mirror of
https://github.com/laurivosandi/certidude
synced 2025-10-30 17:09:19 +00:00
api: Make logger use unicode literals
This commit is contained in:
@@ -90,9 +90,9 @@ class SessionResource(object):
|
|||||||
)
|
)
|
||||||
|
|
||||||
if req.context.get("user").is_admin():
|
if req.context.get("user").is_admin():
|
||||||
logger.info("Logged in authority administrator %s from %s" % (req.context.get("user"), req.context.get("remote_addr")))
|
logger.info(u"Logged in authority administrator %s from %s" % (req.context.get("user"), req.context.get("remote_addr")))
|
||||||
else:
|
else:
|
||||||
logger.info("Logged in authority user %s from %s" % (req.context.get("user"), req.context.get("remote_addr")))
|
logger.info(u"Logged in authority user %s from %s" % (req.context.get("user"), req.context.get("remote_addr")))
|
||||||
return dict(
|
return dict(
|
||||||
user = dict(
|
user = dict(
|
||||||
name=req.context.get("user").name,
|
name=req.context.get("user").name,
|
||||||
@@ -156,11 +156,11 @@ class StaticResource(object):
|
|||||||
if content_encoding:
|
if content_encoding:
|
||||||
resp.append_header("Content-Encoding", content_encoding)
|
resp.append_header("Content-Encoding", content_encoding)
|
||||||
resp.stream = open(path, "rb")
|
resp.stream = open(path, "rb")
|
||||||
logger.debug("Serving '%s' from '%s'", req.path, path)
|
logger.debug(u"Serving '%s' from '%s'", req.path, path)
|
||||||
else:
|
else:
|
||||||
resp.status = falcon.HTTP_404
|
resp.status = falcon.HTTP_404
|
||||||
resp.body = "File '%s' not found" % req.path
|
resp.body = "File '%s' not found" % req.path
|
||||||
logger.info("Fail '%s' not found, path resolved to '%s'", req.path, path)
|
logger.info(u"File '%s' not found, path resolved to '%s'", req.path, path)
|
||||||
import ipaddress
|
import ipaddress
|
||||||
|
|
||||||
class NormalizeMiddleware(object):
|
class NormalizeMiddleware(object):
|
||||||
|
|||||||
@@ -81,7 +81,7 @@ class RequestListResource(object):
|
|||||||
try:
|
try:
|
||||||
renewal_signature = b64decode(renewal_header)
|
renewal_signature = b64decode(renewal_header)
|
||||||
except TypeError, ValueError:
|
except TypeError, ValueError:
|
||||||
logger.error("Renewal failed, bad signature supplied for %s", common_name.value)
|
logger.error(u"Renewal failed, bad signature supplied for %s", common_name.value)
|
||||||
reasons.append("Renewal failed, bad signature supplied")
|
reasons.append("Renewal failed, bad signature supplied")
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
@@ -97,20 +97,20 @@ class RequestListResource(object):
|
|||||||
verifier.update(body)
|
verifier.update(body)
|
||||||
verifier.verify()
|
verifier.verify()
|
||||||
except InvalidSignature:
|
except InvalidSignature:
|
||||||
logger.error("Renewal failed, invalid signature supplied for %s", common_name.value)
|
logger.error(u"Renewal failed, invalid signature supplied for %s", common_name.value)
|
||||||
reasons.append("Renewal failed, invalid signature supplied")
|
reasons.append("Renewal failed, invalid signature supplied")
|
||||||
else:
|
else:
|
||||||
# At this point renewal signature was valid but we need to perform some extra checks
|
# At this point renewal signature was valid but we need to perform some extra checks
|
||||||
if datetime.utcnow() > cert.not_valid_after:
|
if datetime.utcnow() > cert.not_valid_after:
|
||||||
logger.error("Renewal failed, current certificate for %s has expired", common_name.value)
|
logger.error(u"Renewal failed, current certificate for %s has expired", common_name.value)
|
||||||
reasons.append("Renewal failed, current certificate expired")
|
reasons.append("Renewal failed, current certificate expired")
|
||||||
elif not config.CERTIFICATE_RENEWAL_ALLOWED:
|
elif not config.CERTIFICATE_RENEWAL_ALLOWED:
|
||||||
logger.error("Renewal requested for %s, but not allowed by authority settings", common_name.value)
|
logger.error(u"Renewal requested for %s, but not allowed by authority settings", common_name.value)
|
||||||
reasons.append("Renewal requested, but not allowed by authority settings")
|
reasons.append("Renewal requested, but not allowed by authority settings")
|
||||||
else:
|
else:
|
||||||
resp.set_header("Content-Type", "application/x-x509-user-cert")
|
resp.set_header("Content-Type", "application/x-x509-user-cert")
|
||||||
_, resp.body = authority._sign(csr, body, overwrite=True)
|
_, resp.body = authority._sign(csr, body, overwrite=True)
|
||||||
logger.info("Renewed certificate for %s", common_name.value)
|
logger.info(u"Renewed certificate for %s", common_name.value)
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
@@ -125,10 +125,10 @@ class RequestListResource(object):
|
|||||||
try:
|
try:
|
||||||
resp.set_header("Content-Type", "application/x-pem-file")
|
resp.set_header("Content-Type", "application/x-pem-file")
|
||||||
_, resp.body = authority._sign(csr, body)
|
_, resp.body = authority._sign(csr, body)
|
||||||
logger.info("Autosigned %s as %s is whitelisted", common_name.value, req.context.get("remote_addr"))
|
logger.info(u"Autosigned %s as %s is whitelisted", common_name.value, req.context.get("remote_addr"))
|
||||||
return
|
return
|
||||||
except EnvironmentError:
|
except EnvironmentError:
|
||||||
logger.info("Autosign for %s from %s failed, signed certificate already exists",
|
logger.info(u"Autosign for %s from %s failed, signed certificate already exists",
|
||||||
common_name.value, req.context.get("remote_addr"))
|
common_name.value, req.context.get("remote_addr"))
|
||||||
reasons.append("Autosign failed, signed certificate already exists")
|
reasons.append("Autosign failed, signed certificate already exists")
|
||||||
break
|
break
|
||||||
|
|||||||
@@ -34,5 +34,5 @@ class ScriptResource():
|
|||||||
other_tags=other_tags,
|
other_tags=other_tags,
|
||||||
named_tags=named_tags,
|
named_tags=named_tags,
|
||||||
attributes=attribs.get("user").get("machine"))
|
attributes=attribs.get("user").get("machine"))
|
||||||
logger.info("Served script %s for %s at %s" % (script, cn, req.context["remote_addr"]))
|
logger.info(u"Served script %s for %s at %s" % (script, cn, req.context["remote_addr"]))
|
||||||
# TODO: Assert time is within reasonable range
|
# TODO: Assert time is within reasonable range
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ class SignedCertificateDetailResource(object):
|
|||||||
logger.debug(u"Served certificate %s to %s as application/json",
|
logger.debug(u"Served certificate %s to %s as application/json",
|
||||||
cn, req.context.get("remote_addr"))
|
cn, req.context.get("remote_addr"))
|
||||||
else:
|
else:
|
||||||
logger.debug("Client did not accept application/json or application/x-pem-file")
|
logger.debug(u"Client did not accept application/json or application/x-pem-file")
|
||||||
raise falcon.HTTPUnsupportedMediaType(
|
raise falcon.HTTPUnsupportedMediaType(
|
||||||
"Client did not accept application/json or application/x-pem-file")
|
"Client did not accept application/json or application/x-pem-file")
|
||||||
|
|
||||||
|
|||||||
@@ -99,10 +99,10 @@ def authenticate(optional=False):
|
|||||||
try:
|
try:
|
||||||
conn.simple_bind_s(upn, passwd)
|
conn.simple_bind_s(upn, passwd)
|
||||||
except ldap.STRONG_AUTH_REQUIRED:
|
except ldap.STRONG_AUTH_REQUIRED:
|
||||||
logger.critical("LDAP server demands encryption, use ldaps:// instead of ldaps://")
|
logger.critical(u"LDAP server demands encryption, use ldaps:// instead of ldaps://")
|
||||||
raise
|
raise
|
||||||
except ldap.SERVER_DOWN:
|
except ldap.SERVER_DOWN:
|
||||||
logger.critical("Failed to connect LDAP server at %s, are you sure LDAP server's CA certificate has been copied to this machine?",
|
logger.critical(u"Failed to connect LDAP server at %s, are you sure LDAP server's CA certificate has been copied to this machine?",
|
||||||
config.LDAP_AUTHENTICATION_URI)
|
config.LDAP_AUTHENTICATION_URI)
|
||||||
raise
|
raise
|
||||||
except ldap.INVALID_CREDENTIALS:
|
except ldap.INVALID_CREDENTIALS:
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ def fqdn_required(func):
|
|||||||
def wrapped(**args):
|
def wrapped(**args):
|
||||||
common_name = args.get("common_name")
|
common_name = args.get("common_name")
|
||||||
if "." in common_name:
|
if "." in common_name:
|
||||||
logger.info("Using fully qualified hostname %s" % common_name)
|
logger.info(u"Using fully qualified hostname %s" % common_name)
|
||||||
else:
|
else:
|
||||||
raise ValueError("Fully qualified hostname not specified as common name, make sure hostname -f works")
|
raise ValueError("Fully qualified hostname not specified as common name, make sure hostname -f works")
|
||||||
return func(**args)
|
return func(**args)
|
||||||
@@ -1422,10 +1422,10 @@ def certidude_serve(port, listen, fork, exit_handler):
|
|||||||
pidfile.write("%d\n" % pid)
|
pidfile.write("%d\n" % pid)
|
||||||
|
|
||||||
def exit_handler():
|
def exit_handler():
|
||||||
logger.debug("Shutting down Certidude")
|
logger.debug(u"Shutting down Certidude")
|
||||||
import atexit
|
import atexit
|
||||||
atexit.register(exit_handler)
|
atexit.register(exit_handler)
|
||||||
logger.debug("Started Certidude at %s", const.FQDN)
|
logger.debug(u"Started Certidude at %s", const.FQDN)
|
||||||
|
|
||||||
drop_privileges()
|
drop_privileges()
|
||||||
|
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ def serialize(func):
|
|||||||
import falcon
|
import falcon
|
||||||
def wrapped(instance, req, resp, **kwargs):
|
def wrapped(instance, req, resp, **kwargs):
|
||||||
if not req.client_accepts("application/json"):
|
if not req.client_accepts("application/json"):
|
||||||
logger.debug("Client did not accept application/json")
|
logger.debug(u"Client did not accept application/json")
|
||||||
raise falcon.HTTPUnsupportedMediaType(
|
raise falcon.HTTPUnsupportedMediaType(
|
||||||
"Client did not accept application/json")
|
"Client did not accept application/json")
|
||||||
resp.set_header("Cache-Control", "no-cache, no-store, must-revalidate")
|
resp.set_header("Cache-Control", "no-cache, no-store, must-revalidate")
|
||||||
|
|||||||
Reference in New Issue
Block a user