WIP wsgi: Produce http response caching headers.

cbfcd37c · Vincent Pelletier · 74828dc4 · cbfcd37c · cbfcd37c · cbfcd37c
Commit cbfcd37c authored Nov 25, 2020 by Vincent Pelletier
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 356 additions and 66 deletions

caucase/ca.py caucase/ca.py +25 -4

caucase/test.py caucase/test.py +6 -6

caucase/wsgi.py caucase/wsgi.py +325 -56

No files found.
--- a/caucase/ca.py
+++ b/caucase/ca.py
@@ -193,6 +193,13 @@ class CertificateAuthority(object):
    self._loadCAKeyPairList()
    self._renewCAIfNeeded()

+  @property
+  def crt_life_time(self):
+    """
+    Read-only access to crt_life_time ctor parameter, as a timedelta.
+    """
+    return self._crt_life_time
+
  @property
  def digest_list(self):
    """
@@ -229,8 +236,13 @@ class CertificateAuthority(object):
      previous_crt_pem = crt_pem
      previous_key = key
    self._ca_key_pairs_list = ca_key_pair_list
-    self._ca_certificate_chain = tuple(
-      ca_certificate_chain
+    self._ca_certificate_chain_and_expiration_date = (
+      tuple(ca_certificate_chain),
+      (
+        None
+        if previous_crt is None else # Only True during __init__
+        previous_crt.not_valid_after
+      ),
    )

  def getCertificateSigningRequest(self, csr_id):
@@ -621,6 +633,14 @@ class CertificateAuthority(object):
    """
    return utils.dump_certificate(self._getCurrentCAKeypair()['crt'])

+  def getCACertificateAndExpirationDate(self):
+    """
+    Return current CA certificate, PEM-encoded, and its expiration date
+    (datetime).
+    """
+    certificate = self._getCurrentCAKeypair()['crt']
+    return utils.dump_certificate(certificate), certificate.not_valid_after
+
  def getCACertificateList(self):
    """
    Return the current list of CA certificates as X509 obbjects.
@@ -630,7 +650,8 @@ class CertificateAuthority(object):

  def getValidCACertificateChain(self):
    """
-    Return the CA certificate chain based on oldest CA certificate.
+    Return the CA certificate chain based on oldest CA certificate, and
+    expiration date of the last (most recent) CA certificate in the chain.

    Each item in the chain is a wrapped dict with the following keys:
    old (str)
@@ -655,7 +676,7 @@ class CertificateAuthority(object):
    purposes.
    """
    self._renewCAIfNeeded()
-    return self._ca_certificate_chain
+    return self._ca_certificate_chain_and_expiration_date

  def revoke(self, crt_pem):
    """

--- a/caucase/test.py
+++ b/caucase/test.py
@@ -1644,6 +1644,7 @@ class CaucaseTest(unittest.TestCase):
      Mock CAU.
      """
      digest_list = ['sha256']
+      crt_life_time = datetime.timedelta(90, 0)

      @staticmethod
      def getCACertificateList():
@@ -1653,11 +1654,14 @@ class CaucaseTest(unittest.TestCase):
        return cau_list

      @staticmethod
-      def getCACertificate():
+      def getCACertificateAndExpirationDate():
        """
        Return a dummy string as CA certificate
        """
-        return b'notreallyPEM'
+        return (
+          b'notreallyPEM',
+          datetime.datetime.utcnow() + datetime.timedelta(130, 0),
+        )

      @staticmethod
      def getCertificateRevocationListDict():
@@ -2022,10 +2026,6 @@ class CaucaseTest(unittest.TestCase):
      header_dict['Access-Control-Allow-Origin'],
      cross_origin,
    )
-    self.assertEqual(
-      header_dict['Vary'],
-      'Origin',
-    )
    self.assertItemsEqual(
      [
        x.strip()

--- a/caucase/wsgi.py
+++ b/caucase/wsgi.py