username/flaskpaste
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pki: add minimal certificate authority

Browse Source 
- CA generation with encrypted private key storage (AES-256-GCM)
- Client certificate issuance with configurable validity
- Certificate revocation with status tracking
- SHA1 fingerprint integration with existing mTLS auth
- API endpoints: /pki/status, /pki/ca, /pki/issue, /pki/revoke
- CLI commands: fpaste pki status/issue/revoke
- Comprehensive test coverage
This commit is contained in:
Username
2025-12-20 17:20:15 +01:00
parent 7deba711d4
commit 4e38517faf
9 changed files with 3815 additions and 481 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/config.py
View File

@@ -4,7 +4,7 @@ import os
from pathlib import Path
# Application version
VERSION = "1.1.0"
VERSION = "1.2.0"
class Config:
@@ -21,6 +21,8 @@ class Config:
# Paste expiry (default 5 days)
PASTE_EXPIRY_SECONDS = int(os.environ.get("FLASKPASTE_EXPIRY", 5 * 24 * 60 * 60))
# Maximum custom expiry (default 30 days, 0 = use default expiry as max)
MAX_EXPIRY_SECONDS = int(os.environ.get("FLASKPASTE_MAX_EXPIRY", 30 * 24 * 60 * 60))
# Content deduplication / abuse prevention
# Throttle repeated submissions of identical content
@@ -54,6 +56,16 @@ class Config:
# URL prefix for reverse proxy deployments (e.g., "/paste" for mymx.me/paste)
URL_PREFIX = os.environ.get("FLASKPASTE_URL_PREFIX", "").rstrip("/")
# PKI Configuration
# Enable PKI endpoints for certificate authority and issuance
PKI_ENABLED = os.environ.get("FLASKPASTE_PKI_ENABLED", "0").lower() in ("1", "true", "yes")
# CA password for signing operations (REQUIRED when PKI is enabled)
PKI_CA_PASSWORD = os.environ.get("FLASKPASTE_PKI_CA_PASSWORD", "")
# Default validity period for issued certificates (days)
PKI_CERT_DAYS = int(os.environ.get("FLASKPASTE_PKI_CERT_DAYS", "365"))
# CA certificate validity period (days)
PKI_CA_DAYS = int(os.environ.get("FLASKPASTE_PKI_CA_DAYS", "3650")) # 10 years
class DevelopmentConfig(Config):
"""Development configuration."""
@@ -80,6 +92,12 @@ class TestingConfig(Config):
# Disable PoW for most tests (easier testing)
POW_DIFFICULTY = 0
# PKI testing configuration
PKI_ENABLED = True
PKI_CA_PASSWORD = "test-ca-password"
PKI_CERT_DAYS = 30
PKI_CA_DAYS = 365
config = {
"development": DevelopmentConfig,