예제 #1
0
	def perform(self, request):
		secrets = Secrets.from_request(request)
		serial = b64decode(self.serial).encode('hex')
		with RawInput(self.csr) as inFile:
			with RawInput(serial) as sFile:				
				with secrets.cert as certFile:
					with secrets.key as keyFile:
						with invoke('x509', inFile, 'req', days=365,
									CAserial=sFile, CA=certFile,
									CAkey=keyFile) as (out, err):
							self.cert = (out.read().replace('\r', '\n')
												   .replace('\n\n', '\n'))
		return self.cert
예제 #2
0
def main(global_config, **settings):
	""" This function returns a Pyramid WSGI application.
	"""
	# Parse the CA settings (must occur before creating the Configurator)
	Secrets.parse_config(settings)
	RevokeDB.parse_config(settings)

	engine = engine_from_config(settings, 'sqlalchemy.')
	DBSession.configure(bind=engine)

	config = Configurator(settings=settings)
	
	session_factory = session_factory_from_settings(settings)
	config.set_session_factory(session_factory)

	authn_policy = AuthTktAuthenticationPolicy(AUTH_SECRET, secure=AUTH_SECURE,
			http_only=True, include_ip=True, cookie_name=AUTH_COOKIE, wild_domain=False,
			timeout=AUTH_TIMEOUT, reissue_time=AUTH_REISSUE, callback=capability_finder)
	authz_policy = CapabilityAuthorizationPolicy()
	config.set_authentication_policy(authn_policy)
	config.set_authorization_policy(authz_policy)

	config.add_static_view('static', 'static', cache_max_age=3600)

	config.add_route('home', '/')
	config.add_route('test', '/test')

	config.add_route('login', '/login')
	config.add_route('logout', '/logout')

	config.add_route('crl', '/crl')

	config.add_route('request', '/{type}/request')
	config.add_route('check', '/{type}/check')
	config.add_route('review', '/{type}/review')
	config.add_route('revoke', '/{type}/revoke')

	config.scan()
	return config.make_wsgi_app()
예제 #3
0
	def revoke(self, request):
		secrets = Secrets.from_request(request)
		revoked = RevokeDB.from_request(request)
		with RawInput(self.cert) as toRevoke:
			with secrets.cert as certFile:
				with secrets.key as keyFile:
					with revoked.config as configFile:
						invoke('ca', None, revoke=toRevoke,
									keyfile=keyFile, cert=certFile,
									config=configFile, md='default')
						self.cert = 'REVOKED'
						invoke('ca', None, 'gencrl', keyfile=keyFile,
								cert=certFile, out=revoked.crlFile,
								config=configFile, md='default', crldays=30)
		return 'Certificate revoked'