def submitcsr(self): msg = '' if self.environ.get('REQUEST_METHOD') == 'POST': if int(self.environ.get('CONTENT_LENGTH', 0)) != 0: fd = self.environ['wsgi.input'] params = {} for exp in fd.readline().split('&'): tmp2 = exp.split('=') params[tmp2[0]] = urllib.unquote('='.join( tmp2[1:])).strip() if not csrf(params): msg = "Try again from our fine server please." elif params.get('csr'): ca = CertAuthority(CONFIG['ca']) tmp = params['csr'].split('\n') csr = '\n'.join([ urllib.unquote_plus(tmp[0]), '\n'.join(tmp[1:-1]), urllib.unquote_plus(tmp[-1]) ]) try: self.ca.submit(csr) except: msg = "Fail<br />please submit a valid Certificate Signing Request containing your email." else: msg = "Success<br />Your request will be reviewed soon." return send_template(self.resp, 'certify.html', isadmin=authorized(self.environ, CONFIG['admins']), csrf=getcsrf(), msg=msg)
def __init__(self, environ, start_response): self.ca = CertAuthority(CONFIG['ca']) self.environ = environ self.resp = start_response self.action = self.environ.get('REQUEST_URI').split('/')[2] if not self.action.isalnum(): raise # parse params tmp = environ.get('REQUEST_URI').split('?') self.params = {} if len(tmp) > 1: for exp in '?'.join(tmp[1:]).split('&'): tmp2 = exp.split('=') self.params[tmp2[0]] = '='.join(tmp2[1:])
from cryptography.fernet import Fernet from functools import wraps BASE_PATH = os.path.dirname(os.path.realpath(__file__)) DB_PATH = os.path.join(BASE_PATH, "db.db") UPLOAD_FOLDER = os.path.join(BASE_PATH, "upload") application = Flask(__name__) application.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER application.secret_key = 'CHANGE THIS IN PRODUCTION' application.debug = True from tlsauth import CertAuthority import flask_tlsauth as tlsauth ca = CertAuthority('sub-ca') users = ["Users"] application.jinja_loader = jinja2.ChoiceLoader([ application.jinja_loader, jinja2.FileSystemLoader(os.path.join(BASE_PATH,'templates')), ]) application.add_url_rule('/tlsauth/cert/', 'cert', tlsauth.renderCert(ca)) application.add_url_rule('/tlsauth/test/', 'test', tlsauth.testAuth) def connect_to_database(): return sqlite3.connect(DB_PATH, detect_types=sqlite3.PARSE_DECLTYPES) def get_db():
#!/usr/bin/env python # run with # env/bin/uwsgi --socket 127.0.0.1:8080 --chdir $PWD/demo -pp $PWD -w tlsauth_wsgi -p 1 --virtualenv $PWD/env --py-autoreload 1 # also create a ca in ../../x509-ca - for more info see tlsauth README from flask import Flask, Response import os app = Flask(__name__) app.secret_key = 'zxcvzxcvz' #app.debug = True from tlsauth import CertAuthority import flask_tlsauth as tlsauth ca=CertAuthority('../../x509-ca') app.debug = True adminOs=['CA admins'] tlsauth.tlsauth_init(app, ca, groups=adminOs) @app.route('/hello') @tlsauth.tlsauth(groups=adminOs) def hello(): return Response("hello world")