Esempio n. 1
0
def request_certificate(token, 
                        resource_server_url, 
                        ssl_config,
                        certificate_request_parameter=None):
    """Requests a certificate using an OAuth authorized resource request.
    @param token: access token to use in request
    @type token: basestring
    @param resource_server_url: URL of resource server to which the request
    should be made
    @type resource_server_url: basestring
    @param ssl_config: SSL configuration including the OAuth client certificate
    and private key
    @type ssl_config: ndg.httpsclient.ssl_context_util:SSlContextConfig
    @param certificate_request_parameter: name of parameter for the certificate
    request in the resource server request
    @type certificate_request_parameter: basestring
    """
    oauth_client = Oauth2Client(access_token=token)
    
    parameters = {}
    key_pair = openssl_cert.create_keypair()
    cert_req = openssl_cert.create_certreq('ignored-username', key_pair)
    
    cert_req_param = (DEFAULT_CERTIFICATE_REQUEST_PARAMETER
                      if certificate_request_parameter is None
                      else certificate_request_parameter)
    
    parameters[cert_req_param] = base64.b64encode(cert_req)

    # Make POST request to obtain an access token.
    log.debug("Resource request - parameters: %s", parameters)
    data = urllib.urlencode(parameters)
    
    response = oauth_client.request_resource(resource_server_url, 
                                             ssl_config=ssl_config, 
                                             data=data)

    # TODO: Refactor so that does or doesn't support JSON response - currently
    # works so that it will accept either
    if 'application/json' in response.headers.get('Content-type', ''):
        response_json = json.load(response)
        certificate = response_json.get('certificate', None)
    else:       
        certificate = response.read() 

    # Get the private key.
    private_key = openssl_cert.getKeyPairPrivateKey(key_pair)
    return private_key, certificate
Esempio n. 2
0
def request_certificate(token,
                        resource_server_url,
                        ssl_config,
                        certificate_request_parameter=None):
    """Requests a certificate using an OAuth authorized resource request.
    @param token: access token to use in request
    @type token: basestring
    @param resource_server_url: URL of resource server to which the request
    should be made
    @type resource_server_url: basestring
    @param ssl_config: SSL configuration including the OAuth client certificate
    and private key
    @type ssl_config: ndg.httpsclient.ssl_context_util:SSlContextConfig
    @param certificate_request_parameter: name of parameter for the certificate
    request in the resource server request
    @type certificate_request_parameter: basestring
    """
    oauth_client = Oauth2Client(access_token=token)

    parameters = {}
    key_pair = openssl_cert.create_keypair()
    cert_req = openssl_cert.create_certreq('ignored-username', key_pair)

    cert_req_param = (DEFAULT_CERTIFICATE_REQUEST_PARAMETER
                      if certificate_request_parameter is None else
                      certificate_request_parameter)

    parameters[cert_req_param] = base64.b64encode(cert_req)

    # Make POST request to obtain an access token.
    log.debug("Resource request - parameters: %s", parameters)
    data = urllib.urlencode(parameters)

    response = oauth_client.request_resource(resource_server_url,
                                             ssl_config=ssl_config,
                                             data=data)

    # TODO: Refactor so that does or doesn't support JSON response - currently
    # works so that it will accept either
    if 'application/json' in response.headers.get('Content-type', ''):
        response_json = json.load(response)
        certificate = response_json.get('certificate', None)
    else:
        certificate = response.read()

    # Get the private key.
    private_key = openssl_cert.getKeyPairPrivateKey(key_pair)
    return private_key, certificate
    def additional_access_token_request_parameters(self, parameters, request):
        """
        Creates a certificate request and sets it as an additional parameter.
        Also, saves the private key in environ.

        @type parameters: dict of str
        @param parameters: parameters sent in access token request

        @type request: webob.Request
        @param request: request object
        """
        key_pair = openssl_cert.create_keypair()
        cert_req = openssl_cert.create_certreq('ignored-username', key_pair)
        parameters[self.certificate_request_parameter] = base64.b64encode(cert_req)

        # Store the private key.
        private_key = openssl_cert.getKeyPairPrivateKey(key_pair)
        self.private_key = private_key
Esempio n. 4
0
    def additional_access_token_request_parameters(self, parameters, request):
        """
        Creates a certificate request and sets it as an additional parameter.
        Also, saves the private key in environ.

        @type parameters: dict of str
        @param parameters: parameters sent in access token request

        @type request: webob.Request
        @param request: request object
        """
        key_pair = openssl_cert.create_keypair()
        cert_req = openssl_cert.create_certreq('ignored-username', key_pair)
        parameters[self.certificate_request_parameter] = base64.b64encode(
            cert_req)

        # Store the private key.
        private_key = openssl_cert.getKeyPairPrivateKey(key_pair)
        self.private_key = private_key