api: Use common AuthorityResource where possible

2025-10-31 01:19:11 +00:00 · 2018-02-03 13:10:45 +02:00
parent 4580663608
commit c9dd058d75
10 changed files with 22 additions and 48 deletions
--- a/certidude/api/bootstrap.py
+++ b/certidude/api/bootstrap.py
@@ -3,13 +3,11 @@ from certidude.decorators import serialize
 from certidude.config import cp
 from certidude import config, const
 from jinja2 import Template
+from .utils import AuthorityHandler

 logger = logging.getLogger(__name__)

-class BootstrapResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class BootstrapResource(AuthorityHandler):
    def on_get(self, req, resp):
        resp.body = Template(open(config.BOOTSTRAP_TEMPLATE).read()).render(
            authority = const.FQDN,
--- a/certidude/api/lease.py
+++ b/certidude/api/lease.py
@@ -8,15 +8,13 @@ from datetime import datetime
 from certidude import config, push
 from certidude.auth import login_required, authorize_admin, authorize_server
 from certidude.decorators import serialize
+from .utils import AuthorityHandler

 logger = logging.getLogger(__name__)

 # TODO: lease namespacing (?)

-class LeaseDetailResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class LeaseDetailResource(AuthorityHandler):
    @serialize
    @login_required
    @authorize_admin
@@ -32,10 +30,7 @@ class LeaseDetailResource(object):
            raise falcon.HTTPNotFound()


-class LeaseResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class LeaseResource(AuthorityHandler):
    @authorize_server
    def on_post(self, req, resp):
        client_common_name = req.get_param("client", required=True)
--- a/certidude/api/ocsp.py
+++ b/certidude/api/ocsp.py
@@ -11,11 +11,9 @@ from certidude.firewall import whitelist_subnets
 from datetime import datetime, timedelta
 from oscrypto import keys, asymmetric, symmetric
 from oscrypto.errors import SignatureError
+from .utils import AuthorityHandler

-class OCSPResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class OCSPResource(AuthorityHandler):
    @whitelist_subnets(config.OCSP_SUBNETS)
    def __call__(self, req, resp):
        try:
--- a/certidude/api/request.py
+++ b/certidude/api/request.py
@@ -16,6 +16,7 @@ from datetime import datetime
 from oscrypto import asymmetric
 from oscrypto.errors import SignatureError
 from xattr import getxattr
+from .utils import AuthorityHandler

 logger = logging.getLogger(__name__)

@@ -26,10 +27,7 @@ curl -f -L -H "Content-type: application/pkcs10" --data-binary @test.csr \
  http://ca.example.lan/api/request/?wait=yes
 """

-class RequestListResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class RequestListResource(AuthorityHandler):
    @login_optional
    @whitelist_subnets(config.REQUEST_SUBNETS)
    @whitelist_content_types("application/pkcs10")
@@ -177,10 +175,7 @@ class RequestListResource(object):
                    cls=MyEncoder)


-class RequestDetailResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class RequestDetailResource(AuthorityHandler):
    def on_get(self, req, resp, cn):
        """
        Fetch certificate signing request as PEM
--- a/certidude/api/revoked.py
+++ b/certidude/api/revoked.py
@@ -5,13 +5,11 @@ import json
 import logging
 from certidude import const, config
 from certidude.firewall import whitelist_subnets
+from .utils import AuthorityHandler

 logger = logging.getLogger(__name__)

-class RevocationListResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class RevocationListResource(AuthorityHandler):
    @whitelist_subnets(config.CRL_SUBNETS)
    def on_get(self, req, resp):
        # Primarily offer DER encoded CRL as per RFC5280
--- a/certidude/api/scep.py
+++ b/certidude/api/scep.py
@@ -9,6 +9,7 @@ from certidude import push, config
 from certidude.firewall import whitelist_subnets
 from oscrypto import keys, asymmetric, symmetric
 from oscrypto.errors import SignatureError
+from .utils import AuthorityHandler

 # Monkey patch asn1crypto

@@ -36,10 +37,7 @@ class SCEPBadRequest(SCEPError): code = 2
 class SCEPBadTime(SCEPError): code = 3
 class SCEPBadCertId(SCEPError): code = 4

-class SCEPResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class SCEPResource(AuthorityHandler):
    @whitelist_subnets(config.SCEP_SUBNETS)
    def on_get(self, req, resp):
        operation = req.get_param("operation", required=True)
--- a/certidude/api/script.py
+++ b/certidude/api/script.py
@@ -5,14 +5,12 @@ from certidude import const, config
 from certidude.decorators import serialize
 from jinja2 import Environment, FileSystemLoader
 from certidude.firewall import whitelist_subject
+from .utils import AuthorityHandler

 logger = logging.getLogger(__name__)
 env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)

-class ScriptResource():
-    def __init__(self, authority):
-        self.authority = authority
-
+class ScriptResource(AuthorityHandler):
    @whitelist_subject
    def on_get(self, req, resp, cn):
        path, buf, cert, attribs = self.authority.get_attributes(cn)
--- a/certidude/api/signed.py
+++ b/certidude/api/signed.py
@@ -6,13 +6,11 @@ import hashlib
 from certidude.auth import login_required, authorize_admin
 from certidude.decorators import csrf_protection
 from xattr import getxattr
+from .utils import AuthorityHandler

 logger = logging.getLogger(__name__)

-class SignedCertificateDetailResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class SignedCertificateDetailResource(AuthorityHandler):
    def on_get(self, req, resp, cn):

        preferred_type = req.client_prefers(("application/json", "application/x-pem-file"))
--- a/certidude/api/tag.py
+++ b/certidude/api/tag.py
@@ -4,13 +4,11 @@ from xattr import getxattr, removexattr, setxattr
 from certidude import push
 from certidude.auth import login_required, authorize_admin
 from certidude.decorators import serialize, csrf_protection
+from .utils import AuthorityHandler

 logger = logging.getLogger(__name__)

-class TagResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class TagResource(AuthorityHandler):
    @serialize
    @login_required
    @authorize_admin
--- a/certidude/api/token.py
+++ b/certidude/api/token.py
@@ -13,13 +13,11 @@ from certidude.decorators import serialize
 from certidude.user import User
 from certidude import config
 from certidude.auth import login_required, authorize_admin
+from .utils import AuthorityHandler

 logger = logging.getLogger(__name__)

-class TokenResource(object):
-    def __init__(self, authority):
-        self.authority = authority
-
+class TokenResource(AuthorityHandler):
    def on_put(self, req, resp):
        # Consume token
        now = time()