示例#1
0
    def test_ca_key_read_failure(self):
        """Test CA key read failure."""
        csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
        config = "anchor.jsonloader.conf._config"
        self.sample_conf_ca['default_ca']['cert_path'] = 'tests/CA/root-ca.crt'
        self.sample_conf_ca['default_ca']['key_path'] = '/xxx/not/a/valid/path'
        data = self.sample_conf

        with mock.patch.dict(config, data):
            with self.assertRaises(http_status.HTTPException) as cm:
                certificate_ops.dispatch_sign('default_ra', csr_obj)
        self.assertEqual(cm.exception.code, 500)
示例#2
0
    def test_ca_key_read_failure(self):
        """Test CA key read failure."""
        csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
        config = "anchor.jsonloader.conf._config"
        self.sample_conf_ca['default_ca']['cert_path'] = 'tests/CA/root-ca.crt'
        self.sample_conf_ca['default_ca']['key_path'] = '/xxx/not/a/valid/path'
        data = self.sample_conf

        with mock.patch.dict(config, data):
            with self.assertRaises(http_status.HTTPException) as cm:
                certificate_ops.dispatch_sign('default_ra', csr_obj)
        self.assertEqual(cm.exception.code, 500)
示例#3
0
    def post(self):
        ra_name = self.ra_name

        logger.debug("processing signing request in registration authority %s",
                     ra_name)
        try:
            auth_result = auth.validate(ra_name,
                                        pecan.request.POST.get('user'),
                                        pecan.request.POST.get('secret'))
            audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
                                  auth_result)
        except http_status.HTTPUnauthorized:
            audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
                                  None)
            raise

        try:
            csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
                                            pecan.request.POST.get('encoding'))
            certificate_ops.validate_csr(ra_name, auth_result, csr,
                                         pecan.request)
            csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request)

            cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr)
            audit.emit_signing_event(ra_name,
                                     pecan.request.POST.get('user'),
                                     auth_result,
                                     fingerprint=fingerprint)
        except Exception:
            audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
                                     auth_result)
            raise
        return cert
示例#4
0
文件: __init__.py 项目: agh/anchor
    def post(self):
        ra_name = self.ra_name

        logger.debug("processing signing request in registration authority %s",
                     ra_name)
        try:
            auth_result = auth.validate(ra_name,
                                        pecan.request.POST.get('user'),
                                        pecan.request.POST.get('secret'))
            audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
                                  auth_result)
        except http_status.HTTPUnauthorized:
            audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
                                  None)
            raise

        try:
            csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
                                            pecan.request.POST.get('encoding'))
            certificate_ops.validate_csr(ra_name, auth_result, csr,
                                         pecan.request)
            csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request)

            cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr)
            audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
                                     auth_result, fingerprint=fingerprint)
        except Exception:
            audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
                                     auth_result)
            raise
        return cert
示例#5
0
    def post(self):
        ra_name = self.ra_name

        logger.debug("processing signing request in registration authority %s",
                     ra_name)
        auth_result = auth.validate(ra_name, pecan.request.POST.get('user'),
                                    pecan.request.POST.get('secret'))
        csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
                                        pecan.request.POST.get('encoding'))
        certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request)

        return certificate_ops.dispatch_sign(ra_name, csr)
示例#6
0
    def post(self):
        ra_name = self.ra_name

        logger.debug("processing signing request in registration authority %s",
                     ra_name)
        auth_result = auth.validate(ra_name,
                                    pecan.request.POST.get('user'),
                                    pecan.request.POST.get('secret'))
        csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
                                        pecan.request.POST.get('encoding'))
        certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request)

        return certificate_ops.dispatch_sign(ra_name, csr)
示例#7
0
def issue(reqid):
    dbdata = util.load_db(jsonloader.conf.ra_options["certdb_file"])
    try:
        if dbdata[reqid].getStatus() == "Pending":
            dbdata[reqid].Issued = True
        elif dbdata[reqid].getStatus() == "Issued":
            return "Cannot issue, certificate already Issued"
        elif dbdata[reqid].getStatus() == "Denied":
            return "Cannot issue certificate already Denied"
        elif dbdata[reqid].getStatus() == "Revoked":
            return "Cannot issue certificate already Revoked"
    except Exception:
        return "Cannot find reqid %d in cert DB" % reqid

    dbdata[reqid].cert = certificate_ops.dispatch_sign(jsonloader.conf.ra_options["ra_name"],
                                                       dbdata[reqid].get_X509csr())[0].replace("\n", ""),
    util.write_db(dbdata, jsonloader.conf.ra_options["certdb_file"])
    return dbdata[reqid].toInfoString()