Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caucase
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
2
Merge Requests
2
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
caucase
Commits
362a3f7a
Commit
362a3f7a
authored
7 years ago
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
wsgi: Catch JSON payload decoding errors.
parent
d1fbca1f
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
25 additions
and
3 deletions
+25
-3
caucase/exceptions.py
caucase/exceptions.py
+4
-0
caucase/test.py
caucase/test.py
+7
-0
caucase/utils.py
caucase/utils.py
+12
-3
caucase/wsgi.py
caucase/wsgi.py
+2
-0
No files found.
caucase/exceptions.py
View file @
362a3f7a
...
@@ -42,3 +42,7 @@ class CertificateVerificationError(CertificateAuthorityException):
...
@@ -42,3 +42,7 @@ class CertificateVerificationError(CertificateAuthorityException):
class
NotACertificateSigningRequest
(
CertificateAuthorityException
):
class
NotACertificateSigningRequest
(
CertificateAuthorityException
):
"""Provided value is not a certificate signing request"""
"""Provided value is not a certificate signing request"""
pass
pass
class
NotJSON
(
CertificateAuthorityException
):
"""Provided value does not decode properly as JSON"""
pass
This diff is collapsed.
Click to expand it.
caucase/test.py
View file @
362a3f7a
...
@@ -1175,6 +1175,7 @@ class CaucaseTest(unittest.TestCase):
...
@@ -1175,6 +1175,7 @@ class CaucaseTest(unittest.TestCase):
"""
"""
Mock CAU.
Mock CAU.
"""
"""
digest_list
=
[
'sha256'
]
def
getCACertificateList
(
self
):
def
getCACertificateList
(
self
):
"""
"""
Return cau ca list.
Return cau ca list.
...
@@ -1319,6 +1320,12 @@ class CaucaseTest(unittest.TestCase):
...
@@ -1319,6 +1320,12 @@ class CaucaseTest(unittest.TestCase):
'CONTENT_TYPE'
:
'application/json'
,
'CONTENT_TYPE'
:
'application/json'
,
'wsgi.input'
:
StringIO
(
'{"digest": null}'
),
'wsgi.input'
:
StringIO
(
'{"digest": null}'
),
})[
0
],
UNAUTHORISED_STATUS
)
})[
0
],
UNAUTHORISED_STATUS
)
self
.
assertEqual
(
request
({
'PATH_INFO'
:
'/cau/crt/revoke'
,
'REQUEST_METHOD'
:
'PUT'
,
'CONTENT_TYPE'
:
'application/json'
,
'wsgi.input'
:
StringIO
(
'{"digest":"sha256","payload":""}'
),
})[
0
],
400
)
self
.
assertEqual
(
request
({
self
.
assertEqual
(
request
({
'PATH_INFO'
:
'/cau/crt/revoke'
,
'PATH_INFO'
:
'/cau/crt/revoke'
,
'REQUEST_METHOD'
:
'PUT'
,
'REQUEST_METHOD'
:
'PUT'
,
...
...
This diff is collapsed.
Click to expand it.
caucase/utils.py
View file @
362a3f7a
...
@@ -33,7 +33,10 @@ from cryptography.hazmat.primitives.asymmetric import rsa
...
@@ -33,7 +33,10 @@ from cryptography.hazmat.primitives.asymmetric import rsa
from
cryptography.hazmat.primitives.asymmetric
import
padding
from
cryptography.hazmat.primitives.asymmetric
import
padding
import
cryptography.exceptions
import
cryptography.exceptions
import
pem
import
pem
from
.exceptions
import
CertificateVerificationError
from
.exceptions
import
(
CertificateVerificationError
,
NotJSON
,
)
DEFAULT_DIGEST_LIST
=
(
'sha256'
,
'sha384'
,
'sha512'
)
DEFAULT_DIGEST_LIST
=
(
'sha256'
,
'sha384'
,
'sha512'
)
DEFAULT_DIGEST
=
DEFAULT_DIGEST_LIST
[
0
]
DEFAULT_DIGEST
=
DEFAULT_DIGEST_LIST
[
0
]
...
@@ -262,7 +265,10 @@ def unwrap(wrapped, getCertificate, digest_list):
...
@@ -262,7 +265,10 @@ def unwrap(wrapped, getCertificate, digest_list):
'%r is not in allowed digest list'
,
'%r is not in allowed digest list'
,
)
)
hash_class
=
getattr
(
hashes
,
digest
.
upper
())
hash_class
=
getattr
(
hashes
,
digest
.
upper
())
payload
=
json
.
loads
(
wrapped
[
'payload'
])
try
:
payload
=
json
.
loads
(
wrapped
[
'payload'
])
except
ValueError
:
raise
NotJSON
x509
.
load_pem_x509_certificate
(
x509
.
load_pem_x509_certificate
(
getCertificate
(
payload
).
encode
(
'ascii'
),
getCertificate
(
payload
).
encode
(
'ascii'
),
_cryptography_backend
,
_cryptography_backend
,
...
@@ -283,7 +289,10 @@ def nullUnwrap(wrapped):
...
@@ -283,7 +289,10 @@ def nullUnwrap(wrapped):
an authenticated user (and hence over a secure channel, HTTPS).
an authenticated user (and hence over a secure channel, HTTPS).
"""
"""
assert
wrapped
[
'digest'
]
is
None
assert
wrapped
[
'digest'
]
is
None
return
json
.
loads
(
wrapped
[
'payload'
])
try
:
return
json
.
loads
(
wrapped
[
'payload'
])
except
ValueError
:
raise
NotJSON
def
load_ca_certificate
(
data
):
def
load_ca_certificate
(
data
):
"""
"""
...
...
This diff is collapsed.
Click to expand it.
caucase/wsgi.py
View file @
362a3f7a
...
@@ -169,6 +169,8 @@ class Application(object):
...
@@ -169,6 +169,8 @@ class Application(object):
raise
Conflict
raise
Conflict
except
exceptions
.
NoStorage
:
except
exceptions
.
NoStorage
:
raise
InsufficientStorage
raise
InsufficientStorage
except
exceptions
.
NotJSON
:
raise
BadRequest
(
'Invalid json payload'
)
except
exceptions
.
CertificateAuthorityException
,
e
:
except
exceptions
.
CertificateAuthorityException
,
e
:
raise
BadRequest
(
str
(
e
))
raise
BadRequest
(
str
(
e
))
except
Exception
:
except
Exception
:
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment