Compare commits

...

1 commit

3 changed files with 13 additions and 4 deletions

2
Cargo.lock generated
View file

@ -3083,7 +3083,7 @@ dependencies = [
[[package]]
name = "trifid-api"
version = "0.3.0-alpha1"
version = "0.3.0-alpha2"
dependencies = [
"actix-cors",
"actix-web",

View file

@ -1,6 +1,6 @@
[package]
name = "trifid-api"
version = "0.3.0-alpha1"
version = "0.3.0-alpha2"
authors = ["core <core@e3t.cc>"]
edition = "2021"
description = "An open-source reimplementation of the Defined Networking API server"

View file

@ -4,9 +4,9 @@
// Review carefully what you write here!
use crate::crypt::sign_cert_with_ca;
use crate::models::{Host, HostKey, HostOverride, Network, Role, RoleFirewallRule, SigningCA};
use crate::models::{Host, HostKey, HostOverride, Network, RoleFirewallRule, SigningCA};
use crate::schema::{
host_keys, host_overrides, hosts, networks, role_firewall_rules, roles, signing_cas,
host_keys, host_overrides, hosts, networks, role_firewall_rules, signing_cas,
};
use crate::AppState;
use actix_web::web::Data;
@ -109,6 +109,15 @@ pub async fn generate_config(
signature: vec![],
};
let ca_cert: NebulaCertificate = serde_json::from_value(signing_ca.cert.clone()).unwrap();
if cert.details.not_before < ca_cert.details.not_before {
cert.details.not_before = ca_cert.details.not_before; // prevent issuing invalid certs
}
if cert.details.not_after > ca_cert.details.not_after {
cert.details.not_after = ca_cert.details.not_after; // prevent issuing invalid certs
}
sign_cert_with_ca(signing_ca, &mut cert, &state.config).unwrap();
let all_blocked_hosts = hosts::dsl::hosts