diff --git a/certidude/api/bootstrap.py b/certidude/api/bootstrap.py index 3e1e746..3a76950 100644 --- a/certidude/api/bootstrap.py +++ b/certidude/api/bootstrap.py @@ -3,13 +3,11 @@ from certidude.decorators import serialize from certidude.config import cp from certidude import config, const from jinja2 import Template +from .utils import AuthorityHandler logger = logging.getLogger(__name__) -class BootstrapResource(object): - def __init__(self, authority): - self.authority = authority - +class BootstrapResource(AuthorityHandler): def on_get(self, req, resp): resp.body = Template(open(config.BOOTSTRAP_TEMPLATE).read()).render( authority = const.FQDN, diff --git a/certidude/api/lease.py b/certidude/api/lease.py index 9b6449b..a1f6660 100644 --- a/certidude/api/lease.py +++ b/certidude/api/lease.py @@ -8,15 +8,13 @@ from datetime import datetime from certidude import config, push from certidude.auth import login_required, authorize_admin, authorize_server from certidude.decorators import serialize +from .utils import AuthorityHandler logger = logging.getLogger(__name__) # TODO: lease namespacing (?) -class LeaseDetailResource(object): - def __init__(self, authority): - self.authority = authority - +class LeaseDetailResource(AuthorityHandler): @serialize @login_required @authorize_admin @@ -32,10 +30,7 @@ class LeaseDetailResource(object): raise falcon.HTTPNotFound() -class LeaseResource(object): - def __init__(self, authority): - self.authority = authority - +class LeaseResource(AuthorityHandler): @authorize_server def on_post(self, req, resp): client_common_name = req.get_param("client", required=True) diff --git a/certidude/api/ocsp.py b/certidude/api/ocsp.py index e4b6d9a..246c483 100644 --- a/certidude/api/ocsp.py +++ b/certidude/api/ocsp.py @@ -11,11 +11,9 @@ from certidude.firewall import whitelist_subnets from datetime import datetime, timedelta from oscrypto import keys, asymmetric, symmetric from oscrypto.errors import SignatureError +from .utils import AuthorityHandler -class OCSPResource(object): - def __init__(self, authority): - self.authority = authority - +class OCSPResource(AuthorityHandler): @whitelist_subnets(config.OCSP_SUBNETS) def __call__(self, req, resp): try: diff --git a/certidude/api/request.py b/certidude/api/request.py index f918e6e..014029e 100644 --- a/certidude/api/request.py +++ b/certidude/api/request.py @@ -16,6 +16,7 @@ from datetime import datetime from oscrypto import asymmetric from oscrypto.errors import SignatureError from xattr import getxattr +from .utils import AuthorityHandler logger = logging.getLogger(__name__) @@ -26,10 +27,7 @@ curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \ http://ca.example.lan/api/request/?wait=yes """ -class RequestListResource(object): - def __init__(self, authority): - self.authority = authority - +class RequestListResource(AuthorityHandler): @login_optional @whitelist_subnets(config.REQUEST_SUBNETS) @whitelist_content_types("application/pkcs10") @@ -177,10 +175,7 @@ class RequestListResource(object): cls=MyEncoder) -class RequestDetailResource(object): - def __init__(self, authority): - self.authority = authority - +class RequestDetailResource(AuthorityHandler): def on_get(self, req, resp, cn): """ Fetch certificate signing request as PEM diff --git a/certidude/api/revoked.py b/certidude/api/revoked.py index 07ee0a6..ce19fee 100644 --- a/certidude/api/revoked.py +++ b/certidude/api/revoked.py @@ -5,13 +5,11 @@ import json import logging from certidude import const, config from certidude.firewall import whitelist_subnets +from .utils import AuthorityHandler logger = logging.getLogger(__name__) -class RevocationListResource(object): - def __init__(self, authority): - self.authority = authority - +class RevocationListResource(AuthorityHandler): @whitelist_subnets(config.CRL_SUBNETS) def on_get(self, req, resp): # Primarily offer DER encoded CRL as per RFC5280 diff --git a/certidude/api/scep.py b/certidude/api/scep.py index 57b9115..8fc972f 100644 --- a/certidude/api/scep.py +++ b/certidude/api/scep.py @@ -9,6 +9,7 @@ from certidude import push, config from certidude.firewall import whitelist_subnets from oscrypto import keys, asymmetric, symmetric from oscrypto.errors import SignatureError +from .utils import AuthorityHandler # Monkey patch asn1crypto @@ -36,10 +37,7 @@ class SCEPBadRequest(SCEPError): code = 2 class SCEPBadTime(SCEPError): code = 3 class SCEPBadCertId(SCEPError): code = 4 -class SCEPResource(object): - def __init__(self, authority): - self.authority = authority - +class SCEPResource(AuthorityHandler): @whitelist_subnets(config.SCEP_SUBNETS) def on_get(self, req, resp): operation = req.get_param("operation", required=True) diff --git a/certidude/api/script.py b/certidude/api/script.py index 18bee8a..ccd7a05 100644 --- a/certidude/api/script.py +++ b/certidude/api/script.py @@ -5,14 +5,12 @@ from certidude import const, config from certidude.decorators import serialize from jinja2 import Environment, FileSystemLoader from certidude.firewall import whitelist_subject +from .utils import AuthorityHandler logger = logging.getLogger(__name__) env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True) -class ScriptResource(): - def __init__(self, authority): - self.authority = authority - +class ScriptResource(AuthorityHandler): @whitelist_subject def on_get(self, req, resp, cn): path, buf, cert, attribs = self.authority.get_attributes(cn) diff --git a/certidude/api/signed.py b/certidude/api/signed.py index 1974ed7..2b42cc6 100644 --- a/certidude/api/signed.py +++ b/certidude/api/signed.py @@ -6,13 +6,11 @@ import hashlib from certidude.auth import login_required, authorize_admin from certidude.decorators import csrf_protection from xattr import getxattr +from .utils import AuthorityHandler logger = logging.getLogger(__name__) -class SignedCertificateDetailResource(object): - def __init__(self, authority): - self.authority = authority - +class SignedCertificateDetailResource(AuthorityHandler): def on_get(self, req, resp, cn): preferred_type = req.client_prefers(("application/json", "application/x-pem-file")) diff --git a/certidude/api/tag.py b/certidude/api/tag.py index 5da02b3..a1e8e85 100644 --- a/certidude/api/tag.py +++ b/certidude/api/tag.py @@ -4,13 +4,11 @@ from xattr import getxattr, removexattr, setxattr from certidude import push from certidude.auth import login_required, authorize_admin from certidude.decorators import serialize, csrf_protection +from .utils import AuthorityHandler logger = logging.getLogger(__name__) -class TagResource(object): - def __init__(self, authority): - self.authority = authority - +class TagResource(AuthorityHandler): @serialize @login_required @authorize_admin diff --git a/certidude/api/token.py b/certidude/api/token.py index b18b213..0bb308c 100644 --- a/certidude/api/token.py +++ b/certidude/api/token.py @@ -13,13 +13,11 @@ from certidude.decorators import serialize from certidude.user import User from certidude import config from certidude.auth import login_required, authorize_admin +from .utils import AuthorityHandler logger = logging.getLogger(__name__) -class TokenResource(object): - def __init__(self, authority): - self.authority = authority - +class TokenResource(AuthorityHandler): def on_put(self, req, resp): # Consume token now = time()