Merge pull request #2473 from coreos-inc/certs-fixes

Fixes and improvements around custom certificate handling
This commit is contained in:
Jimmy Zelinskie 2017-03-27 15:08:36 -04:00 committed by GitHub
commit 65a17dc155
10 changed files with 86 additions and 41 deletions

View file

@ -3,6 +3,7 @@
import logging
import os
import string
import subprocess
import pathvalidate
@ -894,9 +895,27 @@ class SuperUserCustomCertificate(ApiResource):
if not uploaded_file:
abort(400)
# Save the certificate.
certpath = pathvalidate.sanitize_filename(certpath)
if not certpath.endswith('.crt'):
abort(400)
cert_full_path = os.path.join(EXTRA_CA_DIRECTORY, certpath)
config_provider.save_volume_file(cert_full_path, uploaded_file)
# Validate the certificate.
try:
with config_provider.get_volume_file(cert_full_path) as f:
load_certificate(f.read())
# Call the update script to install the certificate immediately.
if not app.config['TESTING']:
subprocess.check_call(['/conf/init/certs_install.sh'])
except CertInvalidException:
pass
except IOError:
pass
return '', 204
abort(403)