def get_certificate(self, ssl_info):
"""
returns a ClientCertificate object for the passed
cert data or None if not found
"""
if settings_get('SSLAUTH_STRICT_MATCH'):
# compare complete certificate in strict match
if not ssl_info.cert:
logging.error('SSLAuth: strict match required but PEM encoded \
certificate not found in environment. Check your server \
settings')
return None
query = Q(cert=ssl_info.cert)
else:
# compare according to SSLAUTH_SUBJECT_MATCH_KEYS
if settings_get('SSLAUTH_SUBJECT_MATCH_KEYS'):
match_keys = settings_get('SSLAUTH_SUBJECT_MATCH_KEYS')
else:
match_keys = ( 'subject_email', 'subject_cn', 'subject_o' )
query_args = {}
for key in match_keys:
if not ssl_info.get(key):
logging.error('SSLAuth: key %s is missing from ssl_info' \
% key)
return None
query_args[key.replace('_', '__')] = ssl_info.get(key)
query = Q(**query_args)
try:
cert = ClientCertificate.objects.select_related().get(query)
return cert
except ClientCertificate.DoesNotExist:
return None
def link_user(self, ssl_info, user):
"""
This method creates a new django User and ClientCertificate record
for the passed certificate info. It does not create an issuer record,
just a subject for the ClientCertificate.
"""
if not user:
return none
# auto creation only created a DN for the subject, not the issuer
subject = DistinguishedName()
for attr,val in ssl_info.get_subject().iteritems():
if not val: val = ''
subject.__setattr__(attr.replace('subject_',''), val)
subject.save()
# get username and check if the user exists already
if settings_get('SSLAUTH_CREATE_USERNAME_CALLBACK'):
build_username = settings_get('SSLAUTH_CREATE_USERNAME_CALLBACK')
else:
build_username = self.build_username
# create the certificate record and save
cert = ClientCertificate()
cert.user = user
cert.subject = subject
if ssl_info.cert:
cert.cert = ssl_info.cert
if ssl_info.serial:
cert.serial = ssl_info.serial
cert.save()
return user
def get_certificate(self, ssl_info):
"""
returns a ClientCertificate object for the passed
cert data or None if not found
"""
if settings_get('SSLAUTH_STRICT_MATCH'):
# compare complete certificate in strict match
if not ssl_info.cert:
raise EnvironmentError, 'SSLAuth: strict match required but PEM encoded certificate not found in environment. Check your server settings'
query = Q(cert=ssl_info.cert)
else:
# compare according to SSLAUTH_SUBJECT_MATCH_KEYS
if settings_get('SSLAUTH_SUBJECT_MATCH_KEYS'):
match_keys = settings_get('SSLAUTH_SUBJECT_MATCH_KEYS')
else:
match_keys = ('subject_email', 'subject_cn', 'subject_o')
query_args = {}
for key in match_keys:
if not ssl_info.get(key):
return None
#raise AuthenticationError, 'key %s is missing from ssl_info' % key
query_args[key.replace('_', '__')] = ssl_info.get(key)
query = Q(**query_args)
try:
cert = ClientCertificate.objects.select_related().get(query)
return cert
except ClientCertificate.DoesNotExist:
return None
def link_user(self, ssl_info, user):
"""
This method creates a new django User and ClientCertificate record
for the passed certificate info. It does not create an issuer record,
just a subject for the ClientCertificate.
"""
if not user:
return none
# auto creation only created a DN for the subject, not the issuer
subject = DistinguishedName()
for attr, val in ssl_info.get_subject().iteritems():
if not val: val = ''
subject.__setattr__(attr.replace('subject_', ''), val)
subject.save()
# get username and check if the user exists already
if settings_get('SSLAUTH_CREATE_USERNAME_CALLBACK'):
build_username = settings_get('SSLAUTH_CREATE_USERNAME_CALLBACK')
else:
build_username = self.build_username
# create the certificate record and save
cert = ClientCertificate()
cert.user = user
cert.subject = subject
if ssl_info.cert:
cert.cert = ssl_info.cert
if ssl_info.serial:
cert.serial = ssl_info.serial
cert.save()
return user
def process_request(self, request):
USE_COOKIE = settings_get('SSLAUTH_USE_COOKIE')
if USE_COOKIE:
request.user = get_user(request)
if request.user.is_authenticated():
return
ssl_info = SSLInfo(request)
user = authenticate(ssl_info=ssl_info) or AnonymousUser()
if not user.is_authenticated() and ssl_info.verify \
and settings_get('SSLAUTH_CREATE_USER'):
from backends import SSLAuthBackend
if SSLAuthBackend().create_user(ssl_info):
user = authenticate(ssl_info=ssl_info) or AnonymousUser()
if user.is_authenticated() and USE_COOKIE:
login(request, user)
else:
request.user = user
def process_request(self, request):
USE_COOKIE = settings_get('SSLAUTH_USE_COOKIE')
if USE_COOKIE:
request.user = get_user(request)
if request.user.is_authenticated():
return
ssl_info = SSLInfo(request)
user = authenticate(ssl_info=ssl_info) or AnonymousUser()
if not user.is_authenticated() and ssl_info.verify \
and settings_get('SSLAUTH_CREATE_USER'):
from backends import SSLAuthBackend
if SSLAuthBackend().create_user(ssl_info):
user = authenticate(ssl_info=ssl_info) or AnonymousUser()
if user.is_authenticated() and USE_COOKIE:
login(request, user)
else:
request.user = user
