def post(self, certpath):
uploaded_file = request.files["file"]
if not uploaded_file:
raise InvalidRequest("Missing certificate file")
# Save the certificate.
certpath = pathvalidate.sanitize_filename(certpath)
if not certpath.endswith(".crt"):
raise InvalidRequest("Invalid certificate file: must have suffix `.crt`")
logger.debug("Saving custom certificate %s", certpath)
cert_full_path = config_provider.get_volume_path(EXTRA_CA_DIRECTORY, certpath)
config_provider.save_volume_file(cert_full_path, uploaded_file)
logger.debug("Saved custom certificate %s", certpath)
# Validate the certificate.
try:
logger.debug("Loading custom certificate %s", certpath)
with config_provider.get_volume_file(cert_full_path) as f:
load_certificate(f.read())
except CertInvalidException:
logger.exception("Got certificate invalid error for cert %s", certpath)
return "", 204
except IOError:
logger.exception("Got IO error for cert %s", certpath)
return "", 204
# Call the update script with config dir location to install the certificate immediately.
if not app.config["TESTING"]:
cert_dir = os.path.join(config_provider.get_config_dir_path(), EXTRA_CA_DIRECTORY)
if (
subprocess.call(
[os.path.join(INIT_SCRIPTS_LOCATION, "certs_install.sh")],
env={"CERTDIR": cert_dir},
)
!= 0
):
raise Exception("Could not install certificates")
return "", 204
def get(self):
has_extra_certs_path = config_provider.volume_file_exists(
EXTRA_CA_DIRECTORY)
extra_certs_found = config_provider.list_volume_directory(
EXTRA_CA_DIRECTORY)
if extra_certs_found is None:
return {
"status": "file" if has_extra_certs_path else "none",
}
cert_views = []
for extra_cert_path in extra_certs_found:
try:
cert_full_path = config_provider.get_volume_path(
EXTRA_CA_DIRECTORY, extra_cert_path)
with config_provider.get_volume_file(cert_full_path) as f:
certificate = load_certificate(f.read())
cert_views.append({
"path": extra_cert_path,
"names": list(certificate.names),
"expired": certificate.expired,
})
except CertInvalidException as cie:
cert_views.append({
"path": extra_cert_path,
"error": cie.message,
})
except IOError as ioe:
cert_views.append({
"path": extra_cert_path,
"error": ioe.message,
})
return {
"status": "directory",
"certs": cert_views,
}
def post(self, certpath):
uploaded_file = request.files["file"]
if not uploaded_file:
raise InvalidRequest("Missing certificate file")
# Save the certificate.
certpath = pathvalidate.sanitize_filename(certpath)
if not certpath.endswith(".crt"):
raise InvalidRequest(
"Invalid certificate file: must have suffix `.crt`")
logger.debug("Saving custom certificate %s", certpath)
cert_full_path = config_provider.get_volume_path(
EXTRA_CA_DIRECTORY, certpath)
filename = config_provider.save_volume_file(cert_full_path,
uploaded_file)
logger.debug("Saved custom certificate %s to %s", certpath, filename)
# Validate the certificate.
try:
logger.debug("Loading custom certificate %s", certpath)
with config_provider.get_volume_file(cert_full_path) as f:
load_certificate(f.read())
except CertInvalidException:
logger.exception("Got certificate invalid error for cert %s",
certpath)
return "", 204
except IOError:
logger.exception("Got IO error for cert %s", certpath)
return "", 204
# Call the update script with config dir location to install the certificate immediately.
# This is needed by the configuration application to verify connections to external services
# which require a self-signed or otherwise user-managed certificate.
if not app.config["TESTING"]:
try:
cert_dir = os.path.join(config_provider.get_config_dir_path(),
EXTRA_CA_DIRECTORY)
script_env = {"CERTDIR": cert_dir}
logger.debug("Installing certificates from the directory: %s" %
cert_dir)
script_filename = os.path.join(INIT_SCRIPTS_LOCATION,
"certs_install.sh")
logger.debug("Running script to install all certificates: %s",
script_filename)
process = Popen([script_filename],
stderr=PIPE,
stdout=PIPE,
env=script_env)
output, err = process.communicate()
return_code = process.returncode
if return_code != 0:
raise Exception(
"Could not install certificates. Output: %s" % output)
else:
logger.debug(
"Successfully installed certificates. Output: %s",
output)
except Exception as e:
logger.exception(
"Unable to install certificates. Unexpected error: %s", e)
else:
msg = (
"Quay is using the test configuration. Certificates will not be installed. "
"This may break the configuration app's ability to verify certificates."
)
logger.warning(msg)
return "", 204