def revokecert(environ, start_response):
""" revocation_handler """
if environ['REQUEST_METHOD'] == 'POST':
with Certificate(DEBUG, get_url(environ), LOGGER) as certificate:
request_body = get_request_body(environ)
response_dic = certificate.revoke(request_body)
# create header
headers = create_header(response_dic)
start_response(
'{0} {1}'.format(response_dic['code'],
HTTP_CODE_DIC[response_dic['code']]), headers)
# logging
logger_info(LOGGER, environ['REMOTE_ADDR'], environ['PATH_INFO'],
response_dic)
if 'data' in response_dic:
return [json.dumps(response_dic['data']).encode('utf-8')]
else:
return []
else:
start_response('405 {0}'.format(HTTP_CODE_DIC[405]),
[('Content-Type', 'application/json')])
return [
json.dumps({
'status': 405,
'message': HTTP_CODE_DIC[405],
'detail': 'Wrong request type. Expected POST.'
}).encode('utf-8')
]
def revokecert(request):
""" cert revocation """
if request.method == 'POST':
with Certificate(DEBUG, get_url(request.META), LOGGER) as certificate:
response_dic = certificate.revoke(request.body)
# create the response
if 'data' in response_dic:
response = JsonResponse(status=response_dic['code'],
data=response_dic['data'])
else:
response = HttpResponse(status=response_dic['code'])
# generate additional header elements
for element in response_dic['header']:
response[element] = response_dic['header'][element]
# logging
logger_info(LOGGER, request.META['REMOTE_ADDR'],
request.META['PATH_INFO'], response_dic)
# send response
return response
else:
return JsonResponse(status=405,
data={
'status': 405,
'message': 'Method Not Allowed',
'detail': 'Wrong request type. Expected POST.'
})
def _certname_lookup(self, cert_pem):
""" compared certificate against csr stored in db """
self.logger.debug('Trigger._certname_lookup()')
result_list = []
# extract the public key form certificate
cert_pubkey = cert_pubkey_get(self.logger, cert_pem)
with Certificate(self.debug, 'foo', self.logger) as certificate:
# search certificates in status "processing"
cert_list = certificate.certlist_search(
'order__status_id', 4, ('name', 'csr', 'order__name'))
for cert in cert_list:
# extract public key from certificate and compare it with pub from cert
if 'csr' in cert:
if cert['csr']:
csr_pubkey = csr_pubkey_get(self.logger, cert['csr'])
if csr_pubkey == cert_pubkey:
result_list.append({
'cert_name':
cert['name'],
'order_name':
cert['order__name']
})
self.logger.debug(
'Trigger._certname_lookup() ended with: {0}'.format(result_list))
return result_list
def cert(environ, start_response):
""" create new account """
with Certificate(DEBUG, get_url(environ), LOGGER) as certificate:
if environ['REQUEST_METHOD'] == 'POST':
request_body = get_request_body(environ)
response_dic = certificate.new_post(request_body)
# create header
headers = create_header(response_dic, False)
start_response('{0} {1}'.format(response_dic['code'], HTTP_CODE_DIC[response_dic['code']]), headers)
# logging
logger_info(LOGGER, environ['REMOTE_ADDR'], environ['PATH_INFO'], response_dic)
return [response_dic['data'].encode('utf-8')]
elif environ['REQUEST_METHOD'] == 'GET':
response_dic = certificate.new_get(get_url(environ, True))
# create header
headers = create_header(response_dic)
# create the response
start_response('{0} {1}'.format(response_dic['code'], HTTP_CODE_DIC[response_dic['code']]), headers)
# logging
logger_info(LOGGER, environ['REMOTE_ADDR'], environ['PATH_INFO'], response_dic)
# send response
return [response_dic['data']]
else:
start_response('405 {0}'.format(HTTP_CODE_DIC[405]), [('Content-Type', 'application/json')])
return [json.dumps({'status':405, 'message':HTTP_CODE_DIC[405], 'detail': 'Wrong request type. Expected POST.'}).encode('utf-8')]
def certificates_cleanup(self,
uts=None,
purge=False,
report_format='csv',
report_name=None):
""" database cleanuip certificate-table """
self.logger.debug('Housekeeping.certificates_cleanup()')
if not uts:
uts = uts_now()
with Certificate(self.debug, None, self.logger) as certificate:
(field_list, cert_list) = certificate.cleanup(timestamp=uts,
purge=purge)
# normalize lists
# (field_list, cert_list) = self._lists_normalize(field_list, cert_list, 'certificate')
if report_name:
if cert_list:
# dump report to file
if report_format == 'csv':
self.logger.debug(
'Housekeeping.certificates_cleanup(): Dump in csv-format'
)
csv_list = self._to_list(field_list, cert_list)
self._csv_dump(
'{0}.{1}'.format(report_name, report_format),
csv_list)
elif report_format == 'json':
self.logger.debug(
'Housekeeping.certificates_cleanup(): Dump in json-format'
)
self._json_dump(
'{0}.{1}'.format(report_name, report_format),
cert_list)
else:
self.logger.debug(
'Housekeeping.certificates_cleanup(): No dump just return report'
)
else:
self.logger.debug(
'Housekeeping.certificates_cleanup(): No certificates to dump'
)
return cert_list
def _csr_process(self, order_name, csr):
""" process certificate signing request """
self.logger.debug('Order._csr_process({0})'.format(order_name))
order_dic = self._info(order_name)
if order_dic:
# change decoding from b64url to b64
csr = b64_url_recode(self.logger, csr)
with Certificate(self.debug, self.server_name,
self.logger) as certificate:
# certificate = Certificate(self.debug, self.server_name, self.logger)
certificate_name = certificate.store_csr(order_name, csr)
if certificate_name:
(error, detail) = certificate.enroll_and_store(
certificate_name, csr)
if not error:
code = 200
message = certificate_name
# detail = None
else:
code = 400
message = error
if message == 'urn:ietf:params:acme:error:serverInternal':
code = 500
else:
code = 500
message = 'urn:ietf:params:acme:error:serverInternal'
detail = 'CSR processing failed'
else:
code = 400
message = 'urn:ietf:params:acme:error:unauthorized'
detail = 'order: {0} not found'.format(order_name)
self.logger.debug(
'Order._csr_process() ended with order:{0} {1}:{2}:{3}'.format(
order_name, code, message, detail))
return (code, message, detail)
def certificate_dates_update(self):
""" scan certificates and update issue/expiry date """
self.logger.debug('Housekeeping.certificate_dates_update()')
with Certificate(self.debug, None, self.logger) as certificate:
certificate.dates_update()
sys.path.insert(0, '..')
from acme.db_handler import initialize
initialize()
from acme.helper import logger_setup
from acme.certificate import Certificate
if __name__ == '__main__':
DEBUG = True
# timeout between the different polling request
TIMEOUT = 1
# initialize logger
LOGGER = logger_setup(DEBUG)
with Certificate(DEBUG, 'foo', LOGGER) as certificate:
# search certificates in status "processing"
CERT_LIST = certificate.certlist_search(
'order__status_id', 4,
('name', 'poll_identifier', 'csr', 'order__name'))
for cert in CERT_LIST:
# check status of certificate
certificate.poll(cert['name'], cert['poll_identifier'],
cert['csr'], cert['order__name'])
# time.sleep(TIMEOUT)