def fixup_csr(ra_name, csr, request): """Apply configured changes to the certificate. :param ra_name: registration authority name :param csr: X509 certificate signing request :param request: pecan request """ ra_conf = jsonloader.config_for_registration_authority(ra_name) args = {'csr': csr, 'conf': ra_conf, 'request': request} fixups = ra_conf.get('fixups', {}) try: for fixup_name, fixup in fixups.items(): new_csr = _run_fixup(fixup_name, fixup, args) if new_csr is None: pecan.abort(500, "Could not finish all required modifications") if not isinstance(new_csr, signing_request.X509Csr): logger.error("Fixup %s returned incorrect object", fixup_name) pecan.abort(500, "Could not finish all required modifications") args['csr'] = new_csr except http_status.HTTPInternalServerError: raise except Exception: logger.exception("Failed to execute fixups") pecan.abort(500, "Could not finish all required modifications") return args['csr']
def validate_csr(ra_name, auth_result, csr, request): """Validates various aspects of the CSR based on the loaded config. The arguments of this method are passed to the underlying validate methods. Therefore, some may be optional, depending on which validation routines are specified in the configuration. :param ra_name: name of the registration authority :param auth_result: AuthDetails value from auth.validate :param csr: CSR value from certificate_ops.parse_csr :param request: pecan request object associated with this action """ ra_conf = jsonloader.config_for_registration_authority(ra_name) args = {'auth_result': auth_result, 'csr': csr, 'conf': ra_conf, 'request': request} # It is ok if the config doesn't have any validators listed valid = True try: for vname, validator in ra_conf['validators'].items(): valid = _run_validator(vname, validator, args) if not valid: break except Exception as e: logger.exception("Error running validator <%s> - %s", vname, e) pecan.abort(500, "Internal Validation Error running validator " "'{}' for registration authority " "'{}'".format(vname, ra_name)) if not valid: pecan.abort(400, "CSR failed validation")
def validate_csr(ra_name, auth_result, csr, request): """Validates various aspects of the CSR based on the loaded config. The arguments of this method are passed to the underlying validate methods. Therefore, some may be optional, depending on which validation routines are specified in the configuration. :param ra_name: name of the registration authority :param auth_result: AuthDetails value from auth.validate :param csr: CSR value from certificate_ops.parse_csr :param request: pecan request object associated with this action """ ra_conf = jsonloader.config_for_registration_authority(ra_name) args = { 'auth_result': auth_result, 'csr': csr, 'conf': ra_conf, 'request': request } # It is ok if the config doesn't have any validators listed valid = {} for validator in ENFORCED_VALIDATORS: vname = validator.__name__ valid[vname] = _run_validator(vname, validator, {}, args) for vname, options in ra_conf['validators'].items(): validator = jsonloader.conf.get_validator(vname) valid[vname] = _run_validator(vname, validator, options, args) return valid
def validate_csr(ra_name, auth_result, csr, request): """Validates various aspects of the CSR based on the loaded config. The arguments of this method are passed to the underlying validate methods. Therefore, some may be optional, depending on which validation routines are specified in the configuration. :param ra_name: name of the registration authority :param auth_result: AuthDetails value from auth.validate :param csr: CSR value from certificate_ops.parse_csr :param request: pecan request object associated with this action """ ra_conf = jsonloader.config_for_registration_authority(ra_name) args = {'auth_result': auth_result, 'csr': csr, 'conf': ra_conf, 'request': request} # It is ok if the config doesn't have any validators listed valid = {} for validator in ENFORCED_VALIDATORS: vname = validator.__name__ valid[vname] = _run_validator(vname, validator, {}, args) for vname, options in ra_conf['validators'].items(): validator = jsonloader.conf.get_validator(vname) valid[vname] = _run_validator(vname, validator, options, args) return valid