def perform(self, request):
secrets = Secrets.from_request(request)
serial = b64decode(self.serial).encode('hex')
with RawInput(self.csr) as inFile:
with RawInput(serial) as sFile:
with secrets.cert as certFile:
with secrets.key as keyFile:
with invoke('x509', inFile, 'req', days=365,
CAserial=sFile, CA=certFile,
CAkey=keyFile) as (out, err):
self.cert = (out.read().replace('\r', '\n')
.replace('\n\n', '\n'))
return self.cert
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
# Parse the CA settings (must occur before creating the Configurator)
Secrets.parse_config(settings)
RevokeDB.parse_config(settings)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
config = Configurator(settings=settings)
session_factory = session_factory_from_settings(settings)
config.set_session_factory(session_factory)
authn_policy = AuthTktAuthenticationPolicy(AUTH_SECRET, secure=AUTH_SECURE,
http_only=True, include_ip=True, cookie_name=AUTH_COOKIE, wild_domain=False,
timeout=AUTH_TIMEOUT, reissue_time=AUTH_REISSUE, callback=capability_finder)
authz_policy = CapabilityAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('test', '/test')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('crl', '/crl')
config.add_route('request', '/{type}/request')
config.add_route('check', '/{type}/check')
config.add_route('review', '/{type}/review')
config.add_route('revoke', '/{type}/revoke')
config.scan()
return config.make_wsgi_app()
def revoke(self, request):
secrets = Secrets.from_request(request)
revoked = RevokeDB.from_request(request)
with RawInput(self.cert) as toRevoke:
with secrets.cert as certFile:
with secrets.key as keyFile:
with revoked.config as configFile:
invoke('ca', None, revoke=toRevoke,
keyfile=keyFile, cert=certFile,
config=configFile, md='default')
self.cert = 'REVOKED'
invoke('ca', None, 'gencrl', keyfile=keyFile,
cert=certFile, out=revoked.crlFile,
config=configFile, md='default', crldays=30)
return 'Certificate revoked'