Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caucase
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Vincent Pelletier
caucase
Commits
5ddb439a
Commit
5ddb439a
authored
Oct 22, 2017
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
client: Name API after protocol documentation.
parent
4ebf6259
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
37 additions
and
37 deletions
+37
-37
caucase/cli.py
caucase/cli.py
+18
-18
caucase/client.py
caucase/client.py
+18
-18
caucase/test.py
caucase/test.py
+1
-1
No files found.
caucase/cli.py
View file @
5ddb439a
...
@@ -65,14 +65,14 @@ class CLICaucaseClient(object):
...
@@ -65,14 +65,14 @@ class CLICaucaseClient(object):
csr_pem
=
utils
.
getCertRequest
(
csr_path
)
csr_pem
=
utils
.
getCertRequest
(
csr_path
)
# Quick sanity check
# Quick sanity check
utils
.
load_certificate_request
(
csr_pem
)
utils
.
load_certificate_request
(
csr_pem
)
print
self
.
_client
.
putCSR
(
csr_pem
),
csr_path
print
self
.
_client
.
createCertificateSigningRequest
(
csr_pem
),
csr_path
def
getCSR
(
self
,
csr_id_path_list
):
def
getCSR
(
self
,
csr_id_path_list
):
"""
"""
--get-csr
--get-csr
"""
"""
for
csr_id
,
csr_path
in
csr_id_path_list
:
for
csr_id
,
csr_path
in
csr_id_path_list
:
csr_pem
=
self
.
_client
.
getC
SR
(
int
(
csr_id
))
csr_pem
=
self
.
_client
.
getC
ertificateSigningRequest
(
int
(
csr_id
))
with
open
(
csr_path
,
'a'
)
as
csr_file
:
with
open
(
csr_path
,
'a'
)
as
csr_file
:
csr_file
.
write
(
csr_pem
)
csr_file
.
write
(
csr_pem
)
...
@@ -83,12 +83,12 @@ class CLICaucaseClient(object):
...
@@ -83,12 +83,12 @@ class CLICaucaseClient(object):
for
crt_id
,
crt_path
in
crt_id_path_list
:
for
crt_id
,
crt_path
in
crt_id_path_list
:
crt_id
=
int
(
crt_id
)
crt_id
=
int
(
crt_id
)
try
:
try
:
crt_pem
=
self
.
_client
.
getC
RT
(
crt_id
)
crt_pem
=
self
.
_client
.
getC
ertificate
(
crt_id
)
except
CaucaseError
,
e
:
except
CaucaseError
,
e
:
if
e
.
args
[
0
]
!=
httplib
.
NOT_FOUND
:
if
e
.
args
[
0
]
!=
httplib
.
NOT_FOUND
:
raise
raise
try
:
try
:
self
.
_client
.
getC
SR
(
crt_id
)
self
.
_client
.
getC
ertificateSigningRequest
(
crt_id
)
except
CaucaseError
,
e
:
except
CaucaseError
,
e
:
if
e
.
args
[
0
]
!=
httplib
.
NOT_FOUND
:
if
e
.
args
[
0
]
!=
httplib
.
NOT_FOUND
:
raise
raise
...
@@ -145,7 +145,7 @@ class CLICaucaseClient(object):
...
@@ -145,7 +145,7 @@ class CLICaucaseClient(object):
)
)
error
=
True
error
=
True
continue
continue
self
.
_client
.
revokeC
RT
(
crt
,
key
)
self
.
_client
.
revokeC
ertificate
(
crt
,
key
)
return
error
return
error
def
renewCRT
(
def
renewCRT
(
...
@@ -184,7 +184,7 @@ class CLICaucaseClient(object):
...
@@ -184,7 +184,7 @@ class CLICaucaseClient(object):
if
renewal_deadline
<
old_crt
.
not_valid_after
:
if
renewal_deadline
<
old_crt
.
not_valid_after
:
print
crt_path
,
'did not reach renew threshold, not renewing'
print
crt_path
,
'did not reach renew threshold, not renewing'
continue
continue
new_key_pem
,
new_crt_pem
=
self
.
_client
.
renewC
RT
(
new_key_pem
,
new_crt_pem
=
self
.
_client
.
renewC
ertificate
(
old_crt
=
old_crt
,
old_crt
=
old_crt
,
old_key
=
utils
.
load_privatekey
(
old_key_pem
),
old_key
=
utils
.
load_privatekey
(
old_key_pem
),
key_len
=
key_len
,
key_len
=
key_len
,
...
@@ -209,7 +209,7 @@ class CLICaucaseClient(object):
...
@@ -209,7 +209,7 @@ class CLICaucaseClient(object):
'csr_id'
,
'csr_id'
,
'subject preview (fetch csr and check full content !)'
,
'subject preview (fetch csr and check full content !)'
,
)
)
for
entry
in
self
.
_client
.
get
CSR
List
():
for
entry
in
self
.
_client
.
get
PendingCertificateRequest
List
():
csr
=
utils
.
load_certificate_request
(
entry
[
'csr'
])
csr
=
utils
.
load_certificate_request
(
entry
[
'csr'
])
print
'%20i | %r'
%
(
print
'%20i | %r'
%
(
entry
[
'id'
],
entry
[
'id'
],
...
@@ -222,14 +222,14 @@ class CLICaucaseClient(object):
...
@@ -222,14 +222,14 @@ class CLICaucaseClient(object):
--sign-csr
--sign-csr
"""
"""
for
csr_id
in
csr_id_list
:
for
csr_id
in
csr_id_list
:
self
.
_client
.
signCSR
(
int
(
csr_id
))
self
.
_client
.
createCertificate
(
int
(
csr_id
))
def
signCSRWith
(
self
,
csr_id_path_list
):
def
signCSRWith
(
self
,
csr_id_path_list
):
"""
"""
--sign-csr-with
--sign-csr-with
"""
"""
for
csr_id
,
csr_path
in
csr_id_path_list
:
for
csr_id
,
csr_path
in
csr_id_path_list
:
self
.
_client
.
signCSR
(
self
.
_client
.
createCertificate
(
int
(
csr_id
),
int
(
csr_id
),
template_csr
=
utils
.
getCertRequest
(
csr_path
),
template_csr
=
utils
.
getCertRequest
(
csr_path
),
)
)
...
@@ -239,7 +239,7 @@ class CLICaucaseClient(object):
...
@@ -239,7 +239,7 @@ class CLICaucaseClient(object):
--reject-csr
--reject-csr
"""
"""
for
csr_id
in
csr_id_list
:
for
csr_id
in
csr_id_list
:
self
.
_client
.
delete
CSR
(
int
(
csr_id
))
self
.
_client
.
delete
PendingCertificateRequest
(
int
(
csr_id
))
def
revokeOtherCRT
(
self
,
crt_list
):
def
revokeOtherCRT
(
self
,
crt_list
):
"""
"""
...
@@ -263,7 +263,7 @@ class CLICaucaseClient(object):
...
@@ -263,7 +263,7 @@ class CLICaucaseClient(object):
crt_path
,
crt_path
,
)
)
)
)
self
.
_client
.
revokeC
RT
(
crt_pem
)
self
.
_client
.
revokeC
ertificate
(
crt_pem
)
return
error
return
error
def
revokeSerial
(
self
,
serial_list
):
def
revokeSerial
(
self
,
serial_list
):
...
@@ -573,14 +573,14 @@ def probe(argv=None):
...
@@ -573,14 +573,14 @@ def probe(argv=None):
http_client
=
CaucaseClient
(
http_client
=
CaucaseClient
(
ca_url
=
cas_url
,
ca_url
=
cas_url
,
)
)
http_ca_pem
=
http_client
.
getCA
()
http_ca_pem
=
http_client
.
getCA
Certificate
()
https_ca_pem
=
HTTPSOnlyCaucaseClient
(
https_ca_pem
=
HTTPSOnlyCaucaseClient
(
ca_url
=
cas_url
,
ca_url
=
cas_url
,
ca_crt_pem_list
=
[
http_ca_pem
],
ca_crt_pem_list
=
[
http_ca_pem
],
).
getCA
()
).
getCA
Certificate
()
# Retrieve again in case there was a renewal between both calls - we do
# Retrieve again in case there was a renewal between both calls - we do
# not expect 2 renewals in very short succession.
# not expect 2 renewals in very short succession.
http2_ca_pem
=
http_client
.
getCA
()
http2_ca_pem
=
http_client
.
getCA
Certificate
()
if
https_ca_pem
not
in
(
http_ca_pem
,
http2_ca_pem
):
if
https_ca_pem
not
in
(
http_ca_pem
,
http2_ca_pem
):
raise
ValueError
(
'http and https do not serve the same caucase database'
)
raise
ValueError
(
'http and https do not serve the same caucase database'
)
...
@@ -700,18 +700,18 @@ def updater(argv=None):
...
@@ -700,18 +700,18 @@ def updater(argv=None):
csr_pem
=
utils
.
getCertRequest
(
args
.
csr
)
csr_pem
=
utils
.
getCertRequest
(
args
.
csr
)
# Quick sanity check before bothering server
# Quick sanity check before bothering server
utils
.
load_certificate_request
(
csr_pem
)
utils
.
load_certificate_request
(
csr_pem
)
csr_id
=
client
.
putCSR
(
csr_pem
)
csr_id
=
client
.
createCertificateSigningRequest
(
csr_pem
)
print
'Waiting for signature of'
,
csr_id
print
'Waiting for signature of'
,
csr_id
while
True
:
while
True
:
try
:
try
:
crt_pem
=
client
.
getC
RT
(
csr_id
)
crt_pem
=
client
.
getC
ertificate
(
csr_id
)
except
CaucaseError
,
e
:
except
CaucaseError
,
e
:
if
e
.
args
[
0
]
!=
httplib
.
NOT_FOUND
:
if
e
.
args
[
0
]
!=
httplib
.
NOT_FOUND
:
raise
raise
# If server does not know our CSR anymore, getCSR will raise.
# If server does not know our CSR anymore, getCSR will raise.
# If it does, we were likely rejected, so exit by letting exception
# If it does, we were likely rejected, so exit by letting exception
# through.
# through.
client
.
getC
SR
(
csr_id
)
client
.
getC
ertificateSigningRequest
(
csr_id
)
# Still here ? Ok, wait a bit and try again.
# Still here ? Ok, wait a bit and try again.
utils
.
interruptibleSleep
(
60
)
utils
.
interruptibleSleep
(
60
)
else
:
else
:
...
@@ -746,7 +746,7 @@ def updater(argv=None):
...
@@ -746,7 +746,7 @@ def updater(argv=None):
next_deadline
=
crt
.
not_valid_after
-
threshold
next_deadline
=
crt
.
not_valid_after
-
threshold
if
next_deadline
<=
now
:
if
next_deadline
<=
now
:
print
'Renewing'
,
args
.
crt
print
'Renewing'
,
args
.
crt
new_key_pem
,
new_crt_pem
=
client
.
renewC
RT
(
new_key_pem
,
new_crt_pem
=
client
.
renewC
ertificate
(
old_crt
=
crt
,
old_crt
=
crt
,
old_key
=
utils
.
load_privatekey
(
key_pem
),
old_key
=
utils
.
load_privatekey
(
key_pem
),
key_len
=
args
.
key_len
,
key_len
=
args
.
key_len
,
...
...
caucase/client.py
View file @
5ddb439a
...
@@ -61,7 +61,7 @@ def updateCAFile(url, ca_crt_path):
...
@@ -61,7 +61,7 @@ def updateCAFile(url, ca_crt_path):
if
not
os
.
path
.
exists
(
ca_crt_path
):
if
not
os
.
path
.
exists
(
ca_crt_path
):
ca_pem
=
CaucaseClient
(
ca_pem
=
CaucaseClient
(
ca_url
=
url
,
ca_url
=
url
,
).
getCA
()
).
getCA
Certificate
()
with
open
(
ca_crt_path
,
'w'
)
as
ca_crt_file
:
with
open
(
ca_crt_path
,
'w'
)
as
ca_crt_file
:
ca_crt_file
.
write
(
ca_pem
)
ca_crt_file
.
write
(
ca_pem
)
updated
=
True
updated
=
True
...
@@ -78,7 +78,7 @@ def updateCAFile(url, ca_crt_path):
...
@@ -78,7 +78,7 @@ def updateCAFile(url, ca_crt_path):
CaucaseClient
(
CaucaseClient
(
ca_url
=
url
,
ca_url
=
url
,
ca_crt_pem_list
=
ca_pem_list
,
ca_crt_pem_list
=
ca_pem_list
,
).
get
NewCAList
(),
).
get
CACertificateChain
(),
)
)
if
ca_pem_list
!=
loaded_ca_pem_list
:
if
ca_pem_list
!=
loaded_ca_pem_list
:
data
=
''
.
join
(
ca_pem_list
)
data
=
''
.
join
(
ca_pem_list
)
...
@@ -107,7 +107,7 @@ def updateCRLFile(url, crl_path, ca_list):
...
@@ -107,7 +107,7 @@ def updateCRLFile(url, crl_path, ca_list):
my_crl
=
None
my_crl
=
None
latest_crl_pem
=
CaucaseClient
(
latest_crl_pem
=
CaucaseClient
(
ca_url
=
url
,
ca_url
=
url
,
).
getC
RL
()
).
getC
ertificateRevocationList
()
latest_crl
=
utils
.
load_crl
(
latest_crl_pem
,
ca_list
)
latest_crl
=
utils
.
load_crl
(
latest_crl_pem
,
ca_list
)
if
latest_crl
!=
my_crl
:
if
latest_crl
!=
my_crl
:
with
open
(
crl_path
,
'w'
)
as
crl_file
:
with
open
(
crl_path
,
'w'
)
as
crl_file
:
...
@@ -166,19 +166,19 @@ class CaucaseClient(object):
...
@@ -166,19 +166,19 @@ class CaucaseClient(object):
def
_https
(
self
,
method
,
url
,
body
=
None
,
headers
=
None
):
def
_https
(
self
,
method
,
url
,
body
=
None
,
headers
=
None
):
return
self
.
_request
(
self
.
_https_connection
,
method
,
url
,
body
,
headers
)
return
self
.
_request
(
self
.
_https_connection
,
method
,
url
,
body
,
headers
)
def
getC
RL
(
self
):
def
getC
ertificateRevocationList
(
self
):
"""
"""
[ANONYMOUS] Retrieve latest CRL.
[ANONYMOUS] Retrieve latest CRL.
"""
"""
return
self
.
_http
(
'GET'
,
'/crl'
)
return
self
.
_http
(
'GET'
,
'/crl'
)
def
getC
SR
(
self
,
csr_id
):
def
getC
ertificateSigningRequest
(
self
,
csr_id
):
"""
"""
[ANONYMOUS] Retrieve an CSR by its identifier.
[ANONYMOUS] Retrieve an CSR by its identifier.
"""
"""
return
self
.
_http
(
'GET'
,
'/csr/%i'
%
(
csr_id
,
))
return
self
.
_http
(
'GET'
,
'/csr/%i'
%
(
csr_id
,
))
def
get
CSR
List
(
self
):
def
get
PendingCertificateRequest
List
(
self
):
"""
"""
[AUTHENTICATED] Retrieve all pending CSRs.
[AUTHENTICATED] Retrieve all pending CSRs.
"""
"""
...
@@ -190,7 +190,7 @@ class CaucaseClient(object):
...
@@ -190,7 +190,7 @@ class CaucaseClient(object):
for
x
in
json
.
loads
(
self
.
_https
(
'GET'
,
'/csr'
))
for
x
in
json
.
loads
(
self
.
_https
(
'GET'
,
'/csr'
))
]
]
def
putCSR
(
self
,
csr
):
def
createCertificateSigningRequest
(
self
,
csr
):
"""
"""
[ANONYMOUS] Store a CSR and return its identifier.
[ANONYMOUS] Store a CSR and return its identifier.
"""
"""
...
@@ -198,29 +198,29 @@ class CaucaseClient(object):
...
@@ -198,29 +198,29 @@ class CaucaseClient(object):
'Content-Type'
:
'application/pkcs10'
,
'Content-Type'
:
'application/pkcs10'
,
}))
}))
def
delete
CSR
(
self
,
csr_id
):
def
delete
PendingCertificateRequest
(
self
,
csr_id
):
"""
"""
[AUTHENTICATED] Reject a pending CSR.
[AUTHENTICATED] Reject a pending CSR.
"""
"""
self
.
_https
(
'DELETE'
,
'/csr/%i'
%
(
csr_id
,
))
self
.
_https
(
'DELETE'
,
'/csr/%i'
%
(
csr_id
,
))
def
_getC
RT
(
self
,
crt_id
):
def
_getC
ertificate
(
self
,
crt_id
):
return
self
.
_http
(
'GET'
,
'/crt'
+
crt_id
)
return
self
.
_http
(
'GET'
,
'/crt'
+
crt_id
)
def
getC
RT
(
self
,
csr_id
):
def
getC
ertificate
(
self
,
csr_id
):
"""
"""
[ANONYMOUS] Retrieve CRT by its identifier (same as corresponding CRL
[ANONYMOUS] Retrieve CRT by its identifier (same as corresponding CRL
identifier).
identifier).
"""
"""
return
self
.
_getC
RT
(
'/%i'
%
(
csr_id
,
))
return
self
.
_getC
ertificate
(
'/%i'
%
(
csr_id
,
))
def
getCA
(
self
):
def
getCA
Certificate
(
self
):
"""
"""
[ANONYMOUS] Retrieve current CA certificate.
[ANONYMOUS] Retrieve current CA certificate.
"""
"""
return
self
.
_getC
RT
(
'/ca.crt.pem'
)
return
self
.
_getC
ertificate
(
'/ca.crt.pem'
)
def
get
NewCAList
(
self
):
def
get
CACertificateChain
(
self
):
"""
"""
[ANONYMOUS] Retrieve CA certificate chain, with CA certificate N+1 signed
[ANONYMOUS] Retrieve CA certificate chain, with CA certificate N+1 signed
by CA certificate N, allowing automated CA cert rollout.
by CA certificate N, allowing automated CA cert rollout.
...
@@ -234,7 +234,7 @@ class CaucaseClient(object):
...
@@ -234,7 +234,7 @@ class CaucaseClient(object):
key
=
lambda
x
:
x
.
not_valid_before
,
key
=
lambda
x
:
x
.
not_valid_before
,
)[
-
1
]
)[
-
1
]
result
=
[]
result
=
[]
for
entry
in
json
.
loads
(
self
.
_getC
RT
(
'/ca.crt.json'
)):
for
entry
in
json
.
loads
(
self
.
_getC
ertificate
(
'/ca.crt.json'
)):
try
:
try
:
payload
=
utils
.
unwrap
(
payload
=
utils
.
unwrap
(
entry
,
entry
,
...
@@ -257,7 +257,7 @@ class CaucaseClient(object):
...
@@ -257,7 +257,7 @@ class CaucaseClient(object):
previous_ca
=
utils
.
load_ca_certificate
(
new_pem
)
previous_ca
=
utils
.
load_ca_certificate
(
new_pem
)
return
result
return
result
def
renewC
RT
(
self
,
old_crt
,
old_key
,
key_len
):
def
renewC
ertificate
(
self
,
old_crt
,
old_key
,
key_len
):
"""
"""
[ANONYMOUS] Request certificate renewal.
[ANONYMOUS] Request certificate renewal.
"""
"""
...
@@ -292,7 +292,7 @@ class CaucaseClient(object):
...
@@ -292,7 +292,7 @@ class CaucaseClient(object):
),
),
)
)
def
revokeC
RT
(
self
,
crt
,
key
=
None
):
def
revokeC
ertificate
(
self
,
crt
,
key
=
None
):
"""
"""
Revoke certificate.
Revoke certificate.
[ANONYMOUS] if key is provided.
[ANONYMOUS] if key is provided.
...
@@ -334,7 +334,7 @@ class CaucaseClient(object):
...
@@ -334,7 +334,7 @@ class CaucaseClient(object):
{
'Content-Type'
:
'application/json'
},
{
'Content-Type'
:
'application/json'
},
)
)
def
signCSR
(
self
,
csr_id
,
template_csr
=
''
):
def
createCertificate
(
self
,
csr_id
,
template_csr
=
''
):
"""
"""
[AUTHENTICATED] Sign certificate signing request.
[AUTHENTICATED] Sign certificate signing request.
"""
"""
...
...
caucase/test.py
View file @
5ddb439a
...
@@ -722,7 +722,7 @@ class CaucaseTest(unittest.TestCase):
...
@@ -722,7 +722,7 @@ class CaucaseTest(unittest.TestCase):
"""
"""
client
=
CaucaseClient
(
self
.
_caucase_url
+
'/cas'
)
client
=
CaucaseClient
(
self
.
_caucase_url
+
'/cas'
)
try
:
try
:
client
.
putCSR
(
'Not actually a CSR'
)
client
.
createCertificateSigningRequest
(
'Not actually a CSR'
)
except
CaucaseError
,
e
:
except
CaucaseError
,
e
:
self
.
assertEqual
(
e
.
args
[
0
],
400
,
e
)
self
.
assertEqual
(
e
.
args
[
0
],
400
,
e
)
else
:
else
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment