def client_certificate_callback(self, connection, x509, errno, depth, result): if depth == 0 and (errno == 9 or errno == 10): return False # expired / not yet valid if not aj.config.data['ssl']['client_auth']['force']: return True user = ClientCertificateVerificator.get(aj.context).verify(x509) return bool(user)
def get_environ(self): """ Wrapper to handles client certificates and writes it to environ. """ env = WebSocketHandler.get_environ(self) env['SSL'] = isinstance(self.socket, gevent.ssl.SSLSocket) env['SSL_CLIENT_AUTH_FORCE'] = ( aj.config.data['ssl']['client_auth']['force'] and aj.config.data['ssl']['client_auth']['enable']) env['SSL_CLIENT_VALID'] = False env['SSL_CLIENT_USER'] = None if env['SSL']: peer_cert = self.socket.getpeercert(True) if peer_cert: certificate = crypto.load_certificate( crypto.FILETYPE_PEM, gevent.ssl.DER_cert_to_PEM_cert(peer_cert)) env['SSL_CLIENT_CERTIFICATE'] = certificate if certificate: user = ClientCertificateVerificator.get( aj.context).verify(certificate) env['SSL_CLIENT_VALID'] = bool(user) env['SSL_CLIENT_USER'] = user env['SSL_CLIENT_DIGEST'] = certificate.digest('sha256') return env
def get_environ(self): env = SocketIOHandler.get_environ(self) env['SSL'] = isinstance(self.socket, SSLSocket) env['SSL_CLIENT_VALID'] = False env['SSL_CLIENT_USER'] = None if env['SSL']: certificate = self.socket.get_peer_certificate() env['SSL_CLIENT_CERTIFICATE'] = certificate if certificate: user = ClientCertificateVerificator.get(aj.context).verify(certificate) env['SSL_CLIENT_VALID'] = bool(user) env['SSL_CLIENT_USER'] = user env['SSL_CLIENT_DIGEST'] = certificate.digest('sha1') return env
def get_environ(self): env = SocketIOHandler.get_environ(self) env['SSL'] = isinstance(self.socket, SSLSocket) env['SSL_CLIENT_VALID'] = False env['SSL_CLIENT_USER'] = None if env['SSL']: certificate = self.socket.get_peer_certificate() env['SSL_CLIENT_CERTIFICATE'] = certificate if certificate: user = ClientCertificateVerificator.get( aj.context).verify(certificate) env['SSL_CLIENT_VALID'] = bool(user) env['SSL_CLIENT_USER'] = user env['SSL_CLIENT_DIGEST'] = certificate.digest('sha1') return env
def get_environ(self): env = SocketIOHandler.get_environ(self) env['SSL'] = isinstance(self.socket, gevent.ssl.SSLSocket) env['SSL_CLIENT_VALID'] = False env['SSL_CLIENT_USER'] = None if env['SSL']: peer_cert = self.socket.getpeercert(True) if peer_cert: certificate = crypto.load_certificate(crypto.FILETYPE_PEM, gevent.ssl.DER_cert_to_PEM_cert(peer_cert)) env['SSL_CLIENT_CERTIFICATE'] = certificate if certificate: user = ClientCertificateVerificator.get(aj.context).verify(certificate) env['SSL_CLIENT_VALID'] = bool(user) env['SSL_CLIENT_USER'] = user env['SSL_CLIENT_DIGEST'] = certificate.digest('sha1') return env