def process_checkin(self, bundle, skip_errors, **kwargs):
if not bundle.data.has_key("products"):
raise BadRequest("Missing 'products'")
if not bundle.data.has_key("consumer_identifier"):
raise BadRequest("Missing 'consumer_identifier'")
if not bundle.data.has_key("system_facts"):
raise BadRequest("Missing 'system_facts'")
minutes = None
if bundle.data.has_key("minutes"):
try:
minutes = int(bundle.data["minutes"])
if minutes < 1:
raise BadRequest("'minutes' with value of '%s' is less than 1" % (minutes))
except:
raise BadRequest("Unable to convert 'minutes' with value of '%s' to an integer" % (bundle.data["minutes"]))
# Read the SSL identity certificate from the SSL request environment variables
identity_cert = certs.get_client_cert_from_request(self.current_request)
#_LOG.info("Using 'identity_cert': %s" % (identity_cert))
products = bundle.data["products"]
consumer_identifier = bundle.data["consumer_identifier"]
system_facts = bundle.data["system_facts"]
checkin = CheckIn()
bundle.obj = Entitlement()
cert_info, ent_call_time = checkin.get_entitlement_certificate(identity_cert,
consumer_identifier, system_facts, products,
cert_length_in_min=minutes)
bundle.obj.certs = cert_info
# Setting time of last entitlement call, to be inserted in response header later in processing
self.last_entitlement_call_length = ent_call_time
return bundle
def get_identifier(self, request):
"""
Return the UUID and Account number embedded in the certificate
@param request:
@return: (CN, O) corresponds to CN being the UUID of the certificate and O being the account number
"""
x509_cert_from_request = get_client_cert_from_request(request)
return get_identifier_from_cert(x509_cert_from_request)
def is_authenticated(self, request, **kwargs):
"""
Verify that the SSL client certificate used to form this SSL Connection
has been signed by the configured CA.
@param request:
@type django.http.HttpRequest
@param kwargs:
@return:
"""
x509_cert_from_request = get_client_cert_from_request(request)
if x509_cert_from_request:
if self.cert_utils.validate_certificate(x509_cert_from_request, self.verification_ca):
return True
return False
def is_authenticated(self, request, **kwargs):
"""
Verify that the SSL client certificate used to form this SSL Connection
has been signed by the configured CA.
@param request:
@type django.http.HttpRequest
@param kwargs:
@return:
"""
x509_cert_from_request = get_client_cert_from_request(request)
if x509_cert_from_request:
if self.cert_utils.validate_certificate(x509_cert_from_request, self.verification_ca):
return True
return HttpResponse(
content="Unable to verify SSL client's identity certificate was signed by configured CA",
status=httplib.UNAUTHORIZED)
def is_authorized(self, request, object=None):
x509_cert_from_request = get_client_cert_from_request(request)
identity_uuid, identity_account = get_identifier_from_cert(x509_cert_from_request)
if not identity_uuid:
return False
return True
def test_get_identifier_from_cert(self):
req = self.request_factory.request(SSL_CLIENT_CERT=self.valid_identity_cert_pem)
client_cert = certs.get_client_cert_from_request(req)
CN, O = certs.get_identifier_from_cert(client_cert)
self.assertEqual(CN, self.expected_valid_identity_uuid)
self.assertEqual(O, self.expected_valid_account_num)
def test_get_client_cert_from_request(self):
req = self.request_factory.request(SSL_CLIENT_CERT=self.valid_identity_cert_pem)
client_cert = certs.get_client_cert_from_request(req)
self.assertEqual(client_cert, self.valid_identity_cert_pem)
