Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ai
autoca
Commits
fa26c3af
Commit
fa26c3af
authored
Jan 07, 2012
by
ale
Browse files
support a simple shared secret authentication scheme
parent
a444d787
Changes
2
Hide whitespace changes
Inline
Side-by-side
autoca/ca_app.py
View file @
fa26c3af
...
...
@@ -24,6 +24,16 @@ def content_type(ctype):
return
_ctype_decorator
def
auth
(
fn
):
@
functools
.
wraps
(
fn
)
def
_auth_wrapper
(
*
args
,
**
kwargs
):
secret
=
current_app
.
config
.
get
(
'SHARED_SECRET'
)
if
secret
and
request
.
headers
.
get
(
'X-Shared-Secret'
)
!=
secret
:
return
make_response
(
'Unauthorized'
,
401
)
return
fn
(
*
args
,
**
kwargs
)
return
_auth_wrapper
@
ca_app
.
before_request
def
set_ca_wrapper
():
g
.
ca
=
current_app
.
ca
...
...
@@ -32,31 +42,32 @@ def set_ca_wrapper():
@
ca_app
.
route
(
'/ca.pem'
)
@
content_type
(
'application/x-x509-ca-cert'
)
def
get_ca
():
return
g
.
ca
.
public_ca_pem
return
g
.
ca
.
get_ca
()
@
ca_app
.
route
(
'/crl.pem'
)
@
content_type
(
'application/x-x509-ca-cert'
)
def
get_crl_pem
():
return
g
.
ca
.
crl_data_
pem
return
g
.
ca
.
get_crl
(
format
=
'
pem
'
)
@
ca_app
.
route
(
'/ca.crl'
)
@
content_type
(
'application/x-pkcs7-crl'
)
def
get_crl_der
():
return
g
.
ca
.
crl_data_
der
return
g
.
ca
.
get_crl
(
format
=
'
der
'
)
@
ca_app
.
route
(
'/get/<cn>'
)
@
content_type
(
'application/x-x509-user-cert'
)
def
get_certificate
(
cn
):
cert
=
g
.
ca
.
get_certificate
(
cn
)
cert
=
g
.
ca
.
get_certificate
(
cn
,
raw
=
True
)
if
not
cert
:
abort
(
404
)
return
c
rypto
.
dump_certificate
(
crypto
.
FILETYPE_PEM
,
cert
)
return
c
ert
@
ca_app
.
route
(
'/revoke/<cn>'
,
methods
=
[
'POST'
])
@
auth
def
revoke
(
cn
):
g
.
ca
.
revoke_certificate
(
cn
)
return
'ok'
...
...
@@ -64,6 +75,7 @@ def revoke(cn):
@
ca_app
.
route
(
'/sign'
,
methods
=
[
'POST'
])
@
content_type
(
'application/x-x509-user-cert'
)
@
auth
def
sign
():
if
not
request
.
form
.
get
(
'csr'
):
abort
(
400
)
...
...
autoca/ca_stub.py
View file @
fa26c3af
...
...
@@ -15,8 +15,9 @@ class Error(Exception):
class
CaStub
(
object
):
def
__init__
(
self
,
url
):
def
__init__
(
self
,
url
,
secret
=
None
):
self
.
url
=
url
.
rstrip
(
'/'
)
self
.
secret
=
secret
self
.
ca_pem
=
None
self
.
_cache_lock
=
threading
.
Lock
()
...
...
@@ -27,7 +28,10 @@ class CaStub(object):
path
=
'%s?%s'
%
(
path
,
urllib
.
urlencode
(
args
))
else
:
data
=
urllib
.
urlencode
(
args
)
request
=
urllib2
.
Request
(
self
.
url
+
path
,
data
)
headers
=
{}
if
self
.
secret
:
headers
[
'X-Shared-Secret'
]
=
self
.
secret
request
=
urllib2
.
Request
(
self
.
url
+
path
,
data
,
headers
)
try
:
response
=
urllib2
.
urlopen
(
request
)
response_data
=
response
.
read
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
