mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
api: Use common AuthorityResource where possible
This commit is contained in:
parent
4580663608
commit
c9dd058d75
@ -3,13 +3,11 @@ from certidude.decorators import serialize
|
|||||||
from certidude.config import cp
|
from certidude.config import cp
|
||||||
from certidude import config, const
|
from certidude import config, const
|
||||||
from jinja2 import Template
|
from jinja2 import Template
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class BootstrapResource(object):
|
class BootstrapResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
resp.body = Template(open(config.BOOTSTRAP_TEMPLATE).read()).render(
|
resp.body = Template(open(config.BOOTSTRAP_TEMPLATE).read()).render(
|
||||||
authority = const.FQDN,
|
authority = const.FQDN,
|
||||||
|
@ -8,15 +8,13 @@ from datetime import datetime
|
|||||||
from certidude import config, push
|
from certidude import config, push
|
||||||
from certidude.auth import login_required, authorize_admin, authorize_server
|
from certidude.auth import login_required, authorize_admin, authorize_server
|
||||||
from certidude.decorators import serialize
|
from certidude.decorators import serialize
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# TODO: lease namespacing (?)
|
# TODO: lease namespacing (?)
|
||||||
|
|
||||||
class LeaseDetailResource(object):
|
class LeaseDetailResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
@serialize
|
@serialize
|
||||||
@login_required
|
@login_required
|
||||||
@authorize_admin
|
@authorize_admin
|
||||||
@ -32,10 +30,7 @@ class LeaseDetailResource(object):
|
|||||||
raise falcon.HTTPNotFound()
|
raise falcon.HTTPNotFound()
|
||||||
|
|
||||||
|
|
||||||
class LeaseResource(object):
|
class LeaseResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
@authorize_server
|
@authorize_server
|
||||||
def on_post(self, req, resp):
|
def on_post(self, req, resp):
|
||||||
client_common_name = req.get_param("client", required=True)
|
client_common_name = req.get_param("client", required=True)
|
||||||
|
@ -11,11 +11,9 @@ from certidude.firewall import whitelist_subnets
|
|||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
from oscrypto import keys, asymmetric, symmetric
|
from oscrypto import keys, asymmetric, symmetric
|
||||||
from oscrypto.errors import SignatureError
|
from oscrypto.errors import SignatureError
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
class OCSPResource(object):
|
class OCSPResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
@whitelist_subnets(config.OCSP_SUBNETS)
|
@whitelist_subnets(config.OCSP_SUBNETS)
|
||||||
def __call__(self, req, resp):
|
def __call__(self, req, resp):
|
||||||
try:
|
try:
|
||||||
|
@ -16,6 +16,7 @@ from datetime import datetime
|
|||||||
from oscrypto import asymmetric
|
from oscrypto import asymmetric
|
||||||
from oscrypto.errors import SignatureError
|
from oscrypto.errors import SignatureError
|
||||||
from xattr import getxattr
|
from xattr import getxattr
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
@ -26,10 +27,7 @@ curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \
|
|||||||
http://ca.example.lan/api/request/?wait=yes
|
http://ca.example.lan/api/request/?wait=yes
|
||||||
"""
|
"""
|
||||||
|
|
||||||
class RequestListResource(object):
|
class RequestListResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
@login_optional
|
@login_optional
|
||||||
@whitelist_subnets(config.REQUEST_SUBNETS)
|
@whitelist_subnets(config.REQUEST_SUBNETS)
|
||||||
@whitelist_content_types("application/pkcs10")
|
@whitelist_content_types("application/pkcs10")
|
||||||
@ -177,10 +175,7 @@ class RequestListResource(object):
|
|||||||
cls=MyEncoder)
|
cls=MyEncoder)
|
||||||
|
|
||||||
|
|
||||||
class RequestDetailResource(object):
|
class RequestDetailResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
def on_get(self, req, resp, cn):
|
def on_get(self, req, resp, cn):
|
||||||
"""
|
"""
|
||||||
Fetch certificate signing request as PEM
|
Fetch certificate signing request as PEM
|
||||||
|
@ -5,13 +5,11 @@ import json
|
|||||||
import logging
|
import logging
|
||||||
from certidude import const, config
|
from certidude import const, config
|
||||||
from certidude.firewall import whitelist_subnets
|
from certidude.firewall import whitelist_subnets
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class RevocationListResource(object):
|
class RevocationListResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
@whitelist_subnets(config.CRL_SUBNETS)
|
@whitelist_subnets(config.CRL_SUBNETS)
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
# Primarily offer DER encoded CRL as per RFC5280
|
# Primarily offer DER encoded CRL as per RFC5280
|
||||||
|
@ -9,6 +9,7 @@ from certidude import push, config
|
|||||||
from certidude.firewall import whitelist_subnets
|
from certidude.firewall import whitelist_subnets
|
||||||
from oscrypto import keys, asymmetric, symmetric
|
from oscrypto import keys, asymmetric, symmetric
|
||||||
from oscrypto.errors import SignatureError
|
from oscrypto.errors import SignatureError
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
# Monkey patch asn1crypto
|
# Monkey patch asn1crypto
|
||||||
|
|
||||||
@ -36,10 +37,7 @@ class SCEPBadRequest(SCEPError): code = 2
|
|||||||
class SCEPBadTime(SCEPError): code = 3
|
class SCEPBadTime(SCEPError): code = 3
|
||||||
class SCEPBadCertId(SCEPError): code = 4
|
class SCEPBadCertId(SCEPError): code = 4
|
||||||
|
|
||||||
class SCEPResource(object):
|
class SCEPResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
@whitelist_subnets(config.SCEP_SUBNETS)
|
@whitelist_subnets(config.SCEP_SUBNETS)
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
operation = req.get_param("operation", required=True)
|
operation = req.get_param("operation", required=True)
|
||||||
|
@ -5,14 +5,12 @@ from certidude import const, config
|
|||||||
from certidude.decorators import serialize
|
from certidude.decorators import serialize
|
||||||
from jinja2 import Environment, FileSystemLoader
|
from jinja2 import Environment, FileSystemLoader
|
||||||
from certidude.firewall import whitelist_subject
|
from certidude.firewall import whitelist_subject
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)
|
env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)
|
||||||
|
|
||||||
class ScriptResource():
|
class ScriptResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
@whitelist_subject
|
@whitelist_subject
|
||||||
def on_get(self, req, resp, cn):
|
def on_get(self, req, resp, cn):
|
||||||
path, buf, cert, attribs = self.authority.get_attributes(cn)
|
path, buf, cert, attribs = self.authority.get_attributes(cn)
|
||||||
|
@ -6,13 +6,11 @@ import hashlib
|
|||||||
from certidude.auth import login_required, authorize_admin
|
from certidude.auth import login_required, authorize_admin
|
||||||
from certidude.decorators import csrf_protection
|
from certidude.decorators import csrf_protection
|
||||||
from xattr import getxattr
|
from xattr import getxattr
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class SignedCertificateDetailResource(object):
|
class SignedCertificateDetailResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
def on_get(self, req, resp, cn):
|
def on_get(self, req, resp, cn):
|
||||||
|
|
||||||
preferred_type = req.client_prefers(("application/json", "application/x-pem-file"))
|
preferred_type = req.client_prefers(("application/json", "application/x-pem-file"))
|
||||||
|
@ -4,13 +4,11 @@ from xattr import getxattr, removexattr, setxattr
|
|||||||
from certidude import push
|
from certidude import push
|
||||||
from certidude.auth import login_required, authorize_admin
|
from certidude.auth import login_required, authorize_admin
|
||||||
from certidude.decorators import serialize, csrf_protection
|
from certidude.decorators import serialize, csrf_protection
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class TagResource(object):
|
class TagResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
@serialize
|
@serialize
|
||||||
@login_required
|
@login_required
|
||||||
@authorize_admin
|
@authorize_admin
|
||||||
|
@ -13,13 +13,11 @@ from certidude.decorators import serialize
|
|||||||
from certidude.user import User
|
from certidude.user import User
|
||||||
from certidude import config
|
from certidude import config
|
||||||
from certidude.auth import login_required, authorize_admin
|
from certidude.auth import login_required, authorize_admin
|
||||||
|
from .utils import AuthorityHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class TokenResource(object):
|
class TokenResource(AuthorityHandler):
|
||||||
def __init__(self, authority):
|
|
||||||
self.authority = authority
|
|
||||||
|
|
||||||
def on_put(self, req, resp):
|
def on_put(self, req, resp):
|
||||||
# Consume token
|
# Consume token
|
||||||
now = time()
|
now = time()
|
||||||
|
Loading…
Reference in New Issue
Block a user