Add tls auth initialization

mailman_api/mailman.py

@@ -5,8 +5,8 @@ import subprocess
 from functools import wraps
 from flask import Flask, request, abort
 
-from .sso_api import sso_api_auth_required
-from .tls_auth import tls_auth
+from .sso_api import sso_api_auth_required, init_sso
+from .tls_auth import tls_auth, init_tls_auth
 
 ### TLS authentication.
 
@@ -138,6 +138,8 @@ def main():
         parser.error('Too many arguments')
 
     app.config.from_pyfile(opts.config)
+    init_sso(app)
+    init_tls_auth(app)
     serve_ssl(app)
 
 

mailman_api/tls_auth.py

@@ -26,6 +26,15 @@ class PeerCertWSGIRequestHandler(werkzeug.serving.WSGIRequestHandler):
         return environ
 
 
+def init_tls_auth(app):
+    compiled = []
+    for acl_path, acl_cn_pattern in app.config.get(
+            'TLS_AUTH_ACLS', DEFAULT_TLS_AUTH_ACLS):
+        acl_cn_rx = re.compile('^%s$' % acl_cn_pattern)
+        compiled.append((acl_path, acl_cn_rx))
+    app.tls_auth_acls = compiled
+
+
 def _get_subject_cn(peercert):
     """Extract subject CN from the parsed peercert data."""
     parsed_subject = peercert['subject']
@@ -38,8 +47,7 @@ def _get_subject_cn(peercert):
 
 def _regexp_match(rx, s):
     """Returns True if the anchored rx matches s."""
-    res = re.match('^%s$' % rx, s)
-    return res is not None
+    return rx.match(s) is not None
 
 
 def tls_auth(fn):
@@ -47,7 +55,7 @@ def tls_auth(fn):
     @wraps(fn)
     def _tls_auth_wrapper(*args, **kwargs):
         cn = _get_subject_cn(request.environ['peercert'])
-        for acl_path, acl_cn_rx in current_app.config.get('TLS_AUTH_ACLS', []):
+        for acl_path, acl_cn_rx in current_app.tls_auth_acls:
             if request.path.startswith(acl_path) and _regexp_match(acl_cn_rx, cn):
                 return fn(*args, **kwargs)
         abort(403)