lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 09:29:13 +00:00
Code Issues Activity

Use unicode literals for logging

Browse Source
This commit is contained in:
Lauri Võsandi
2016-03-29 08:54:55 +03:00
parent acc0e29109
commit 799b9e19c8
7 changed files with 21 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
certidude/api/__init__.py
View File

@@ -31,7 +31,7 @@ class CertificateStatusResource(object):
class CertificateAuthorityResource(object): class CertificateAuthorityResource(object):
def on_get(self, req, resp): def on_get(self, req, resp):
logger.info("Served CA certificate to %s", req.context.get("remote_addr")) logger.info(u"Served CA certificate to %s", req.context.get("remote_addr"))
resp.stream = open(config.AUTHORITY_CERTIFICATE_PATH, "rb") resp.stream = open(config.AUTHORITY_CERTIFICATE_PATH, "rb")
resp.append_header("Content-Type", "application/x-x509-ca-cert") resp.append_header("Content-Type", "application/x-x509-ca-cert")
resp.append_header("Content-Disposition", "attachment; filename=%s.crt" % resp.append_header("Content-Disposition", "attachment; filename=%s.crt" %
@@ -104,7 +104,7 @@ class BundleResource(object):
@login_required @login_required
def on_get(self, req, resp): def on_get(self, req, resp):
common_name = req.context["user"].mail common_name = req.context["user"].mail
logger.info("Signing bundle %s for %s", common_name, req.context.get("user")) logger.info(u"Signing bundle %s for %s", common_name, req.context.get("user"))
resp.set_header("Content-Type", "application/x-pkcs12") resp.set_header("Content-Type", "application/x-pkcs12")
resp.set_header("Content-Disposition", "attachment; filename=%s.p12" % common_name.encode("ascii")) resp.set_header("Content-Disposition", "attachment; filename=%s.p12" % common_name.encode("ascii"))
resp.body, cert = authority.generate_pkcs12_bundle(common_name, resp.body, cert = authority.generate_pkcs12_bundle(common_name,

14
certidude/api/request.py
View File

@@ -32,7 +32,7 @@ class RequestListResource(object):
csr = Request(body) csr = Request(body)
if not csr.common_name: if not csr.common_name:
logger.warning("Rejected signing request without common name from %s", logger.warning(u"Rejected signing request without common name from %s",
req.context.get("remote_addr")) req.context.get("remote_addr"))
raise falcon.HTTPBadRequest( raise falcon.HTTPBadRequest(
"Bad request", "Bad request",
@@ -71,7 +71,7 @@ class RequestListResource(object):
pass pass
except errors.DuplicateCommonNameError: except errors.DuplicateCommonNameError:
# TODO: Certificate renewal # TODO: Certificate renewal
logger.warning("Rejected signing request with overlapping common name from %s", logger.warning(u"Rejected signing request with overlapping common name from %s",
req.context.get("remote_addr")) req.context.get("remote_addr"))
raise falcon.HTTPConflict( raise falcon.HTTPConflict(
"CSR with such CN already exists", "CSR with such CN already exists",
@@ -86,11 +86,11 @@ class RequestListResource(object):
click.echo("Redirecting to: %s" % url) click.echo("Redirecting to: %s" % url)
resp.status = falcon.HTTP_SEE_OTHER resp.status = falcon.HTTP_SEE_OTHER
resp.set_header("Location", url.encode("ascii")) resp.set_header("Location", url.encode("ascii"))
logger.debug("Redirecting signing request from %s to %s", req.context.get("remote_addr"), url) logger.debug(u"Redirecting signing request from %s to %s", req.context.get("remote_addr"), url)
else: else:
# Request was accepted, but not processed # Request was accepted, but not processed
resp.status = falcon.HTTP_202 resp.status = falcon.HTTP_202
logger.info("Signing request from %s stored", req.context.get("remote_addr")) logger.info(u"Signing request from %s stored", req.context.get("remote_addr"))
class RequestDetailResource(object): class RequestDetailResource(object):
@@ -100,7 +100,7 @@ class RequestDetailResource(object):
Fetch certificate signing request as PEM Fetch certificate signing request as PEM
""" """
csr = authority.get_request(cn) csr = authority.get_request(cn)
logger.debug("Signing request %s was downloaded by %s", logger.debug(u"Signing request %s was downloaded by %s",
csr.common_name, req.context.get("remote_addr")) csr.common_name, req.context.get("remote_addr"))
return csr return csr
@@ -118,7 +118,7 @@ class RequestDetailResource(object):
resp.body = "Certificate successfully signed" resp.body = "Certificate successfully signed"
resp.status = falcon.HTTP_201 resp.status = falcon.HTTP_201
resp.location = os.path.join(req.relative_uri, "..", "..", "signed", cn) resp.location = os.path.join(req.relative_uri, "..", "..", "signed", cn)
logger.info("Signing request %s signed by %s from %s", csr.common_name, logger.info(u"Signing request %s signed by %s from %s", csr.common_name,
req.context.get("user"), req.context.get("remote_addr")) req.context.get("user"), req.context.get("remote_addr"))
@@ -131,6 +131,6 @@ class RequestDetailResource(object):
# Logging implemented in the function above # Logging implemented in the function above
except EnvironmentError as e: except EnvironmentError as e:
resp.body = "No certificate CN=%s found" % cn resp.body = "No certificate CN=%s found" % cn
logger.warning("User %s failed to delete signing request %s from %s, reason: %s", logger.warning(u"User %s failed to delete signing request %s from %s, reason: %s",
req.context["user"], cn, req.context.get("remote_addr"), e) req.context["user"], cn, req.context.get("remote_addr"), e)
raise falcon.HTTPNotFound() raise falcon.HTTPNotFound()

2
certidude/api/revoked.py
View File

@@ -6,7 +6,7 @@ logger = logging.getLogger("api")
class RevocationListResource(object): class RevocationListResource(object):
def on_get(self, req, resp): def on_get(self, req, resp):
logger.debug("Revocation list requested by %s", req.context.get("remote_addr")) logger.debug(u"Revocation list requested by %s", req.context.get("remote_addr"))
resp.set_header("Content-Type", "application/x-pkcs7-crl") resp.set_header("Content-Type", "application/x-pkcs7-crl")
resp.append_header("Content-Disposition", "attachment; filename=ca.crl") resp.append_header("Content-Disposition", "attachment; filename=ca.crl")
resp.body = export_crl() resp.body = export_crl()

6
certidude/api/tag.py
View File

@@ -26,7 +26,7 @@ class TagResource(RelationalMixin):
args = req.get_param("cn"), req.get_param("key"), req.get_param("value") args = req.get_param("cn"), req.get_param("key"), req.get_param("value")
rowid = self.sql_execute("tag_insert.sql", *args) rowid = self.sql_execute("tag_insert.sql", *args)
push.publish("tag-added", str(rowid)) push.publish("tag-added", str(rowid))
logger.debug("Tag cn=%s, key=%s, value=%s added" % args) logger.debug(u"Tag cn=%s, key=%s, value=%s added" % args)
class TagDetailResource(RelationalMixin): class TagDetailResource(RelationalMixin):
@@ -60,7 +60,7 @@ class TagDetailResource(RelationalMixin):
from certidude import push from certidude import push
args = req.get_param("value"), identifier args = req.get_param("value"), identifier
self.sql_execute("tag_update.sql", *args) self.sql_execute("tag_update.sql", *args)
logger.debug("Tag %s updated, value set to %s", logger.debug(u"Tag %s updated, value set to %s",
identifier, req.get_param("value")) identifier, req.get_param("value"))
push.publish("tag-updated", identifier) push.publish("tag-updated", identifier)
@@ -73,4 +73,4 @@ class TagDetailResource(RelationalMixin):
from certidude import push from certidude import push
self.sql_execute("tag_delete.sql", identifier) self.sql_execute("tag_delete.sql", identifier)
push.publish("tag-removed", identifier) push.publish("tag-removed", identifier)
logger.debug("Tag %s removed" % identifier) logger.debug(u"Tag %s removed" % identifier)

8
certidude/auth.py
View File

@@ -131,7 +131,7 @@ def authenticate(optional=False):
conn.simple_bind_s(user if "@" in user else "%s@%s" % (user, constants.DOMAIN), passwd) conn.simple_bind_s(user if "@" in user else "%s@%s" % (user, constants.DOMAIN), passwd)
except ldap.LDAPError, e: except ldap.LDAPError, e:
resp.append_header("WWW-Authenticate", "Basic") resp.append_header("WWW-Authenticate", "Basic")
logger.critical("LDAP bind authentication failed for user %s from %s", logger.critical(u"LDAP bind authentication failed for user %s from %s",
repr(user), req.context.get("remote_addr")) repr(user), req.context.get("remote_addr"))
raise falcon.HTTPUnauthorized("Forbidden", raise falcon.HTTPUnauthorized("Forbidden",
"Please authenticate with %s domain account or supply UPN" % constants.DOMAIN) "Please authenticate with %s domain account or supply UPN" % constants.DOMAIN)
@@ -166,7 +166,7 @@ def authenticate(optional=False):
import simplepam import simplepam
if not simplepam.authenticate(user, passwd, "sshd"): if not simplepam.authenticate(user, passwd, "sshd"):
logger.critical("Basic authentication failed for user %s from %s", logger.critical(u"Basic authentication failed for user %s from %s",
repr(user), req.context.get("remote_addr")) repr(user), req.context.get("remote_addr"))
raise falcon.HTTPUnauthorized("Forbidden", "Invalid password") raise falcon.HTTPUnauthorized("Forbidden", "Invalid password")
@@ -194,7 +194,7 @@ def authorize_admin(func):
def whitelist_authorize_admin(resource, req, resp, *args, **kwargs): def whitelist_authorize_admin(resource, req, resp, *args, **kwargs):
# Check for username whitelist # Check for username whitelist
if not req.context.get("user") or req.context.get("user") not in config.ADMIN_WHITELIST: if not req.context.get("user") or req.context.get("user") not in config.ADMIN_WHITELIST:
logger.info("Rejected access to administrative call %s by %s from %s, user not whitelisted", logger.info(u"Rejected access to administrative call %s by %s from %s, user not whitelisted",
req.env["PATH_INFO"], req.context.get("user"), req.context.get("remote_addr")) req.env["PATH_INFO"], req.context.get("user"), req.context.get("remote_addr"))
raise falcon.HTTPForbidden("Forbidden", "User %s not whitelisted" % req.context.get("user")) raise falcon.HTTPForbidden("Forbidden", "User %s not whitelisted" % req.context.get("user"))
return func(resource, req, resp, *args, **kwargs) return func(resource, req, resp, *args, **kwargs)
@@ -203,7 +203,7 @@ def authorize_admin(func):
if req.context.get("user").is_admin(): if req.context.get("user").is_admin():
req.context["admin_authorized"] = True req.context["admin_authorized"] = True
return func(resource, req, resp, *args, **kwargs) return func(resource, req, resp, *args, **kwargs)
logger.info("User '%s' not authorized to access administrative API", req.context.get("user").name) logger.info(u"User '%s' not authorized to access administrative API", req.context.get("user").name)
raise falcon.HTTPForbidden("Forbidden", "User not authorized to perform administrative operations") raise falcon.HTTPForbidden("Forbidden", "User not authorized to perform administrative operations")
if config.AUTHORIZATION_BACKEND == "whitelist": if config.AUTHORIZATION_BACKEND == "whitelist":

6
certidude/decorators.py
View File

@@ -29,7 +29,7 @@ def csrf_protection(func):
return func(self, req, resp, *args, **kwargs) return func(self, req, resp, *args, **kwargs)
# Kaboom! # Kaboom!
logger.warning("Prevented clickbait from '%s' with user agent '%s'", logger.warning(u"Prevented clickbait from '%s' with user agent '%s'",
referrer or "-", req.user_agent) referrer or "-", req.user_agent)
raise falcon.HTTPUnauthorized("Forbidden", raise falcon.HTTPUnauthorized("Forbidden",
"No suitable UA or referrer provided, cross-site scripting disabled") "No suitable UA or referrer provided, cross-site scripting disabled")
@@ -105,12 +105,12 @@ def serialize(func):
("attachment; filename=%s" % r.suggested_filename).encode("ascii")) ("attachment; filename=%s" % r.suggested_filename).encode("ascii"))
resp.body = r.dump() resp.body = r.dump()
elif hasattr(r, "content_type"): elif hasattr(r, "content_type"):
logger.debug("Client did not accept application/json or %s, " logger.debug(u"Client did not accept application/json or %s, "
"client expected %s", r.content_type, req.accept) "client expected %s", r.content_type, req.accept)
raise falcon.HTTPUnsupportedMediaType( raise falcon.HTTPUnsupportedMediaType(
"Client did not accept application/json or %s" % r.content_type) "Client did not accept application/json or %s" % r.content_type)
else: else:
logger.debug("Client did not accept application/json, client expected %s", req.accept) logger.debug(u"Client did not accept application/json, client expected %s", req.accept)
raise falcon.HTTPUnsupportedMediaType( raise falcon.HTTPUnsupportedMediaType(
"Client did not accept application/json") "Client did not accept application/json")
return r return r

2
certidude/firewall.py
View File

@@ -15,7 +15,7 @@ def whitelist_subnets(subnets):
if req.context.get("remote_addr") in subnet: if req.context.get("remote_addr") in subnet:
break break
else: else:
logger.info("Rejected access to administrative call %s by %s from %s, source address not whitelisted", logger.info(u"Rejected access to administrative call %s by %s from %s, source address not whitelisted",
req.env["PATH_INFO"], req.env["PATH_INFO"],
req.context.get("user", "unauthenticated user"), req.context.get("user", "unauthenticated user"),
req.context.get("remote_addr")) req.context.get("remote_addr"))