pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

implement CRL checking from authnid

Browse Source
This commit is contained in:
dandds
2018-08-06 11:12:58 -04:00
parent be079a62dc
commit ac95bf371e
9 changed files with 58 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
atst/app.py
View File

@@ -1,5 +1,6 @@
import os
import re
import pathlib
from configparser import ConfigParser
from flask import Flask, request, g
from flask_session import Session
@@ -13,6 +14,7 @@ from atst.routes import bp
from atst.routes.workspaces import bp as workspace_routes
from atst.routes.requests import requests_bp
from atst.routes.dev import bp as dev_routes
from atst.domain.authnid.crl.validator import Validator
ENV = os.getenv("FLASK_ENV", "dev")
@@ -33,6 +35,7 @@ def make_app(config):
app.config.update({"SESSION_REDIS": redis})
make_flask_callbacks(app)
make_crl_validator(app)
db.init_app(app)
Session(app)
@@ -123,3 +126,13 @@ def make_config():
def make_redis(config):
return redis.Redis.from_url(config['REDIS_URI'])
def make_crl_validator(app):
crl_locations = []
for filename in pathlib.Path(app.config["CRL_DIRECTORY"]).glob("*"):
crl_locations.append(filename.absolute())
app.crl_validator = Validator(
roots=[app.config["CA_CHAIN"]], crl_locations=crl_locations
)
for e in app.crl_validator.errors:
app.logger.error(e)

4
atst/routes/__init__.py
View File

@@ -35,7 +35,7 @@ def catch_all(path):
@bp.route('/login-redirect')
def login_redirect():
if request.environ.get('HTTP_X_SSL_CLIENT_VERIFY') == 'SUCCESS' and is_valid_certificate(request):
if request.environ.get('HTTP_X_SSL_CLIENT_VERIFY') == 'SUCCESS' and _is_valid_certificate(request):
sdn = request.environ.get('HTTP_X_SSL_CLIENT_S_DN')
sdn_parts = parse_sdn(sdn)
user = Users.get_or_create_by_dod_id(**sdn_parts)
@@ -54,7 +54,7 @@ def unauthorized():
return response
def is_valid_certificate(request):
def _is_valid_certificate(request):
cert = request.environ.get('HTTP_X_SSL_CLIENT_CERT')
if cert:
result = app.crl_validator.validate(cert.encode())