Commit cbfcd37c authored by Vincent Pelletier's avatar Vincent Pelletier

WIP wsgi: Produce http response caching headers.

parent 74828dc4
...@@ -193,6 +193,13 @@ class CertificateAuthority(object): ...@@ -193,6 +193,13 @@ class CertificateAuthority(object):
self._loadCAKeyPairList() self._loadCAKeyPairList()
self._renewCAIfNeeded() self._renewCAIfNeeded()
@property
def crt_life_time(self):
"""
Read-only access to crt_life_time ctor parameter, as a timedelta.
"""
return self._crt_life_time
@property @property
def digest_list(self): def digest_list(self):
""" """
...@@ -229,8 +236,13 @@ class CertificateAuthority(object): ...@@ -229,8 +236,13 @@ class CertificateAuthority(object):
previous_crt_pem = crt_pem previous_crt_pem = crt_pem
previous_key = key previous_key = key
self._ca_key_pairs_list = ca_key_pair_list self._ca_key_pairs_list = ca_key_pair_list
self._ca_certificate_chain = tuple( self._ca_certificate_chain_and_expiration_date = (
ca_certificate_chain tuple(ca_certificate_chain),
(
None
if previous_crt is None else # Only True during __init__
previous_crt.not_valid_after
),
) )
def getCertificateSigningRequest(self, csr_id): def getCertificateSigningRequest(self, csr_id):
...@@ -621,6 +633,14 @@ class CertificateAuthority(object): ...@@ -621,6 +633,14 @@ class CertificateAuthority(object):
""" """
return utils.dump_certificate(self._getCurrentCAKeypair()['crt']) return utils.dump_certificate(self._getCurrentCAKeypair()['crt'])
def getCACertificateAndExpirationDate(self):
"""
Return current CA certificate, PEM-encoded, and its expiration date
(datetime).
"""
certificate = self._getCurrentCAKeypair()['crt']
return utils.dump_certificate(certificate), certificate.not_valid_after
def getCACertificateList(self): def getCACertificateList(self):
""" """
Return the current list of CA certificates as X509 obbjects. Return the current list of CA certificates as X509 obbjects.
...@@ -630,7 +650,8 @@ class CertificateAuthority(object): ...@@ -630,7 +650,8 @@ class CertificateAuthority(object):
def getValidCACertificateChain(self): def getValidCACertificateChain(self):
""" """
Return the CA certificate chain based on oldest CA certificate. Return the CA certificate chain based on oldest CA certificate, and
expiration date of the last (most recent) CA certificate in the chain.
Each item in the chain is a wrapped dict with the following keys: Each item in the chain is a wrapped dict with the following keys:
old (str) old (str)
...@@ -655,7 +676,7 @@ class CertificateAuthority(object): ...@@ -655,7 +676,7 @@ class CertificateAuthority(object):
purposes. purposes.
""" """
self._renewCAIfNeeded() self._renewCAIfNeeded()
return self._ca_certificate_chain return self._ca_certificate_chain_and_expiration_date
def revoke(self, crt_pem): def revoke(self, crt_pem):
""" """
......
...@@ -1644,6 +1644,7 @@ class CaucaseTest(unittest.TestCase): ...@@ -1644,6 +1644,7 @@ class CaucaseTest(unittest.TestCase):
Mock CAU. Mock CAU.
""" """
digest_list = ['sha256'] digest_list = ['sha256']
crt_life_time = datetime.timedelta(90, 0)
@staticmethod @staticmethod
def getCACertificateList(): def getCACertificateList():
...@@ -1653,11 +1654,14 @@ class CaucaseTest(unittest.TestCase): ...@@ -1653,11 +1654,14 @@ class CaucaseTest(unittest.TestCase):
return cau_list return cau_list
@staticmethod @staticmethod
def getCACertificate(): def getCACertificateAndExpirationDate():
""" """
Return a dummy string as CA certificate Return a dummy string as CA certificate
""" """
return b'notreallyPEM' return (
b'notreallyPEM',
datetime.datetime.utcnow() + datetime.timedelta(130, 0),
)
@staticmethod @staticmethod
def getCertificateRevocationListDict(): def getCertificateRevocationListDict():
...@@ -2022,10 +2026,6 @@ class CaucaseTest(unittest.TestCase): ...@@ -2022,10 +2026,6 @@ class CaucaseTest(unittest.TestCase):
header_dict['Access-Control-Allow-Origin'], header_dict['Access-Control-Allow-Origin'],
cross_origin, cross_origin,
) )
self.assertEqual(
header_dict['Vary'],
'Origin',
)
self.assertItemsEqual( self.assertItemsEqual(
[ [
x.strip() x.strip()
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment