Initial work on #125
This commit is contained in:
kevgliss
@ -77,6 +77,24 @@ def find_duplicates(cert_body):
|
||||
return Certificate.query.filter_by(body=cert_body).all()
|
||||
|
||||
|
||||
def export(cert_id, export_options):
|
||||
"""
|
||||
Exports a certificate to the requested format. This format
|
||||
may be a binary format.
|
||||
:param export_options:
|
||||
:param cert_id:
|
||||
:return:
|
||||
"""
|
||||
cert = get(cert_id)
|
||||
export_plugin = plugins.get(export_options['slug'])
|
||||
|
||||
data = export_plugin.export(cert.body, cert.key)
|
||||
if export_options.get('encrypted'):
|
||||
pass
|
||||
|
||||
return data
|
||||
|
||||
|
||||
def update(cert_id, owner, description, active, destinations, notifications, replaces):
|
||||
"""
|
||||
Updates a certificate
|
||||
|
||||
@ -5,7 +5,6 @@
|
||||
:license: Apache, see LICENSE for more details.
|
||||
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
||||
"""
|
||||
import os
|
||||
import requests
|
||||
import subprocess
|
||||
from OpenSSL import crypto
|
||||
@ -13,20 +12,7 @@ from cryptography import x509
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
|
||||
from flask import current_app
|
||||
|
||||
from contextlib import contextmanager
|
||||
from tempfile import NamedTemporaryFile
|
||||
|
||||
|
||||
@contextmanager
|
||||
def mktempfile():
|
||||
with NamedTemporaryFile(delete=False) as f:
|
||||
name = f.name
|
||||
|
||||
try:
|
||||
yield name
|
||||
finally:
|
||||
os.unlink(name)
|
||||
from lemur.utils import mktempfile
|
||||
|
||||
|
||||
def ocsp_verify(cert_path, issuer_chain_path):
|
||||
|
||||
@ -775,6 +775,55 @@ class CertificatesReplacementsList(AuthenticatedResource):
|
||||
return service.get(certificate_id).replaces
|
||||
|
||||
|
||||
class CertficiateExport(AuthenticatedResource):
|
||||
def __init__(self):
|
||||
self.reqparse = reqparse.RequestParser()
|
||||
super(CertficiateExport, self).__init__()
|
||||
|
||||
def post(self, certificate_id):
|
||||
"""
|
||||
.. http:post:: /certificates/1/export
|
||||
|
||||
Export a certificate
|
||||
|
||||
**Example request**:
|
||||
|
||||
.. sourcecode:: http
|
||||
|
||||
PUT /certificates/1/export HTTP/1.1
|
||||
Host: example.com
|
||||
Accept: application/json, text/javascript
|
||||
|
||||
|
||||
**Example response**:
|
||||
|
||||
.. sourcecode:: http
|
||||
|
||||
HTTP/1.1 200 OK
|
||||
Vary: Accept
|
||||
Content-Type: text/javascript
|
||||
|
||||
|
||||
:reqheader Authorization: OAuth token to authenticate
|
||||
:statuscode 200: no error
|
||||
:statuscode 403: unauthenticated
|
||||
"""
|
||||
args = self.reqparse.parse_args()
|
||||
|
||||
cert = service.get(certificate_id)
|
||||
role = role_service.get_by_name(cert.owner)
|
||||
|
||||
permission = UpdateCertificatePermission(certificate_id, getattr(role, 'name', None))
|
||||
|
||||
if permission.can():
|
||||
data = service.export(certificate_id)
|
||||
response = make_response(data)
|
||||
response.headers['content-type'] = 'application/octet-stream'
|
||||
return response
|
||||
|
||||
return dict(message='You are not authorized to export this certificate'), 403
|
||||
|
||||
|
||||
api.add_resource(CertificatesList, '/certificates', endpoint='certificates')
|
||||
api.add_resource(Certificates, '/certificates/<int:certificate_id>', endpoint='certificate')
|
||||
api.add_resource(CertificatesStats, '/certificates/stats', endpoint='certificateStats')
|
||||
|
||||
Reference in New Issue
Block a user