mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Refactor request submission
API now properly distinguishes duplicate request from other requests with same common name.
This commit is contained in:
parent
aacf94bb28
commit
d8abde3d53
@ -68,11 +68,16 @@ class RequestListResource(object):
|
||||
# Attempt to save the request otherwise
|
||||
try:
|
||||
csr = authority.store_request(body)
|
||||
except FileExistsError:
|
||||
except authority.RequestExists:
|
||||
# We should stil redirect client to long poll URL below
|
||||
pass
|
||||
except authority.DuplicateCommonNameError:
|
||||
# TODO: Certificate renewal
|
||||
logger.warning("Rejected signing request with overlapping common name from %s", req.env["REMOTE_ADDR"])
|
||||
raise falcon.HTTPConflict(
|
||||
"CSR with such CN already exists",
|
||||
"Will not overwrite existing certificate signing request, explicitly delete CSR and try again")
|
||||
else:
|
||||
push.publish("request-submitted", csr.common_name)
|
||||
|
||||
# Wait the certificate to be signed if waiting is requested
|
||||
|
@ -15,6 +15,12 @@ RE_HOSTNAME = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0
|
||||
# https://jamielinux.com/docs/openssl-certificate-authority/
|
||||
# http://pycopia.googlecode.com/svn/trunk/net/pycopia/ssl/certs.py
|
||||
|
||||
class RequestExists(Exception):
|
||||
pass
|
||||
|
||||
class DuplicateCommonNameError(Exception):
|
||||
pass
|
||||
|
||||
def publish_certificate(func):
|
||||
# TODO: Implement e-mail and nginx notifications using hooks
|
||||
def wrapped(csr, *args, **kwargs):
|
||||
@ -61,9 +67,10 @@ def store_request(buf, overwrite=False):
|
||||
|
||||
# If there is cert, check if it's the same
|
||||
if os.path.exists(request_path):
|
||||
if open(request_path).read() != buf:
|
||||
print("Request already exists, not creating new request")
|
||||
raise FileExistsError("Request already exists")
|
||||
if open(request_path).read() == buf:
|
||||
raise RequestExists("Request already exists")
|
||||
else:
|
||||
raise DuplicateCommonNameError("Another request with same common name already exists")
|
||||
else:
|
||||
with open(request_path + ".part", "w") as fh:
|
||||
fh.write(buf)
|
||||
|
Loading…
Reference in New Issue
Block a user