Commit 11bcf0dd authored by Robin Obůrka's avatar Robin Obůrka

Use current_app in modules

parent 969bb0ad
import json
from flask import current_app
from certapi import app
from certapi.crypto import create_random_sid, create_random_nonce, key_match
from certapi.exceptions import InvalidAuthStateError, InvalidSessionError, InvalidParamError
......@@ -25,7 +27,7 @@ def get_cert_key(sn):
def create_auth_session(sn, sid, csr_str, flags, auth_type, r):
""" Certificate with matching private key not found in redis
"""
app.logger.debug("Starting authentication for sn=%s", sn)
current_app.logger.debug("Starting authentication for sn=%s", sn)
sid = create_random_sid()
nonce = create_random_nonce()
session = {
......@@ -51,7 +53,7 @@ def get_auth_state(sn, sid, r):
"""
auth_state = r.get(get_auth_state_key(sn, sid))
if not auth_state:
app.logger.debug("Certificate creation in progress, sn=%s, sid=%s", sn, sid)
current_app.logger.debug("Certificate creation in progress, sn=%s, sid=%s", sn, sid)
status = {
"status": "wait",
"delay": DELAY_GET_SESSION_EXISTS
......@@ -61,16 +63,16 @@ def get_auth_state(sn, sid, r):
try:
auth_state = json.loads(auth_state.decode("utf-8"))
except UnicodeDecodeError:
app.logger.error("UnicodeDecodeError for auth_state sn=%s, sid=%s", sn, sid)
current_app.logger.error("UnicodeDecodeError for auth_state sn=%s, sid=%s", sn, sid)
return (False, {"status": "error"})
except json.decoder.JSONDecodeError:
app.logger.error("JSONDecodeError for auth_state sn=%s, sid=%s", sn, sid)
current_app.logger.error("JSONDecodeError for auth_state sn=%s, sid=%s", sn, sid)
return (False, {"status": "error"})
try:
validators.check_auth_state(auth_state)
except InvalidAuthStateError:
app.logger.error("Auth state ivalid for sn=%s, sid=%s", sn, sid)
current_app.logger.error("Auth state ivalid for sn=%s, sid=%s", sn, sid)
return (False, {"status": "error"})
if auth_state["status"] == "ok":
......@@ -78,12 +80,12 @@ def get_auth_state(sn, sid, r):
elif auth_state["status"] == "failed":
return (False, {"status": "auth_failed"})
else:
app.logger.error("auth_state invalid value in session sn=%s, sid=%s", sn, sid)
current_app.logger.error("auth_state invalid value in session sn=%s, sid=%s", sn, sid)
return (False, {"status": "error"})
def process_req_get(sn, sid, csr_str, flags, auth_type, r):
app.logger.debug("Processing GET request, sn=%s, sid=%s", sn, sid)
current_app.logger.debug("Processing GET request, sn=%s, sid=%s", sn, sid)
if "renew" in flags: # when renew is flagged we ignore cert in redis
return create_auth_session(sn, sid, csr_str, flags, auth_type, r)
authenticated = False
......@@ -97,22 +99,22 @@ def process_req_get(sn, sid, csr_str, flags, auth_type, r):
cert_bytes = r.get(get_cert_key(sn))
if not cert_bytes:
if authenticated:
app.logger.warning("Auth OK but certificate not in redis, sn=%s", sn)
current_app.logger.warning("Auth OK but certificate not in redis, sn=%s", sn)
else:
app.logger.debug("Certificate not in redis, sn=%s", sn)
current_app.logger.debug("Certificate not in redis, sn=%s", sn)
return create_auth_session(sn, sid, csr_str, flags, auth_type, r)
app.logger.debug("Certificate found in redis, sn=%s", sn)
current_app.logger.debug("Certificate found in redis, sn=%s", sn)
# cert and csr public key match
if not key_match(cert_bytes, csr_str.encode("utf-8")):
if authenticated:
app.logger.warning("Auth OK but certificate key does not match, sn=%s", sn)
current_app.logger.warning("Auth OK but certificate key does not match, sn=%s", sn)
else:
app.logger.debug("Certificate key does not match, sn=%s", sn)
current_app.logger.debug("Certificate key does not match, sn=%s", sn)
return create_auth_session(sn, sid, csr_str, flags, auth_type, r)
app.logger.debug("Certificate restored from redis, sn=%s", sn)
current_app.logger.debug("Certificate restored from redis, sn=%s", sn)
return {
"status": "ok",
"cert": cert_bytes.decode("utf-8")
......@@ -125,22 +127,22 @@ def get_auth_session(sn, sid, r):
"""
session_json = r.get(get_session_key(sn, sid))
if not session_json: # authentication session open / certificate creation in progress
app.logger.debug("Authentication session not found, sn=%s, sid=%s", sn, sid)
current_app.logger.debug("Authentication session not found, sn=%s, sid=%s", sn, sid)
return (None, {"status": "fail"})
try:
session = json.loads(session_json.decode("utf-8"))
except UnicodeDecodeError:
app.logger.error("UnicodeDecodeError for session sn=%s, sid=%s", sn, sid)
current_app.logger.error("UnicodeDecodeError for session sn=%s, sid=%s", sn, sid)
return (None, {"status": "error"})
except json.decoder.JSONDecodeError:
app.logger.error("JSONDecodeError for session sn=%s, sid=%s", sn, sid)
current_app.logger.error("JSONDecodeError for session sn=%s, sid=%s", sn, sid)
return (None, {"status": "error"})
try:
validators.check_session(session)
except InvalidSessionError as e:
app.logger.error("Value missing in Redis session (%s) sn=%s, sid=%s", e, sn, sid)
current_app.logger.error("Value missing in Redis session (%s) sn=%s, sid=%s", e, sn, sid)
return (None, {"status": "error"})
return (session, None)
......@@ -169,23 +171,23 @@ def push_csr(sn, sid, session, digest, r):
def process_req_auth(sn, sid, digest, auth_type, r):
app.logger.debug("Processing AUTH request, sn=%s, sid=%s", sn, sid)
current_app.logger.debug("Processing AUTH request, sn=%s, sid=%s", sn, sid)
(session, status) = get_auth_session(sn, sid, r)
if not session:
return status
app.logger.debug("Authentication session found open for sn=%s, sid=%s", sn, sid)
current_app.logger.debug("Authentication session found open for sn=%s, sid=%s", sn, sid)
if session["auth_type"] != auth_type:
app.logger.debug("Authentication type does not match, sn=%s, sid=%s", sn, sid)
current_app.logger.debug("Authentication type does not match, sn=%s, sid=%s", sn, sid)
return {"status": "fail"}
if session["digest"]: # certificate creation in progress
app.logger.debug("Digest already saved for sn=%s, sid=%s", sn, sid)
current_app.logger.debug("Digest already saved for sn=%s, sid=%s", sn, sid)
return {"status": "fail"}
# start certificate creation (CA will check the digest first)
app.logger.debug("Saving digest for sn=%s, sid=%s", sn, sid)
current_app.logger.debug("Saving digest for sn=%s, sid=%s", sn, sid)
push_csr(sn, sid, session, digest, r)
return {
......@@ -196,7 +198,7 @@ def process_req_auth(sn, sid, digest, auth_type, r):
def process_request(req_json, r):
if type(req_json) is not dict:
app.logger.warning("Request failure: not a valid json")
current_app.logger.warning("Request failure: not a valid json")
return {"status": "error"}
try:
validators.validate_req_type(req_json["type"])
......@@ -212,10 +214,10 @@ def process_request(req_json, r):
validators.validate_digest(req_json["digest"])
except KeyError as e:
app.logger.warning("Request failure: parameter missing: %s", e)
current_app.logger.warning("Request failure: parameter missing: %s", e)
return {"status": "error"}
except InvalidParamError as e:
app.logger.warning("Request failure: %s", e)
current_app.logger.warning("Request failure: %s", e)
return {"status": "error"}
if req_json["type"] == "get_cert":
......
......@@ -4,6 +4,7 @@ import redis
from flask import request
from flask import jsonify
from flask import g
from flask import current_app
from certapi import app
from certapi.authentication import process_request
......@@ -20,7 +21,7 @@ def get_redis():
def log_debug_json(msg, msg_json):
app.logger.debug("%s:\n%s", msg, json.dumps(msg_json, indent=2))
current_app.logger.debug("%s:\n%s", msg, json.dumps(msg_json, indent=2))
@app.route("/v1", methods=['POST'])
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment