1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Refactor request submission

API now properly distinguishes duplicate request from other requests with same common name.
This commit is contained in:
Lauri Võsandi 2016-01-14 11:02:57 +02:00
parent aacf94bb28
commit d8abde3d53
2 changed files with 17 additions and 5 deletions

View File

@ -68,12 +68,17 @@ class RequestListResource(object):
# Attempt to save the request otherwise # Attempt to save the request otherwise
try: try:
csr = authority.store_request(body) csr = authority.store_request(body)
except FileExistsError: except authority.RequestExists:
# We should stil redirect client to long poll URL below
pass
except authority.DuplicateCommonNameError:
# TODO: Certificate renewal
logger.warning("Rejected signing request with overlapping common name from %s", req.env["REMOTE_ADDR"]) logger.warning("Rejected signing request with overlapping common name from %s", req.env["REMOTE_ADDR"])
raise falcon.HTTPConflict( raise falcon.HTTPConflict(
"CSR with such CN already exists", "CSR with such CN already exists",
"Will not overwrite existing certificate signing request, explicitly delete CSR and try again") "Will not overwrite existing certificate signing request, explicitly delete CSR and try again")
push.publish("request-submitted", csr.common_name) else:
push.publish("request-submitted", csr.common_name)
# Wait the certificate to be signed if waiting is requested # Wait the certificate to be signed if waiting is requested
if req.get_param("wait"): if req.get_param("wait"):

View File

@ -15,6 +15,12 @@ RE_HOSTNAME = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0
# https://jamielinux.com/docs/openssl-certificate-authority/ # https://jamielinux.com/docs/openssl-certificate-authority/
# http://pycopia.googlecode.com/svn/trunk/net/pycopia/ssl/certs.py # http://pycopia.googlecode.com/svn/trunk/net/pycopia/ssl/certs.py
class RequestExists(Exception):
pass
class DuplicateCommonNameError(Exception):
pass
def publish_certificate(func): def publish_certificate(func):
# TODO: Implement e-mail and nginx notifications using hooks # TODO: Implement e-mail and nginx notifications using hooks
def wrapped(csr, *args, **kwargs): def wrapped(csr, *args, **kwargs):
@ -61,9 +67,10 @@ def store_request(buf, overwrite=False):
# If there is cert, check if it's the same # If there is cert, check if it's the same
if os.path.exists(request_path): if os.path.exists(request_path):
if open(request_path).read() != buf: if open(request_path).read() == buf:
print("Request already exists, not creating new request") raise RequestExists("Request already exists")
raise FileExistsError("Request already exists") else:
raise DuplicateCommonNameError("Another request with same common name already exists")
else: else:
with open(request_path + ".part", "w") as fh: with open(request_path + ".part", "w") as fh:
fh.write(buf) fh.write(buf)