def on_get(self, req, resp, cn): """ Fetch certificate signing request as PEM """ csr = authority.get_request(cn) logger.debug(u"Signing request %s was downloaded by %s", csr.common_name, req.context.get("remote_addr")) return csr
def on_patch(self, req, resp, cn): """ Sign a certificate signing request """ csr = authority.get_request(cn) cert = authority.sign(csr, overwrite=True, delete=True) os.unlink(csr.path) resp.body = "Certificate successfully signed" resp.status = falcon.HTTP_201 resp.location = os.path.join(req.relative_uri, "..", "..", "signed", cn) logger.info(u"Signing request %s signed by %s from %s", csr.common_name, req.context.get("user"), req.context.get("remote_addr"))
def on_get(self, req, resp, cn): """ Fetch certificate signing request as PEM """ try: path, buf, _ = authority.get_request(cn) except errors.RequestDoesNotExist: logger.warning(u"Failed to serve non-existant request %s to %s", cn, req.context.get("remote_addr")) raise falcon.HTTPNotFound() resp.set_header("Content-Type", "application/pkcs10") logger.debug(u"Signing request %s was downloaded by %s", cn, req.context.get("remote_addr")) preferred_type = req.client_prefers(("application/json", "application/x-pem-file")) if preferred_type == "application/x-pem-file": # For certidude client, curl scripts etc resp.set_header("Content-Type", "application/x-pem-file") resp.set_header("Content-Disposition", ("attachment; filename=%s.pem" % cn)) resp.body = buf elif preferred_type == "application/json": # For web interface events resp.set_header("Content-Type", "application/json") resp.set_header("Content-Disposition", ("attachment; filename=%s.json" % cn)) resp.body = json.dumps(dict( common_name = cn, server = authority.server_flags(cn), address = getxattr(path, "user.request.address"), # TODO: move to authority.py md5sum = hashlib.md5(buf).hexdigest(), sha1sum = hashlib.sha1(buf).hexdigest(), sha256sum = hashlib.sha256(buf).hexdigest(), sha512sum = hashlib.sha512(buf).hexdigest())) else: raise falcon.HTTPUnsupportedMediaType( "Client did not accept application/json or application/x-pem-file")