def test_cert_with_carriage_returns(self):
# make sure it can parse a cert where the "-----" etc. lines end with
# "\r\n" instead of just "\n". Failure to parse in this case was
# discovered when trying to parse an employee-sku cert that jbowes
# emailed to mhrivnak. the origin of the offending carriage returns is
# unknown.
crcert = certdata.ENTITLEMENT_CERT_V3_0.replace('-\n', '-\r\n')
create_from_pem(crcert)
def _check_extensions(self, cert_pem, dest, log_func):
"""
Checks the requested destination path against the entitlement cert.
:param cert_pem: certificate as PEM
:type cert_pem: str
:param dest: path of desired destination
:type dest: str
:param log_func: function used for logging
:type log_func: callable taking 1 argument of type basestring
:return: True iff request is authorized, else False
:rtype: bool
"""
cert = certificate.create_from_pem(cert_pem)
# Extract the repo portion of the URL
repo_dest = dest[dest.find(RELATIVE_URL) + len(RELATIVE_URL):]
try:
valid = cert.check_path(repo_dest)
except AttributeError:
# not an entitlement certificate, so no entitlements
valid = False
if not valid:
log_func('Request denied to destination [%s]' % dest)
return valid
def _is_valid(cert_pem):
'''
validates the cert's common name as being pulp's identity
:param cert_pem: PEM encoded client certificate sent with the request
:type cert_pem: string
'''
cert = certificate.create_from_pem(cert_pem)
cn = cert.subject()['CN']
return cn == IDENTITY_CN
def setUp(self):
self.prod_cert = create_from_pem(certdata.PRODUCT_CERT_V1_0)
self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V1_0)
def test_default_version(self):
id_cert = create_from_pem(certdata.IDENTITY_CERT)
self.assertTrue(isinstance(id_cert, IdentityCertificate))
self.assertEquals('1.0', str(id_cert.version))
def test_creation(self):
id_cert = create_from_pem(certdata.IDENTITY_CERT)
self.assertTrue(isinstance(id_cert, IdentityCertificate))
self.assertEquals("DirName:/CN=redhat.local.rm-rf.ca", id_cert.alt_name)
self.assertEquals("eaadd6ea-852d-4430-94a7-73d5887d48e8", id_cert.subject['CN'])
self.assertFalse(hasattr(id_cert, 'products'))
def test_factory_method_without_ent_data(self):
data = certdata.ENTITLEMENT_CERT_V3_0.split('-----BEGIN ENTITLEMENT DATA-----')[0]
cert = create_from_pem(data)
self.assertTrue(cert.content is None)
self.assertTrue(cert.order is None)
self.assertEqual(cert.products, [])
def setUp(self):
self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V3_0)