def fixup_csr(ra_name, csr, request):
"""Apply configured changes to the certificate.
:param ra_name: registration authority name
:param csr: X509 certificate signing request
:param request: pecan request
"""
ra_conf = jsonloader.config_for_registration_authority(ra_name)
args = {'csr': csr, 'conf': ra_conf, 'request': request}
fixups = ra_conf.get('fixups', {})
try:
for fixup_name, fixup in fixups.items():
new_csr = _run_fixup(fixup_name, fixup, args)
if new_csr is None:
pecan.abort(500, "Could not finish all required modifications")
if not isinstance(new_csr, signing_request.X509Csr):
logger.error("Fixup %s returned incorrect object", fixup_name)
pecan.abort(500, "Could not finish all required modifications")
args['csr'] = new_csr
except http_status.HTTPInternalServerError:
raise
except Exception:
logger.exception("Failed to execute fixups")
pecan.abort(500, "Could not finish all required modifications")
return args['csr']
def fixup_csr(ra_name, csr, request):
"""Apply configured changes to the certificate.
:param ra_name: registration authority name
:param csr: X509 certificate signing request
:param request: pecan request
"""
ra_conf = jsonloader.config_for_registration_authority(ra_name)
args = {'csr': csr,
'conf': ra_conf,
'request': request}
fixups = ra_conf.get('fixups', {})
try:
for fixup_name, fixup in fixups.items():
new_csr = _run_fixup(fixup_name, fixup, args)
if new_csr is None:
pecan.abort(500, "Could not finish all required modifications")
if not isinstance(new_csr, signing_request.X509Csr):
logger.error("Fixup %s returned incorrect object", fixup_name)
pecan.abort(500, "Could not finish all required modifications")
args['csr'] = new_csr
except http_status.HTTPInternalServerError:
raise
except Exception:
logger.exception("Failed to execute fixups")
pecan.abort(500, "Could not finish all required modifications")
return args['csr']
def validate_csr(ra_name, auth_result, csr, request):
"""Validates various aspects of the CSR based on the loaded config.
The arguments of this method are passed to the underlying validate
methods. Therefore, some may be optional, depending on which
validation routines are specified in the configuration.
:param ra_name: name of the registration authority
:param auth_result: AuthDetails value from auth.validate
:param csr: CSR value from certificate_ops.parse_csr
:param request: pecan request object associated with this action
"""
ra_conf = jsonloader.config_for_registration_authority(ra_name)
args = {'auth_result': auth_result,
'csr': csr,
'conf': ra_conf,
'request': request}
# It is ok if the config doesn't have any validators listed
valid = True
try:
for vname, validator in ra_conf['validators'].items():
valid = _run_validator(vname, validator, args)
if not valid:
break
except Exception as e:
logger.exception("Error running validator <%s> - %s", vname, e)
pecan.abort(500, "Internal Validation Error running validator "
"'{}' for registration authority "
"'{}'".format(vname, ra_name))
if not valid:
pecan.abort(400, "CSR failed validation")
def validate_csr(ra_name, auth_result, csr, request):
"""Validates various aspects of the CSR based on the loaded config.
The arguments of this method are passed to the underlying validate
methods. Therefore, some may be optional, depending on which
validation routines are specified in the configuration.
:param ra_name: name of the registration authority
:param auth_result: AuthDetails value from auth.validate
:param csr: CSR value from certificate_ops.parse_csr
:param request: pecan request object associated with this action
"""
ra_conf = jsonloader.config_for_registration_authority(ra_name)
args = {
'auth_result': auth_result,
'csr': csr,
'conf': ra_conf,
'request': request
}
# It is ok if the config doesn't have any validators listed
valid = {}
for validator in ENFORCED_VALIDATORS:
vname = validator.__name__
valid[vname] = _run_validator(vname, validator, {}, args)
for vname, options in ra_conf['validators'].items():
validator = jsonloader.conf.get_validator(vname)
valid[vname] = _run_validator(vname, validator, options, args)
return valid
def validate_csr(ra_name, auth_result, csr, request):
"""Validates various aspects of the CSR based on the loaded config.
The arguments of this method are passed to the underlying validate
methods. Therefore, some may be optional, depending on which
validation routines are specified in the configuration.
:param ra_name: name of the registration authority
:param auth_result: AuthDetails value from auth.validate
:param csr: CSR value from certificate_ops.parse_csr
:param request: pecan request object associated with this action
"""
ra_conf = jsonloader.config_for_registration_authority(ra_name)
args = {'auth_result': auth_result,
'csr': csr,
'conf': ra_conf,
'request': request}
# It is ok if the config doesn't have any validators listed
valid = {}
for validator in ENFORCED_VALIDATORS:
vname = validator.__name__
valid[vname] = _run_validator(vname, validator, {}, args)
for vname, options in ra_conf['validators'].items():
validator = jsonloader.conf.get_validator(vname)
valid[vname] = _run_validator(vname, validator, options, args)
return valid
