Refactor request submission

API now properly distinguishes duplicate request from other requests with same common name.
2025-10-31 09:29:13 +00:00 · 2016-01-14 11:02:57 +02:00
parent aacf94bb28
commit d8abde3d53
2 changed files with 17 additions and 5 deletions
--- a/certidude/api/request.py
+++ b/certidude/api/request.py
@@ -68,11 +68,16 @@ class RequestListResource(object):
        # Attempt to save the request otherwise
        try:
            csr = authority.store_request(body)
-        except FileExistsError:
+        except authority.RequestExists:
+            # We should stil redirect client to long poll URL below
+            pass
+        except authority.DuplicateCommonNameError:
+            # TODO: Certificate renewal
            logger.warning("Rejected signing request with overlapping common name from %s", req.env["REMOTE_ADDR"])
            raise falcon.HTTPConflict(
                "CSR with such CN already exists",
                "Will not overwrite existing certificate signing request, explicitly delete CSR and try again")
+        else:
            push.publish("request-submitted", csr.common_name)

        # Wait the certificate to be signed if waiting is requested
--- a/certidude/authority.py
+++ b/certidude/authority.py
@@ -15,6 +15,12 @@ RE_HOSTNAME = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0
 # https://jamielinux.com/docs/openssl-certificate-authority/
 # http://pycopia.googlecode.com/svn/trunk/net/pycopia/ssl/certs.py

+class RequestExists(Exception):
+    pass
+
+class DuplicateCommonNameError(Exception):
+    pass
+
 def publish_certificate(func):
    # TODO: Implement e-mail and nginx notifications using hooks
    def wrapped(csr, *args, **kwargs):
@@ -61,9 +67,10 @@ def store_request(buf, overwrite=False):

    # If there is cert, check if it's the same
    if os.path.exists(request_path):
-        if open(request_path).read() != buf:
-            print("Request already exists, not creating new request")
-            raise FileExistsError("Request already exists")
+        if open(request_path).read() == buf:
+            raise RequestExists("Request already exists")
+        else:
+            raise DuplicateCommonNameError("Another request with same common name already exists")
    else:
        with open(request_path + ".part", "w") as fh:
            fh.write(buf)