1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 16:25:17 +00:00

api: Use common AuthorityResource where possible

This commit is contained in:
Priit Laes 2018-02-03 13:10:45 +02:00
parent 4580663608
commit c9dd058d75
10 changed files with 22 additions and 48 deletions

View File

@ -3,13 +3,11 @@ from certidude.decorators import serialize
from certidude.config import cp
from certidude import config, const
from jinja2 import Template
from .utils import AuthorityHandler
logger = logging.getLogger(__name__)
class BootstrapResource(object):
def __init__(self, authority):
self.authority = authority
class BootstrapResource(AuthorityHandler):
def on_get(self, req, resp):
resp.body = Template(open(config.BOOTSTRAP_TEMPLATE).read()).render(
authority = const.FQDN,

View File

@ -8,15 +8,13 @@ from datetime import datetime
from certidude import config, push
from certidude.auth import login_required, authorize_admin, authorize_server
from certidude.decorators import serialize
from .utils import AuthorityHandler
logger = logging.getLogger(__name__)
# TODO: lease namespacing (?)
class LeaseDetailResource(object):
def __init__(self, authority):
self.authority = authority
class LeaseDetailResource(AuthorityHandler):
@serialize
@login_required
@authorize_admin
@ -32,10 +30,7 @@ class LeaseDetailResource(object):
raise falcon.HTTPNotFound()
class LeaseResource(object):
def __init__(self, authority):
self.authority = authority
class LeaseResource(AuthorityHandler):
@authorize_server
def on_post(self, req, resp):
client_common_name = req.get_param("client", required=True)

View File

@ -11,11 +11,9 @@ from certidude.firewall import whitelist_subnets
from datetime import datetime, timedelta
from oscrypto import keys, asymmetric, symmetric
from oscrypto.errors import SignatureError
from .utils import AuthorityHandler
class OCSPResource(object):
def __init__(self, authority):
self.authority = authority
class OCSPResource(AuthorityHandler):
@whitelist_subnets(config.OCSP_SUBNETS)
def __call__(self, req, resp):
try:

View File

@ -16,6 +16,7 @@ from datetime import datetime
from oscrypto import asymmetric
from oscrypto.errors import SignatureError
from xattr import getxattr
from .utils import AuthorityHandler
logger = logging.getLogger(__name__)
@ -26,10 +27,7 @@ curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \
http://ca.example.lan/api/request/?wait=yes
"""
class RequestListResource(object):
def __init__(self, authority):
self.authority = authority
class RequestListResource(AuthorityHandler):
@login_optional
@whitelist_subnets(config.REQUEST_SUBNETS)
@whitelist_content_types("application/pkcs10")
@ -177,10 +175,7 @@ class RequestListResource(object):
cls=MyEncoder)
class RequestDetailResource(object):
def __init__(self, authority):
self.authority = authority
class RequestDetailResource(AuthorityHandler):
def on_get(self, req, resp, cn):
"""
Fetch certificate signing request as PEM

View File

@ -5,13 +5,11 @@ import json
import logging
from certidude import const, config
from certidude.firewall import whitelist_subnets
from .utils import AuthorityHandler
logger = logging.getLogger(__name__)
class RevocationListResource(object):
def __init__(self, authority):
self.authority = authority
class RevocationListResource(AuthorityHandler):
@whitelist_subnets(config.CRL_SUBNETS)
def on_get(self, req, resp):
# Primarily offer DER encoded CRL as per RFC5280

View File

@ -9,6 +9,7 @@ from certidude import push, config
from certidude.firewall import whitelist_subnets
from oscrypto import keys, asymmetric, symmetric
from oscrypto.errors import SignatureError
from .utils import AuthorityHandler
# Monkey patch asn1crypto
@ -36,10 +37,7 @@ class SCEPBadRequest(SCEPError): code = 2
class SCEPBadTime(SCEPError): code = 3
class SCEPBadCertId(SCEPError): code = 4
class SCEPResource(object):
def __init__(self, authority):
self.authority = authority
class SCEPResource(AuthorityHandler):
@whitelist_subnets(config.SCEP_SUBNETS)
def on_get(self, req, resp):
operation = req.get_param("operation", required=True)

View File

@ -5,14 +5,12 @@ from certidude import const, config
from certidude.decorators import serialize
from jinja2 import Environment, FileSystemLoader
from certidude.firewall import whitelist_subject
from .utils import AuthorityHandler
logger = logging.getLogger(__name__)
env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)
class ScriptResource():
def __init__(self, authority):
self.authority = authority
class ScriptResource(AuthorityHandler):
@whitelist_subject
def on_get(self, req, resp, cn):
path, buf, cert, attribs = self.authority.get_attributes(cn)

View File

@ -6,13 +6,11 @@ import hashlib
from certidude.auth import login_required, authorize_admin
from certidude.decorators import csrf_protection
from xattr import getxattr
from .utils import AuthorityHandler
logger = logging.getLogger(__name__)
class SignedCertificateDetailResource(object):
def __init__(self, authority):
self.authority = authority
class SignedCertificateDetailResource(AuthorityHandler):
def on_get(self, req, resp, cn):
preferred_type = req.client_prefers(("application/json", "application/x-pem-file"))

View File

@ -4,13 +4,11 @@ from xattr import getxattr, removexattr, setxattr
from certidude import push
from certidude.auth import login_required, authorize_admin
from certidude.decorators import serialize, csrf_protection
from .utils import AuthorityHandler
logger = logging.getLogger(__name__)
class TagResource(object):
def __init__(self, authority):
self.authority = authority
class TagResource(AuthorityHandler):
@serialize
@login_required
@authorize_admin

View File

@ -13,13 +13,11 @@ from certidude.decorators import serialize
from certidude.user import User
from certidude import config
from certidude.auth import login_required, authorize_admin
from .utils import AuthorityHandler
logger = logging.getLogger(__name__)
class TokenResource(object):
def __init__(self, authority):
self.authority = authority
class TokenResource(AuthorityHandler):
def on_put(self, req, resp):
# Consume token
now = time()