1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

api: Use common AuthorityResource where possible

This commit is contained in:
Priit Laes 2018-02-03 13:10:45 +02:00
parent 4580663608
commit c9dd058d75
10 changed files with 22 additions and 48 deletions

View File

@ -3,13 +3,11 @@ from certidude.decorators import serialize
from certidude.config import cp from certidude.config import cp
from certidude import config, const from certidude import config, const
from jinja2 import Template from jinja2 import Template
from .utils import AuthorityHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class BootstrapResource(object): class BootstrapResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
def on_get(self, req, resp): def on_get(self, req, resp):
resp.body = Template(open(config.BOOTSTRAP_TEMPLATE).read()).render( resp.body = Template(open(config.BOOTSTRAP_TEMPLATE).read()).render(
authority = const.FQDN, authority = const.FQDN,

View File

@ -8,15 +8,13 @@ from datetime import datetime
from certidude import config, push from certidude import config, push
from certidude.auth import login_required, authorize_admin, authorize_server from certidude.auth import login_required, authorize_admin, authorize_server
from certidude.decorators import serialize from certidude.decorators import serialize
from .utils import AuthorityHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# TODO: lease namespacing (?) # TODO: lease namespacing (?)
class LeaseDetailResource(object): class LeaseDetailResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
@serialize @serialize
@login_required @login_required
@authorize_admin @authorize_admin
@ -32,10 +30,7 @@ class LeaseDetailResource(object):
raise falcon.HTTPNotFound() raise falcon.HTTPNotFound()
class LeaseResource(object): class LeaseResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
@authorize_server @authorize_server
def on_post(self, req, resp): def on_post(self, req, resp):
client_common_name = req.get_param("client", required=True) client_common_name = req.get_param("client", required=True)

View File

@ -11,11 +11,9 @@ from certidude.firewall import whitelist_subnets
from datetime import datetime, timedelta from datetime import datetime, timedelta
from oscrypto import keys, asymmetric, symmetric from oscrypto import keys, asymmetric, symmetric
from oscrypto.errors import SignatureError from oscrypto.errors import SignatureError
from .utils import AuthorityHandler
class OCSPResource(object): class OCSPResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
@whitelist_subnets(config.OCSP_SUBNETS) @whitelist_subnets(config.OCSP_SUBNETS)
def __call__(self, req, resp): def __call__(self, req, resp):
try: try:

View File

@ -16,6 +16,7 @@ from datetime import datetime
from oscrypto import asymmetric from oscrypto import asymmetric
from oscrypto.errors import SignatureError from oscrypto.errors import SignatureError
from xattr import getxattr from xattr import getxattr
from .utils import AuthorityHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -26,10 +27,7 @@ curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \
http://ca.example.lan/api/request/?wait=yes http://ca.example.lan/api/request/?wait=yes
""" """
class RequestListResource(object): class RequestListResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
@login_optional @login_optional
@whitelist_subnets(config.REQUEST_SUBNETS) @whitelist_subnets(config.REQUEST_SUBNETS)
@whitelist_content_types("application/pkcs10") @whitelist_content_types("application/pkcs10")
@ -177,10 +175,7 @@ class RequestListResource(object):
cls=MyEncoder) cls=MyEncoder)
class RequestDetailResource(object): class RequestDetailResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
def on_get(self, req, resp, cn): def on_get(self, req, resp, cn):
""" """
Fetch certificate signing request as PEM Fetch certificate signing request as PEM

View File

@ -5,13 +5,11 @@ import json
import logging import logging
from certidude import const, config from certidude import const, config
from certidude.firewall import whitelist_subnets from certidude.firewall import whitelist_subnets
from .utils import AuthorityHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class RevocationListResource(object): class RevocationListResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
@whitelist_subnets(config.CRL_SUBNETS) @whitelist_subnets(config.CRL_SUBNETS)
def on_get(self, req, resp): def on_get(self, req, resp):
# Primarily offer DER encoded CRL as per RFC5280 # Primarily offer DER encoded CRL as per RFC5280

View File

@ -9,6 +9,7 @@ from certidude import push, config
from certidude.firewall import whitelist_subnets from certidude.firewall import whitelist_subnets
from oscrypto import keys, asymmetric, symmetric from oscrypto import keys, asymmetric, symmetric
from oscrypto.errors import SignatureError from oscrypto.errors import SignatureError
from .utils import AuthorityHandler
# Monkey patch asn1crypto # Monkey patch asn1crypto
@ -36,10 +37,7 @@ class SCEPBadRequest(SCEPError): code = 2
class SCEPBadTime(SCEPError): code = 3 class SCEPBadTime(SCEPError): code = 3
class SCEPBadCertId(SCEPError): code = 4 class SCEPBadCertId(SCEPError): code = 4
class SCEPResource(object): class SCEPResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
@whitelist_subnets(config.SCEP_SUBNETS) @whitelist_subnets(config.SCEP_SUBNETS)
def on_get(self, req, resp): def on_get(self, req, resp):
operation = req.get_param("operation", required=True) operation = req.get_param("operation", required=True)

View File

@ -5,14 +5,12 @@ from certidude import const, config
from certidude.decorators import serialize from certidude.decorators import serialize
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
from certidude.firewall import whitelist_subject from certidude.firewall import whitelist_subject
from .utils import AuthorityHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True) env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)
class ScriptResource(): class ScriptResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
@whitelist_subject @whitelist_subject
def on_get(self, req, resp, cn): def on_get(self, req, resp, cn):
path, buf, cert, attribs = self.authority.get_attributes(cn) path, buf, cert, attribs = self.authority.get_attributes(cn)

View File

@ -6,13 +6,11 @@ import hashlib
from certidude.auth import login_required, authorize_admin from certidude.auth import login_required, authorize_admin
from certidude.decorators import csrf_protection from certidude.decorators import csrf_protection
from xattr import getxattr from xattr import getxattr
from .utils import AuthorityHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class SignedCertificateDetailResource(object): class SignedCertificateDetailResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
def on_get(self, req, resp, cn): def on_get(self, req, resp, cn):
preferred_type = req.client_prefers(("application/json", "application/x-pem-file")) preferred_type = req.client_prefers(("application/json", "application/x-pem-file"))

View File

@ -4,13 +4,11 @@ from xattr import getxattr, removexattr, setxattr
from certidude import push from certidude import push
from certidude.auth import login_required, authorize_admin from certidude.auth import login_required, authorize_admin
from certidude.decorators import serialize, csrf_protection from certidude.decorators import serialize, csrf_protection
from .utils import AuthorityHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class TagResource(object): class TagResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
@serialize @serialize
@login_required @login_required
@authorize_admin @authorize_admin

View File

@ -13,13 +13,11 @@ from certidude.decorators import serialize
from certidude.user import User from certidude.user import User
from certidude import config from certidude import config
from certidude.auth import login_required, authorize_admin from certidude.auth import login_required, authorize_admin
from .utils import AuthorityHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class TokenResource(object): class TokenResource(AuthorityHandler):
def __init__(self, authority):
self.authority = authority
def on_put(self, req, resp): def on_put(self, req, resp):
# Consume token # Consume token
now = time() now = time()