def iterate(): for ca in config.all_authorities(): for request in ca.get_requests(): if request.common_name != common_name: continue print(request.fingerprint(), request.common_name, request.path, request.key_usage) yield ca, request
def on_post(self, req, resp, ca): """ Submit certificate signing request (CSR) in PEM format """ if req.get_header("Content-Type") != "application/pkcs10": raise falcon.HTTPUnsupportedMediaType( "This API call accepts only application/pkcs10 content type") body = req.stream.read(req.content_length) csr = Request(body) # Check if this request has been already signed and return corresponding certificte if it has been signed try: cert_buf = ca.get_certificate(csr.common_name) except FileNotFoundError: pass else: cert = Certificate(cert_buf) if cert.pubkey == csr.pubkey: resp.status = falcon.HTTP_FOUND resp.location = os.path.join(os.path.dirname(req.relative_uri), "signed", csr.common_name) return # TODO: check for revoked certificates and return HTTP 410 Gone # Process automatic signing if the IP address is whitelisted and autosigning was requested if ca.autosign_allowed(req.env["REMOTE_ADDR"]) and req.get_param("autosign"): try: resp.append_header("Content-Type", "application/x-x509-user-cert") resp.body = ca.sign(csr).dump() return except FileExistsError: # Certificate already exists, try to save the request pass # Attempt to save the request otherwise try: request = ca.store_request(body) except FileExistsError: raise falcon.HTTPConflict( "CSR with such CN already exists", "Will not overwrite existing certificate signing request, explicitly delete CSR and try again") # Wait the certificate to be signed if waiting is requested if req.get_param("wait"): url_template = os.getenv("CERTIDUDE_EVENT_SUBSCRIBE") if url_template: # Redirect to nginx pub/sub url = url_template % dict(channel=request.fingerprint()) click.echo("Redirecting to: %s" % url) resp.status = falcon.HTTP_FOUND resp.append_header("Location", url) else: click.echo("Using dummy streaming mode, please switch to nginx in production!", err=True) # Dummy streaming mode while True: sleep(1) if not ca.request_exists(csr.common_name): resp.append_header("Content-Type", "application/x-x509-user-cert") resp.status = falcon.HTTP_201 # Certificate was created resp.body = ca.get_certificate(csr.common_name) break else: # Request was accepted, but not processed resp.status = falcon.HTTP_202