def _cert_check(meta, oauth, builder, info):
common_name = common_name_from_cert(meta.cert.encode('ascii'))
cert_valid = check_certificate(oauth, meta.api_base_uri, common_name)
if not cert_valid['is_valid']:
logger.warning('client certificate not valid, reason: {}'.format(
cert_valid['reason']))
if cert_valid['reason'] in ('certificate_missing',
'certificate_not_yet_valid',
'certificate_expired'):
logger.info('Going to try to fetch new keypair')
cert, key = create_keypair(oauth, meta.api_base_uri)
update_keys_provider(meta.uuid, cert, key)
elif cert_valid['reason'] == 'user_disabled':
raise EduvpnException('Your account has been disabled.')
else:
raise EduvpnException(
'Your client certificate is invalid ({})'.format(
cert_valid['reason']))
_fetch_updated_config(oauth, meta, builder, info)
def test_common_name_from_cert(self):
result = common_name_from_cert(
mock_config_dict['cert'].encode('ascii'))
self.assertEqual(result, '9f43953f6371212130d2f8d65bad8694')
def check_certificate(oauth: OAuth2Session, api_base_uri: str,
certificate: str):
common_name = common_name_from_cert(certificate.encode('ascii'))
uri = api_base_uri + '/check_certificate?common_name=' + common_name
return oauth_request(oauth,
uri).json()['check_certificate']['data']['is_valid']