Merge pull request #2432 from alwaysjolley/cfssl_authsign
Adding support for cfssl auth mode signing
This commit is contained in:
commit
7fb97ef4e5
|
@ -10,6 +10,9 @@
|
||||||
|
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
import base64
|
||||||
|
import hmac
|
||||||
|
import hashlib
|
||||||
|
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
|
|
||||||
|
@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin):
|
||||||
data = {'certificate_request': csr}
|
data = {'certificate_request': csr}
|
||||||
data = json.dumps(data)
|
data = json.dumps(data)
|
||||||
|
|
||||||
|
try:
|
||||||
|
hex_key = current_app.config.get('CFSSL_KEY')
|
||||||
|
key = bytes.fromhex(hex_key)
|
||||||
|
except (ValueError, NameError):
|
||||||
|
# unable to find CFSSL_KEY in config, continue using normal sign method
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
data = data.encode()
|
||||||
|
|
||||||
|
token = base64.b64encode(hmac.new(key, data, digestmod=hashlib.sha256).digest())
|
||||||
|
data = base64.b64encode(data)
|
||||||
|
|
||||||
|
data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})
|
||||||
|
|
||||||
|
url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign')
|
||||||
response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
|
response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
|
||||||
if response.status_code > 399:
|
if response.status_code > 399:
|
||||||
metrics.send('cfssl_create_certificate_failure', 'counter', 1)
|
metrics.send('cfssl_create_certificate_failure', 'counter', 1)
|
||||||
|
|
Loading…
Reference in New Issue