Adding support for cfssl auth mode signing

This commit is contained in:
alwaysjolley 2019-01-29 10:13:44 -05:00
parent 4842bb0880
commit b4d1b80e04
1 changed files with 18 additions and 0 deletions

View File

@ -10,6 +10,9 @@
import json
import requests
import base64
import hmac
import hashlib
from flask import current_app
@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin):
data = {'certificate_request': csr}
data = json.dumps(data)
try:
hex_key = current_app.config.get('CFSSL_KEY')
key=bytes.fromhex(hex_key)
except:
#unable to find CFSSL_KEY in config, continue using normal sign method
pass
else:
data=data.encode()
token = base64.b64encode(hmac.new(key,data,digestmod=hashlib.sha256).digest())
data = base64.b64encode(data)
data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})
url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign')
response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
if response.status_code > 399:
metrics.send('cfssl_create_certificate_failure', 'counter', 1)