Skip to content

Commit

Permalink
chore: update charm libraries
Browse files Browse the repository at this point in the history
  • Loading branch information
telcobot committed Jun 1, 2024
1 parent 4cb8cca commit 0629433
Showing 1 changed file with 22 additions and 10 deletions.
32 changes: 22 additions & 10 deletions lib/charms/tls_certificates_interface/v3/tls_certificates.py
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@ def _on_all_certificates_invalidated(self, event: AllCertificatesInvalidatedEven

# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 14
LIBPATCH = 15

PYDEPS = ["cryptography", "jsonschema"]

Expand Down Expand Up @@ -1093,6 +1093,13 @@ def generate_csr( # noqa: C901
return signed_certificate.public_bytes(serialization.Encoding.PEM)


def get_sha256_hex(data: str) -> str:
"""Calculate the hash of the provided data and return the hexadecimal representation."""
digest = hashes.Hash(hashes.SHA256())
digest.update(data.encode())
return digest.finalize().hex()


def csr_matches_certificate(csr: str, cert: str) -> bool:
"""Check if a CSR matches a certificate.
Expand Down Expand Up @@ -1872,12 +1879,15 @@ def _on_relation_changed(self, event: RelationChangedEvent) -> None:
]
for certificate in provider_certificates:
if certificate.csr in requirer_csrs:
csr_in_sha256_hex = get_sha256_hex(certificate.csr)
if certificate.revoked:
with suppress(SecretNotFoundError):
logger.debug(
"Removing secret with label %s", f"{LIBID}-{certificate.csr}"
"Removing secret with label %s",
f"{LIBID}-{csr_in_sha256_hex}",
)
secret = self.model.get_secret(label=f"{LIBID}-{certificate.csr}")
secret = self.model.get_secret(
label=f"{LIBID}-{csr_in_sha256_hex}")
secret.remove_all_revisions()
self.on.certificate_invalidated.emit(
reason="revoked",
Expand All @@ -1889,20 +1899,22 @@ def _on_relation_changed(self, event: RelationChangedEvent) -> None:
else:
try:
logger.debug(
"Setting secret with label %s", f"{LIBID}-{certificate.csr}"
"Setting secret with label %s", f"{LIBID}-{csr_in_sha256_hex}"
)
secret = self.model.get_secret(label=f"{LIBID}-{csr_in_sha256_hex}")
secret.set_content(
{"certificate": certificate.certificate, "csr": certificate.csr}
)
secret = self.model.get_secret(label=f"{LIBID}-{certificate.csr}")
secret.set_content({"certificate": certificate.certificate})
secret.set_info(
expire=self._get_next_secret_expiry_time(certificate),
)
except SecretNotFoundError:
logger.debug(
"Creating new secret with label %s", f"{LIBID}-{certificate.csr}"
"Creating new secret with label %s", f"{LIBID}-{csr_in_sha256_hex}"
)
secret = self.charm.unit.add_secret(
{"certificate": certificate.certificate},
label=f"{LIBID}-{certificate.csr}",
{"certificate": certificate.certificate, "csr": certificate.csr},
label=f"{LIBID}-{csr_in_sha256_hex}",
expire=self._get_next_secret_expiry_time(certificate),
)
self.on.certificate_available.emit(
Expand Down Expand Up @@ -1965,7 +1977,7 @@ def _on_secret_expired(self, event: SecretExpiredEvent) -> None:
"""
if not event.secret.label or not event.secret.label.startswith(f"{LIBID}-"):
return
csr = event.secret.label[len(f"{LIBID}-") :]
csr = event.secret.get_content()["csr"]
provider_certificate = self._find_certificate_in_relation_data(csr)
if not provider_certificate:
# A secret expired but we did not find matching certificate. Cleaning up
Expand Down

0 comments on commit 0629433

Please sign in to comment.