crypto: add download links as API fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
2275ba3add
commit
3a64d97040
|
|
@ -3,6 +3,7 @@ from cryptography.hazmat.backends import default_backend
|
||||||
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
||||||
from cryptography.x509 import load_pem_x509_certificate
|
from cryptography.x509 import load_pem_x509_certificate
|
||||||
from django.http.response import HttpResponse
|
from django.http.response import HttpResponse
|
||||||
|
from django.urls import reverse
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django_filters import FilterSet
|
from django_filters import FilterSet
|
||||||
from django_filters.filters import BooleanFilter
|
from django_filters.filters import BooleanFilter
|
||||||
|
|
@ -35,6 +36,9 @@ class CertificateKeyPairSerializer(ModelSerializer):
|
||||||
cert_subject = SerializerMethodField()
|
cert_subject = SerializerMethodField()
|
||||||
private_key_available = SerializerMethodField()
|
private_key_available = SerializerMethodField()
|
||||||
|
|
||||||
|
certificate_download_url = SerializerMethodField()
|
||||||
|
private_key_download_url = SerializerMethodField()
|
||||||
|
|
||||||
def get_cert_subject(self, instance: CertificateKeyPair) -> str:
|
def get_cert_subject(self, instance: CertificateKeyPair) -> str:
|
||||||
"""Get certificate subject as full rfc4514"""
|
"""Get certificate subject as full rfc4514"""
|
||||||
return instance.certificate.subject.rfc4514_string()
|
return instance.certificate.subject.rfc4514_string()
|
||||||
|
|
@ -43,6 +47,26 @@ class CertificateKeyPairSerializer(ModelSerializer):
|
||||||
"""Show if this keypair has a private key configured or not"""
|
"""Show if this keypair has a private key configured or not"""
|
||||||
return instance.key_data != "" and instance.key_data is not None
|
return instance.key_data != "" and instance.key_data is not None
|
||||||
|
|
||||||
|
def get_certificate_download_url(self, instance: CertificateKeyPair) -> str:
|
||||||
|
"""Get URL to download certificate"""
|
||||||
|
return (
|
||||||
|
reverse(
|
||||||
|
"authentik_api:certificatekeypair-view-certificate",
|
||||||
|
kwargs={"pk": instance.pk},
|
||||||
|
)
|
||||||
|
+ "?download"
|
||||||
|
)
|
||||||
|
|
||||||
|
def get_private_key_download_url(self, instance: CertificateKeyPair) -> str:
|
||||||
|
"""Get URL to download private key"""
|
||||||
|
return (
|
||||||
|
reverse(
|
||||||
|
"authentik_api:certificatekeypair-view-private-key",
|
||||||
|
kwargs={"pk": instance.pk},
|
||||||
|
)
|
||||||
|
+ "?download"
|
||||||
|
)
|
||||||
|
|
||||||
def validate_certificate_data(self, value: str) -> str:
|
def validate_certificate_data(self, value: str) -> str:
|
||||||
"""Verify that input is a valid PEM x509 Certificate"""
|
"""Verify that input is a valid PEM x509 Certificate"""
|
||||||
try:
|
try:
|
||||||
|
|
@ -79,6 +103,8 @@ class CertificateKeyPairSerializer(ModelSerializer):
|
||||||
"cert_expiry",
|
"cert_expiry",
|
||||||
"cert_subject",
|
"cert_subject",
|
||||||
"private_key_available",
|
"private_key_available",
|
||||||
|
"certificate_download_url",
|
||||||
|
"private_key_download_url",
|
||||||
]
|
]
|
||||||
extra_kwargs = {
|
extra_kwargs = {
|
||||||
"key_data": {"write_only": True},
|
"key_data": {"write_only": True},
|
||||||
|
|
|
||||||
10
schema.yml
10
schema.yml
|
|
@ -1,7 +1,7 @@
|
||||||
openapi: 3.0.3
|
openapi: 3.0.3
|
||||||
info:
|
info:
|
||||||
title: authentik
|
title: authentik
|
||||||
version: 2021.5.4
|
version: 2021.6.1-rc1
|
||||||
description: Making authentication simple.
|
description: Making authentication simple.
|
||||||
contact:
|
contact:
|
||||||
email: hello@beryju.org
|
email: hello@beryju.org
|
||||||
|
|
@ -18380,13 +18380,21 @@ components:
|
||||||
private_key_available:
|
private_key_available:
|
||||||
type: boolean
|
type: boolean
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
certificate_download_url:
|
||||||
|
type: string
|
||||||
|
readOnly: true
|
||||||
|
private_key_download_url:
|
||||||
|
type: string
|
||||||
|
readOnly: true
|
||||||
required:
|
required:
|
||||||
- cert_expiry
|
- cert_expiry
|
||||||
- cert_subject
|
- cert_subject
|
||||||
|
- certificate_download_url
|
||||||
- fingerprint
|
- fingerprint
|
||||||
- name
|
- name
|
||||||
- pk
|
- pk
|
||||||
- private_key_available
|
- private_key_available
|
||||||
|
- private_key_download_url
|
||||||
CertificateKeyPairRequest:
|
CertificateKeyPairRequest:
|
||||||
type: object
|
type: object
|
||||||
description: CertificateKeyPair Serializer
|
description: CertificateKeyPair Serializer
|
||||||
|
|
|
||||||
|
|
@ -124,11 +124,11 @@ export class CertificateKeyPairListPage extends TablePage<CertificateKeyPair> {
|
||||||
<dd class="pf-c-description-list__description">
|
<dd class="pf-c-description-list__description">
|
||||||
<div class="pf-c-description-list__text">
|
<div class="pf-c-description-list__text">
|
||||||
<a class="pf-c-button pf-m-secondary" target="_blank"
|
<a class="pf-c-button pf-m-secondary" target="_blank"
|
||||||
href="/api/v2beta/crypto/certificatekeypairs/${item.pk}/view_certificate/?download">
|
href=${item.certificateDownloadUrl}>
|
||||||
${t`Download Certificate`}
|
${t`Download Certificate`}
|
||||||
</a>
|
</a>
|
||||||
${item.privateKeyAvailable ? html`<a class="pf-c-button pf-m-secondary" target="_blank"
|
${item.privateKeyAvailable ? html`<a class="pf-c-button pf-m-secondary" target="_blank"
|
||||||
href="/api/v2beta/crypto/certificatekeypairs/${item.pk}/view_private_key/?download">
|
href=${item.privateKeyDownloadUrl}>
|
||||||
${t`Download Private key`}
|
${t`Download Private key`}
|
||||||
</a>` : html``}
|
</a>` : html``}
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
Reference in a new issue