mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Refactor request submission
API now properly distinguishes duplicate request from other requests with same common name.
This commit is contained in:
parent
aacf94bb28
commit
d8abde3d53
@ -68,12 +68,17 @@ class RequestListResource(object):
|
|||||||
# Attempt to save the request otherwise
|
# Attempt to save the request otherwise
|
||||||
try:
|
try:
|
||||||
csr = authority.store_request(body)
|
csr = authority.store_request(body)
|
||||||
except FileExistsError:
|
except authority.RequestExists:
|
||||||
|
# We should stil redirect client to long poll URL below
|
||||||
|
pass
|
||||||
|
except authority.DuplicateCommonNameError:
|
||||||
|
# TODO: Certificate renewal
|
||||||
logger.warning("Rejected signing request with overlapping common name from %s", req.env["REMOTE_ADDR"])
|
logger.warning("Rejected signing request with overlapping common name from %s", req.env["REMOTE_ADDR"])
|
||||||
raise falcon.HTTPConflict(
|
raise falcon.HTTPConflict(
|
||||||
"CSR with such CN already exists",
|
"CSR with such CN already exists",
|
||||||
"Will not overwrite existing certificate signing request, explicitly delete CSR and try again")
|
"Will not overwrite existing certificate signing request, explicitly delete CSR and try again")
|
||||||
push.publish("request-submitted", csr.common_name)
|
else:
|
||||||
|
push.publish("request-submitted", csr.common_name)
|
||||||
|
|
||||||
# Wait the certificate to be signed if waiting is requested
|
# Wait the certificate to be signed if waiting is requested
|
||||||
if req.get_param("wait"):
|
if req.get_param("wait"):
|
||||||
|
@ -15,6 +15,12 @@ RE_HOSTNAME = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0
|
|||||||
# https://jamielinux.com/docs/openssl-certificate-authority/
|
# https://jamielinux.com/docs/openssl-certificate-authority/
|
||||||
# http://pycopia.googlecode.com/svn/trunk/net/pycopia/ssl/certs.py
|
# http://pycopia.googlecode.com/svn/trunk/net/pycopia/ssl/certs.py
|
||||||
|
|
||||||
|
class RequestExists(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
class DuplicateCommonNameError(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
def publish_certificate(func):
|
def publish_certificate(func):
|
||||||
# TODO: Implement e-mail and nginx notifications using hooks
|
# TODO: Implement e-mail and nginx notifications using hooks
|
||||||
def wrapped(csr, *args, **kwargs):
|
def wrapped(csr, *args, **kwargs):
|
||||||
@ -61,9 +67,10 @@ def store_request(buf, overwrite=False):
|
|||||||
|
|
||||||
# If there is cert, check if it's the same
|
# If there is cert, check if it's the same
|
||||||
if os.path.exists(request_path):
|
if os.path.exists(request_path):
|
||||||
if open(request_path).read() != buf:
|
if open(request_path).read() == buf:
|
||||||
print("Request already exists, not creating new request")
|
raise RequestExists("Request already exists")
|
||||||
raise FileExistsError("Request already exists")
|
else:
|
||||||
|
raise DuplicateCommonNameError("Another request with same common name already exists")
|
||||||
else:
|
else:
|
||||||
with open(request_path + ".part", "w") as fh:
|
with open(request_path + ".part", "w") as fh:
|
||||||
fh.write(buf)
|
fh.write(buf)
|
||||||
|
Loading…
Reference in New Issue
Block a user