1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

api: lease: drop usage of global authority import

This commit is contained in:
Priit Laes 2018-02-03 12:43:21 +02:00
parent 937c81bd5f
commit be454d7a65
2 changed files with 11 additions and 5 deletions

View File

@ -233,13 +233,13 @@ def certidude_app(log_handlers=[]):
# API calls used by pushed events on the JS end # API calls used by pushed events on the JS end
app.add_route("/api/signed/{cn}/tag/", TagResource()) app.add_route("/api/signed/{cn}/tag/", TagResource())
app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource()) app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource(authority))
# API call used to delete existing tags # API call used to delete existing tags
app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource()) app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource())
# Gateways can submit leases via this API call # Gateways can submit leases via this API call
app.add_route("/api/lease/", LeaseResource()) app.add_route("/api/lease/", LeaseResource(authority))
# Bootstrap resource # Bootstrap resource
app.add_route("/api/bootstrap/", BootstrapResource(authority)) app.add_route("/api/bootstrap/", BootstrapResource(authority))

View File

@ -5,7 +5,7 @@ import logging
import os import os
import xattr import xattr
from datetime import datetime from datetime import datetime
from certidude import config, authority, push from certidude import config, push
from certidude.auth import login_required, authorize_admin, authorize_server from certidude.auth import login_required, authorize_admin, authorize_server
from certidude.decorators import serialize from certidude.decorators import serialize
@ -14,12 +14,15 @@ logger = logging.getLogger(__name__)
# TODO: lease namespacing (?) # TODO: lease namespacing (?)
class LeaseDetailResource(object): class LeaseDetailResource(object):
def __init__(self, authority):
self.authority = authority
@serialize @serialize
@login_required @login_required
@authorize_admin @authorize_admin
def on_get(self, req, resp, cn): def on_get(self, req, resp, cn):
try: try:
path, buf, cert, signed, expires = authority.get_signed(cn) path, buf, cert, signed, expires = self.authority.get_signed(cn)
return dict( return dict(
last_seen = xattr.getxattr(path, "user.lease.last_seen").decode("ascii"), last_seen = xattr.getxattr(path, "user.lease.last_seen").decode("ascii"),
inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"), inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"),
@ -30,6 +33,9 @@ class LeaseDetailResource(object):
class LeaseResource(object): class LeaseResource(object):
def __init__(self, authority):
self.authority = authority
@authorize_server @authorize_server
def on_post(self, req, resp): def on_post(self, req, resp):
client_common_name = req.get_param("client", required=True) client_common_name = req.get_param("client", required=True)
@ -38,7 +44,7 @@ class LeaseResource(object):
if "," in client_common_name: if "," in client_common_name:
client_common_name, _ = client_common_name.split(",", 1) client_common_name, _ = client_common_name.split(",", 1)
path, buf, cert, signed, expires = authority.get_signed(client_common_name) # TODO: catch exceptions path, buf, cert, signed, expires = self.authority.get_signed(client_common_name) # TODO: catch exceptions
if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied") raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z" now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"