Merge pull request #2473 from coreos-inc/certs-fixes
Fixes and improvements around custom certificate handling
This commit is contained in:
commit
65a17dc155
10 changed files with 86 additions and 41 deletions
|
@ -3,6 +3,7 @@
|
|||
import logging
|
||||
import os
|
||||
import string
|
||||
import subprocess
|
||||
|
||||
import pathvalidate
|
||||
|
||||
|
@ -894,9 +895,27 @@ class SuperUserCustomCertificate(ApiResource):
|
|||
if not uploaded_file:
|
||||
abort(400)
|
||||
|
||||
# Save the certificate.
|
||||
certpath = pathvalidate.sanitize_filename(certpath)
|
||||
if not certpath.endswith('.crt'):
|
||||
abort(400)
|
||||
|
||||
cert_full_path = os.path.join(EXTRA_CA_DIRECTORY, certpath)
|
||||
config_provider.save_volume_file(cert_full_path, uploaded_file)
|
||||
|
||||
# Validate the certificate.
|
||||
try:
|
||||
with config_provider.get_volume_file(cert_full_path) as f:
|
||||
load_certificate(f.read())
|
||||
|
||||
# Call the update script to install the certificate immediately.
|
||||
if not app.config['TESTING']:
|
||||
subprocess.check_call(['/conf/init/certs_install.sh'])
|
||||
except CertInvalidException:
|
||||
pass
|
||||
except IOError:
|
||||
pass
|
||||
|
||||
return '', 204
|
||||
|
||||
abort(403)
|
||||
|
|
Reference in a new issue