tests: Add test for machine attribute updates

2026-01-12 17:06:59 +00:00 · 2017-07-07 21:07:25 +00:00
parent 39363a57c7
commit a48331a9cb
6 changed files with 36 additions and 4 deletions
--- a/certidude/api/init.py
+++ b/certidude/api/init.py
@@ -175,7 +175,6 @@ class NormalizeMiddleware(object):

 def certidude_app(log_handlers=[]):
    from certidude import config
-    from .revoked import RevocationListResource
    from .signed import SignedCertificateDetailResource
    from .request import RequestListResource, RequestDetailResource
    from .lease import LeaseResource, LeaseDetailResource
@@ -191,7 +190,6 @@ def certidude_app(log_handlers=[]):

    # Certificate authority API calls
    app.add_route("/api/certificate/", CertificateAuthorityResource())
-    app.add_route("/api/revoked/", RevocationListResource())
    app.add_route("/api/signed/{cn}/", SignedCertificateDetailResource())
    app.add_route("/api/request/{cn}/", RequestDetailResource())
    app.add_route("/api/request/", RequestListResource())
@@ -217,6 +215,11 @@ def certidude_app(log_handlers=[]):
    # Bootstrap resource
    app.add_route("/api/bootstrap/", BootstrapResource())

+    # Add CRL handler if we have any whitelisted subnets
+    if config.CRL_SUBNETS:
+        from .revoked import RevocationListResource
+        app.add_route("/api/revoked/", RevocationListResource())
+
    # Add SCEP handler if we have any whitelisted subnets
    if config.SCEP_SUBNETS:
        from .scep import SCEPResource
--- a/certidude/api/ocsp.py
+++ b/certidude/api/ocsp.py
@@ -12,6 +12,7 @@ from oscrypto import keys, asymmetric, symmetric
 from oscrypto.errors import SignatureError

 class OCSPResource(object):
+    @whitelist_subnets(config.OCSP_SUBNETS)
    def __call__(self, req, resp):
        if req.method == "GET":
            _, _, _, tail = req.path.split("/", 3)
--- a/certidude/api/revoked.py
+++ b/certidude/api/revoked.py
@@ -5,6 +5,7 @@ import json
 import logging
 from certidude import const, config
 from certidude.authority import export_crl, list_revoked
+from certidude.firewall import whitelist_subnets
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.serialization import Encoding
@@ -12,6 +13,7 @@ from cryptography.hazmat.primitives.serialization import Encoding
 logger = logging.getLogger(__name__)

 class RevocationListResource(object):
+    @whitelist_subnets(config.CRL_SUBNETS)
    def on_get(self, req, resp):
        # Primarily offer DER encoded CRL as per RFC5280
        # This is also what StrongSwan expects