api: ocsp: drop usage of global authority import

2024-12-22 16:25:17 +00:00 · 2018-02-03 12:45:07 +02:00 · 2018-02-03 12:45:07 +02:00 · 7f2729e6f4
commit 7f2729e6f4
parent be454d7a65
2 changed files with 8 additions and 5 deletions
--- a/certidude/api/init.py
+++ b/certidude/api/init.py
@ -262,7 +262,7 @@ def certidude_app(log_handlers=[]):

    if config.OCSP_SUBNETS:
        from .ocsp import OCSPResource
-        app.add_sink(OCSPResource(), prefix="/api/ocsp")
+        app.add_sink(OCSPResource(authority), prefix="/api/ocsp")

    # Set up log handlers
    if config.LOGGING_BACKEND == "sql":
--- a/certidude/api/ocsp.py
+++ b/certidude/api/ocsp.py
@ -6,13 +6,16 @@ from asn1crypto.util import timezone
 from asn1crypto import cms, algos, x509, ocsp
 from base64 import b64decode, b64encode
 from certbuilder import pem_armor_certificate
-from certidude import authority, push, config
+from certidude import push, config
 from certidude.firewall import whitelist_subnets
 from datetime import datetime, timedelta
 from oscrypto import keys, asymmetric, symmetric
 from oscrypto.errors import SignatureError

 class OCSPResource(object):
+    def __init__(self, authority):
+        self.authority = authority
+
    @whitelist_subnets(config.OCSP_SUBNETS)
    def __call__(self, req, resp):
        try:
@ -55,14 +58,14 @@ class OCSPResource(object):
                link_target = os.readlink(os.path.join(config.SIGNED_BY_SERIAL_DIR, "%x.pem" % serial))
                assert link_target.startswith("../")
                assert link_target.endswith(".pem")
-                path, buf, cert, signed, expires = authority.get_signed(link_target[3:-4])
+                path, buf, cert, signed, expires = self.authority.get_signed(link_target[3:-4])
                if serial != cert.serial_number:
                    logger.error("Certificate store integrity check failed, %s refers to certificate with serial %x" % (link_target, cert.serial_number))
                    raise EnvironmentError("Integrity check failed")
                status = ocsp.CertStatus(name='good', value=None)
            except EnvironmentError:
                try:
-                    path, buf, cert, signed, expires, revoked = authority.get_revoked(serial)
+                    path, buf, cert, signed, expires, revoked = self.authority.get_revoked(serial)
                    status = ocsp.CertStatus(
                        name='revoked',
                        value={
@ -102,7 +105,7 @@ class OCSPResource(object):
                    'certs': [server_certificate.asn1],
                    'signature_algorithm': {'algorithm': "sha1_rsa"},
                    'signature': asymmetric.rsa_pkcs1v15_sign(
-                        authority.private_key,
+                        self.authority.private_key,
                        response_data.dump(),
                        "sha1"
                    )