def _cert_check(meta, oauth, builder, info): common_name = common_name_from_cert(meta.cert.encode('ascii')) cert_valid = check_certificate(oauth, meta.api_base_uri, common_name) if not cert_valid['is_valid']: logger.warning('client certificate not valid, reason: {}'.format( cert_valid['reason'])) if cert_valid['reason'] in ('certificate_missing', 'certificate_not_yet_valid', 'certificate_expired'): logger.info('Going to try to fetch new keypair') cert, key = create_keypair(oauth, meta.api_base_uri) update_keys_provider(meta.uuid, cert, key) elif cert_valid['reason'] == 'user_disabled': raise EduvpnException('Your account has been disabled.') else: raise EduvpnException( 'Your client certificate is invalid ({})'.format( cert_valid['reason'])) _fetch_updated_config(oauth, meta, builder, info)
def test_common_name_from_cert(self): result = common_name_from_cert( mock_config_dict['cert'].encode('ascii')) self.assertEqual(result, '9f43953f6371212130d2f8d65bad8694')
def check_certificate(oauth: OAuth2Session, api_base_uri: str, certificate: str): common_name = common_name_from_cert(certificate.encode('ascii')) uri = api_base_uri + '/check_certificate?common_name=' + common_name return oauth_request(oauth, uri).json()['check_certificate']['data']['is_valid']