enable ssl certificate import for hyperglass-agent

2024-05-11 05:55:08 +00:00 · 2020-03-21 01:44:38 -07:00
parent cd454d5ca1
commit fe61a7e90f
11 changed files with 224 additions and 34 deletions
--- a/hyperglass/api/routes.py
+++ b/hyperglass/api/routes.py
@@ -1,6 +1,7 @@
 """API Routes."""

 # Standard Library
+import os
 import time

 # Third Party
@@ -10,14 +11,18 @@ from starlette.requests import Request
 from fastapi.openapi.docs import get_redoc_html, get_swagger_ui_html

 # Project
-from hyperglass.util import log
+from hyperglass.util import log, clean_name, import_public_key
+from hyperglass.encode import jwt_decode
 from hyperglass.exceptions import HyperglassError
 from hyperglass.configuration import REDIS_CONFIG, params, devices
 from hyperglass.api.models.query import Query
 from hyperglass.execution.execute import Execute
+from hyperglass.api.models.cert_import import EncodedRequest

 Cache = aredis.StrictRedis(db=params.cache.database, **REDIS_CONFIG)

+APP_PATH = os.environ["hyperglass_directory"]
+

 async def query(query_data: Query, request: Request):
    """Ingest request data pass it to the backend application to perform the query."""
@@ -60,6 +65,46 @@ async def query(query_data: Query, request: Request):
    return {"output": cache_response, "level": "success", "keywords": []}


+async def import_certificate(encoded_request: EncodedRequest):
+    """Import a certificate from hyperglass-agent."""
+
+    # Try to match the requested device name with configured devices
+    matched_device = None
+    requested_device_name = clean_name(encoded_request.device)
+    for device in devices.routers:
+        if device.name == requested_device_name:
+            matched_device = device
+            break
+
+    if matched_device is None:
+        raise HTTPException(
+            detail=f"Device {str(encoded_request.device)} not found", status_code=404
+        )
+
+    try:
+        # Decode JSON Web Token
+        decoded_request = await jwt_decode(
+            payload=encoded_request.encoded,
+            secret=matched_device.credential.password.get_secret_value(),
+        )
+    except HyperglassError as decode_error:
+        raise HTTPException(detail=str(decode_error), status_code=401)
+
+    try:
+        # Write certificate to file
+        import_public_key(
+            app_path=APP_PATH, device_name=device.name, keystring=decoded_request
+        )
+    except RuntimeError as import_error:
+        raise HyperglassError(str(import_error), level="danger")
+
+    return {
+        "output": f"Added public key for {encoded_request.device}",
+        "level": "success",
+        "keywords": [encoded_request.device],
+    }
+
+
 async def docs():
    """Serve custom docs."""
    if params.docs.enable: