Adding support for cfssl auth mode signing

2019-01-29 10:13:44 -05:00 · 2019-01-29 10:13:44 -05:00 · b4d1b80e04
parent 4842bb0880
commit b4d1b80e04
1 changed files with 18 additions and 0 deletions
--- a/lemur/plugins/lemur_cfssl/plugin.py
+++ b/lemur/plugins/lemur_cfssl/plugin.py
@ -10,6 +10,9 @@

 import json
 import requests
+import base64
+import hmac
+import hashlib

 from flask import current_app

@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin):
        data = {'certificate_request': csr}
        data = json.dumps(data)

+        try:
+            hex_key = current_app.config.get('CFSSL_KEY')
+            key=bytes.fromhex(hex_key)
+        except:
+            #unable to find CFSSL_KEY in config, continue using normal sign method
+            pass
+        else:
+            data=data.encode()
+
+            token = base64.b64encode(hmac.new(key,data,digestmod=hashlib.sha256).digest())
+            data = base64.b64encode(data)
+
+            data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})
+
+            url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign')
        response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
        if response.status_code > 399:
            metrics.send('cfssl_create_certificate_failure', 'counter', 1)