1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 08:15:18 +00:00

api: ocsp: drop usage of global authority import

This commit is contained in:
Priit Laes 2018-02-03 12:45:07 +02:00
parent be454d7a65
commit 7f2729e6f4
2 changed files with 8 additions and 5 deletions

View File

@ -262,7 +262,7 @@ def certidude_app(log_handlers=[]):
if config.OCSP_SUBNETS:
from .ocsp import OCSPResource
app.add_sink(OCSPResource(), prefix="/api/ocsp")
app.add_sink(OCSPResource(authority), prefix="/api/ocsp")
# Set up log handlers
if config.LOGGING_BACKEND == "sql":

View File

@ -6,13 +6,16 @@ from asn1crypto.util import timezone
from asn1crypto import cms, algos, x509, ocsp
from base64 import b64decode, b64encode
from certbuilder import pem_armor_certificate
from certidude import authority, push, config
from certidude import push, config
from certidude.firewall import whitelist_subnets
from datetime import datetime, timedelta
from oscrypto import keys, asymmetric, symmetric
from oscrypto.errors import SignatureError
class OCSPResource(object):
def __init__(self, authority):
self.authority = authority
@whitelist_subnets(config.OCSP_SUBNETS)
def __call__(self, req, resp):
try:
@ -55,14 +58,14 @@ class OCSPResource(object):
link_target = os.readlink(os.path.join(config.SIGNED_BY_SERIAL_DIR, "%x.pem" % serial))
assert link_target.startswith("../")
assert link_target.endswith(".pem")
path, buf, cert, signed, expires = authority.get_signed(link_target[3:-4])
path, buf, cert, signed, expires = self.authority.get_signed(link_target[3:-4])
if serial != cert.serial_number:
logger.error("Certificate store integrity check failed, %s refers to certificate with serial %x" % (link_target, cert.serial_number))
raise EnvironmentError("Integrity check failed")
status = ocsp.CertStatus(name='good', value=None)
except EnvironmentError:
try:
path, buf, cert, signed, expires, revoked = authority.get_revoked(serial)
path, buf, cert, signed, expires, revoked = self.authority.get_revoked(serial)
status = ocsp.CertStatus(
name='revoked',
value={
@ -102,7 +105,7 @@ class OCSPResource(object):
'certs': [server_certificate.asn1],
'signature_algorithm': {'algorithm': "sha1_rsa"},
'signature': asymmetric.rsa_pkcs1v15_sign(
authority.private_key,
self.authority.private_key,
response_data.dump(),
"sha1"
)