From b4d1b80e04c6ead46635977fc9d21161718eb6e5 Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Tue, 29 Jan 2019 10:13:44 -0500 Subject: [PATCH 1/3] Adding support for cfssl auth mode signing --- lemur/plugins/lemur_cfssl/plugin.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/lemur/plugins/lemur_cfssl/plugin.py b/lemur/plugins/lemur_cfssl/plugin.py index 030f290a..ead633bc 100644 --- a/lemur/plugins/lemur_cfssl/plugin.py +++ b/lemur/plugins/lemur_cfssl/plugin.py @@ -10,6 +10,9 @@ import json import requests +import base64 +import hmac +import hashlib from flask import current_app @@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin): data = {'certificate_request': csr} data = json.dumps(data) + try: + hex_key = current_app.config.get('CFSSL_KEY') + key=bytes.fromhex(hex_key) + except: + #unable to find CFSSL_KEY in config, continue using normal sign method + pass + else: + data=data.encode() + + token = base64.b64encode(hmac.new(key,data,digestmod=hashlib.sha256).digest()) + data = base64.b64encode(data) + + data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')}) + + url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign') response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict')) if response.status_code > 399: metrics.send('cfssl_create_certificate_failure', 'counter', 1) From 254a3079f2ceb7408b42d3ec9626cbf69d4abb7e Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Tue, 29 Jan 2019 11:01:55 -0500 Subject: [PATCH 2/3] fix whitespace --- lemur/plugins/lemur_cfssl/plugin.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemur/plugins/lemur_cfssl/plugin.py b/lemur/plugins/lemur_cfssl/plugin.py index ead633bc..d2abc2aa 100644 --- a/lemur/plugins/lemur_cfssl/plugin.py +++ b/lemur/plugins/lemur_cfssl/plugin.py @@ -53,14 +53,14 @@ class CfsslIssuerPlugin(IssuerPlugin): try: hex_key = current_app.config.get('CFSSL_KEY') - key=bytes.fromhex(hex_key) + key = bytes.fromhex(hex_key) except: #unable to find CFSSL_KEY in config, continue using normal sign method pass else: - data=data.encode() + data = data.encode() - token = base64.b64encode(hmac.new(key,data,digestmod=hashlib.sha256).digest()) + token = base64.b64encode(hmac.new(key, data, digestmod=hashlib.sha256).digest()) data = base64.b64encode(data) data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')}) From c68a9cf80acd651ad18fe48a6c7d0e0a43ef7f29 Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Tue, 29 Jan 2019 11:10:56 -0500 Subject: [PATCH 3/3] fixing linting issues --- lemur/plugins/lemur_cfssl/plugin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/plugins/lemur_cfssl/plugin.py b/lemur/plugins/lemur_cfssl/plugin.py index d2abc2aa..4bfefc85 100644 --- a/lemur/plugins/lemur_cfssl/plugin.py +++ b/lemur/plugins/lemur_cfssl/plugin.py @@ -54,8 +54,8 @@ class CfsslIssuerPlugin(IssuerPlugin): try: hex_key = current_app.config.get('CFSSL_KEY') key = bytes.fromhex(hex_key) - except: - #unable to find CFSSL_KEY in config, continue using normal sign method + except (ValueError, NameError): + # unable to find CFSSL_KEY in config, continue using normal sign method pass else: data = data.encode()