def permit(self, request):
"""
Validate the client cert is trusted and asserts a path that is prefix of the requested path.
Args:
request: The request from the user.
Raises:
PermissionError: If the request path is not a subpath of a path named in the
certificate, or if the client certificate is not trusted from the CA certificated
stored as `ca_certificate`.
"""
get_rhsm()
unquoted_certificate = self._get_client_cert_header(request)
self._ensure_client_cert_is_trusted(unquoted_certificate)
rhsm_cert = self._create_rhsm_cert_from_pem(unquoted_certificate)
content_path_prefix_without_trail_slash = settings.CONTENT_PATH_PREFIX.rstrip(
'/')
len_prefix_to_remove = len(content_path_prefix_without_trail_slash)
path_without_content_path_prefix = request.path[len_prefix_to_remove:]
self._check_paths(rhsm_cert, path_without_content_path_prefix)
def __init__(self, *args, **kwargs):
"""Initialize a RHSMCertGuard and ensure this system has python-rhsm on it."""
get_rhsm() # Validate that rhsm is installed
super().__init__(*args, **kwargs)
def validate_ca_certificate(ca_certificate):
"""Validates the given certificate."""
get_rhsm() # Validate that rhsm is installed
return BaseCertGuardSerializer.validate_ca_certificate(ca_certificate)