssl genrsa -out test.key 1024
|
||||||
|
openssl req -new -sha256 -key test.key -out test.csr -subj "/CN=test"
|
||||||
|
curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \
|
||||||
|
http://ca.example.lan/api/request/?wait=yes
|
||||||
|
"""
|
||||||
|
|
||||||
class RequestListResource(object):
|
class RequestListResource(object):
|
||||||
@login_optional
|
@login_optional
|
||||||
@whitelist_subnets(config.REQUEST_SUBNETS)
|
@whitelist_subnets(config.REQUEST_SUBNETS)
|
||||||
@ -139,7 +147,8 @@ class RequestListResource(object):
|
|||||||
|
|
||||||
# Attempt to save the request otherwise
|
# Attempt to save the request otherwise
|
||||||
try:
|
try:
|
||||||
csr = authority.store_request(body.decode("ascii"))
|
request_path, _, _ = authority.store_request(body.decode("ascii"),
|
||||||
|
address=str(req.context.get("remote_addr")))
|
||||||
except errors.RequestExists:
|
except errors.RequestExists:
|
||||||
reasons.append("Same request already uploaded exists")
|
reasons.append("Same request already uploaded exists")
|
||||||
# We should still redirect client to long poll URL below
|
# We should still redirect client to long poll URL below
|
||||||
@ -175,7 +184,7 @@ class RequestDetailResource(object):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
try:
|
try:
|
||||||
_, buf, _ = authority.get_request(cn)
|
path, buf, _ = authority.get_request(cn)
|
||||||
except errors.RequestDoesNotExist:
|
except errors.RequestDoesNotExist:
|
||||||
logger.warning(u"Failed to serve non-existant request %s to %s",
|
logger.warning(u"Failed to serve non-existant request %s to %s",
|
||||||
cn, req.context.get("remote_addr"))
|
cn, req.context.get("remote_addr"))
|
||||||
@ -199,6 +208,7 @@ class RequestDetailResource(object):
|
|||||||
resp.body = json.dumps(dict(
|
resp.body = json.dumps(dict(
|
||||||
common_name = cn,
|
common_name = cn,
|
||||||
server = authority.server_flags(cn),
|
server = authority.server_flags(cn),
|
||||||
|
address = getxattr(path, "user.request.address"), # TODO: move to authority.py
|
||||||
md5sum = hashlib.md5(buf).hexdigest(),
|
md5sum = hashlib.md5(buf).hexdigest(),
|
||||||
sha1sum = hashlib.sha1(buf).hexdigest(),
|
sha1sum = hashlib.sha1(buf).hexdigest(),
|
||||||
sha256sum = hashlib.sha256(buf).hexdigest(),
|
sha256sum = hashlib.sha256(buf).hexdigest(),
|
||||||
|
@ -77,7 +77,7 @@ def get_attributes(cn, namespace=None):
|
|||||||
return path, buf, cert, attribs
|
return path, buf, cert, attribs
|
||||||
|
|
||||||
|
|
||||||
def store_request(buf, overwrite=False):
|
def store_request(buf, overwrite=False, address="", user=""):
|
||||||
"""
|
"""
|
||||||
Store CSR for later processing
|
Store CSR for later processing
|
||||||
"""
|
"""
|
||||||
@ -116,7 +116,9 @@ def store_request(buf, overwrite=False):
|
|||||||
mailer.send("request-stored.md",
|
mailer.send("request-stored.md",
|
||||||
attachments=(attach_csr,),
|
attachments=(attach_csr,),
|
||||||
common_name=common_name.value)
|
common_name=common_name.value)
|
||||||
return csr, common_name.value
|
setxattr(request_path, "user.request.address", address)
|
||||||
|
setxattr(request_path, "user.request.user", user)
|
||||||
|
return request_path, csr, common_name.value
|
||||||
|
|
||||||
|
|
||||||
def signer_exec(cmd, *bits):
|
def signer_exec(cmd, *bits):
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
{% include 'img/iconmonstr-certificate-15.svg' %}
|
{% include 'img/iconmonstr-certificate-15.svg' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{{request.common_name}}
|
{{request.common_name}} from {{request.address}}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{% if request.email_address %}
|
{% if request.email_address %}
|
||||||
|
Loading…
Reference in New Issue
Block a user