Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caucase
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
caucase
Commits
f9819934
Commit
f9819934
authored
7 years ago
by
Alain Takoudjou
Committed by
Alain Takoudjou
7 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
use crt_id istead of serial when revoke directly a certificate
parent
7a09ecac
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
28 additions
and
14 deletions
+28
-14
caucase/ca.py
caucase/ca.py
+5
-4
caucase/storage.py
caucase/storage.py
+16
-7
caucase/web.py
caucase/web.py
+7
-3
No files found.
caucase/ca.py
View file @
f9819934
...
...
@@ -345,14 +345,15 @@ class CertificateAuthority(object):
utils
.
getSerialToInt
(
crt
),
reason
)
def
revokeCertificateFrom
Serial
(
self
,
serial
):
def
revokeCertificateFrom
ID
(
self
,
crt_id
):
"""
Directly revoke a certificate from
serial
Directly revoke a certificate from
crt_id
@param
serial: The serial of the certificate (int
)
@param
crt_id: The ID of the certificate (string
)
"""
return
self
.
_storage
.
revokeCertificate
(
serial
,
crt_id
=
crt_id
,
reason
=
""
)
def
renew
(
self
,
wrapped_csr
):
...
...
This diff is collapsed.
Click to expand it.
caucase/storage.py
View file @
f9819934
...
...
@@ -326,20 +326,29 @@ class Storage(object):
return
data_list
def
revokeCertificate
(
self
,
serial
,
reason
=
''
):
def
revokeCertificate
(
self
,
serial
=
None
,
crt_id
=
None
,
reason
=
''
):
"""
Add serial to the list of revoked certificates.
Associated certificate must expire at (or before) not_after_date, so
revocation can be pruned.
serial or crt_id should be send to get the certificate. If both are set,
serial is used.
"""
cert
=
Certificate
.
query
.
filter
(
Certificate
.
status
==
STATUS_VALIDATED
).
filter
(
Certificate
.
serial
==
serial
).
first
()
if
serial
is
None
and
crt_id
is
None
:
raise
ValueError
(
"serial or crt_id are not set to revokeCertificate."
)
query
=
Certificate
.
query
.
filter
(
Certificate
.
status
==
STATUS_VALIDATED
)
if
serial
:
query
=
query
.
filter
(
Certificate
.
serial
==
serial
)
else
:
query
=
query
.
filter
(
Certificate
.
crt_id
==
crt_id
)
cert
=
query
.
first
()
if
not
cert
:
raise
NotFound
(
'No certficate with serial %r'
%
(
serial
,
))
raise
NotFound
(
'No certficate with serial or id %r found!'
%
(
serial
or
crt_id
,
))
expire_in
=
cert
.
expire_after
-
datetime
.
utcnow
()
if
expire_in
.
days
<
0
:
...
...
This diff is collapsed.
Click to expand it.
caucase/web.py
View file @
f9819934
...
...
@@ -606,7 +606,7 @@ def request_revoke_crt():
response
=
Response
(
""
,
status
=
201
,
)
return
response
@
app
.
route
(
'/crt/revoke/
serial
'
,
methods
=
[
'PUT'
])
@
app
.
route
(
'/crt/revoke/
id
'
,
methods
=
[
'PUT'
])
@
authenticated_method
def
revoke_crt
():
"""
...
...
@@ -614,8 +614,12 @@ def revoke_crt():
"""
try
:
serial
=
request
.
form
.
get
(
'serial'
,
''
)
app
.
config
.
ca
.
revokeCertificateFromSerial
(
serial
)
crt_id
=
request
.
form
.
get
(
'crt_id'
,
''
)
if
not
crt_id
:
raise
FlaskException
(
"'crt_id' parameter is mandatory"
,
payload
=
{
"name"
:
"MissingParameter"
,
"code"
:
2
})
app
.
config
.
ca
.
revokeCertificateFromID
(
crt_id
)
except
ValueError
,
e
:
traceback
.
print_exc
()
raise
FlaskException
(
str
(
e
),
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment