ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

fpaste: add register command for public certificate enrollment

Browse Source 
- Add register command to obtain client cert from server
- Solve PoW challenge, receive PKCS#12 bundle
- Extract cert/key, optionally update config (--configure)
- Fix registration to work without PKI_ENABLED (only needs PKI_CA_PASSWORD)
- Add skip_enabled_check param to get_ca_info() for registration path
- Update docs: README examples, API header name fix (X-Fingerprint-SHA1)
This commit is contained in:
Username
2025-12-21 10:59:09 +01:00
parent 5849c7406f
commit 880bf631e3
5 changed files with 191 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/pki.py
View File

@@ -736,9 +736,12 @@ def is_certificate_valid(fingerprint: str) -> bool:
# ─────────────────────────────────────────────────────────────────────────────
def get_ca_info() -> dict | None:
def get_ca_info(skip_enabled_check: bool = False) -> dict | None:
"""Get CA information for status endpoint.
Args:
skip_enabled_check: If True, skip the PKI_ENABLED check (for registration)
Returns:
Dict with CA info or None if no CA exists
"""
@@ -746,7 +749,7 @@ def get_ca_info() -> dict | None:
from app.database import get_db
if not current_app.config.get("PKI_ENABLED"):
if not skip_enabled_check and not current_app.config.get("PKI_ENABLED"):
return None
db = get_db()