def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(), RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def check_user_cert(self, cert_pem):
"""
Check a client ssl certificate.
Return None if the certificate is not valid
:type cert_pem: str
:param cert_pem: pem encoded ssl certificate
:rtype: str or None
:return: user login corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if not encoded_user:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_logger.error(_('Auth certificate with CN [%(u)s] is signed by a foreign CA') %
{'u': encoded_user})
return None
try:
username, id = cert_gen_manager.decode_admin_user(encoded_user)
except PulpException:
return None
return self.check_username_password(username)
def check_user_cert(self, cert_pem):
"""
Check a client ssl certificate.
Return None if the certificate is not valid
:type cert_pem: str
:param cert_pem: pem encoded ssl certificate
:rtype: str or None
:return: user login corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if not encoded_user:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_logger.error(
_('Auth certificate with CN [%(u)s] is signed by a foreign CA')
% {'u': encoded_user})
return None
try:
username, id = cert_gen_manager.decode_admin_user(encoded_user)
except PulpException:
return None
return self.check_username_password(username)
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(),
RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def check_consumer_cert(self, cert_pem):
"""
Check a consumer ssl certificate.
Return None if the certificate is not valid
:type cert_pem: str
:param cert_pem: pem encoded ssl certificate
:rtype: str or None
:return: id of a consumer corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
consumerid = subject.get('CN', None)
if consumerid is None:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_logger.error(
_('Auth certificate with CN [%(cn)s] is signed by a foreign CA'
) % {'cn': consumerid})
return None
return consumerid
def check_consumer_cert(self, cert_pem):
"""
Check a consumer ssl certificate.
Return None if the certificate is not valid
:type cert_pem: str
:param cert_pem: pem encoded ssl certificate
:rtype: str or None
:return: id of a consumer corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
consumerid = subject.get('CN', None)
if consumerid is None:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_logger.error(_('Auth certificate with CN [%(cn)s] is signed by a foreign CA') %
{'cn': consumerid})
return None
return consumerid
def register(consumer_id,
display_name=None,
description=None,
notes=None,
capabilities=None,
rsa_pub=None):
"""
Registers a new Consumer
:param consumer_id: unique identifier for the consumer
:type consumer_id: str
:param rsa_pub: The consumer public key used for message authentication.
:type rsa_pub: str
:param display_name: user-friendly name for the consumer
:type display_name: str
:param description: user-friendly text describing the consumer
:type description: str
:param notes: key-value pairs to pragmatically tag the consumer
:type notes: dict
:param capabilities: operations supported on the consumer
:type capabilities: dict
:raises DuplicateResource: if there is already a consumer or a used with the requested ID
:raises InvalidValue: if any of the fields is unacceptable
:return: A tuple of: (consumer, certificate)
:rtype: tuple
"""
if not is_consumer_id_valid(consumer_id):
raise InvalidValue(['id'])
collection = Consumer.get_collection()
consumer = collection.find_one({'id': consumer_id})
if consumer is not None:
raise DuplicateResource(consumer_id)
if notes is not None and not isinstance(notes, dict):
raise InvalidValue(['notes'])
if capabilities is not None and not isinstance(capabilities, dict):
raise InvalidValue(['capabilities'])
# Use the ID for the display name if one was not specified
display_name = display_name or consumer_id
# Creation
consumer = Consumer(consumer_id, display_name, description, notes, capabilities, rsa_pub)
_id = collection.save(consumer, safe=True)
# Generate certificate
cert_gen_manager = factory.cert_generation_manager()
expiration_date = config.config.getint('security', 'consumer_cert_expiration')
key, certificate = cert_gen_manager.make_cert(consumer_id, expiration_date, uid=str(_id))
factory.consumer_history_manager().record_event(consumer_id, 'consumer_registered')
return consumer, Bundle.join(key, certificate)
def setUp(self):
super(UserManagerTests, self).setUp()
# Hardcoded to /var/lib/pulp, so change here to avoid permissions issues
self.default_sn_path = SerialNumber.PATH
SerialNumber.PATH = '/tmp/sn.dat'
sn = SerialNumber()
sn.reset()
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.cert_generation_manager = manager_factory.cert_generation_manager()
def check_consumer_cert_no_user(cert_pem):
# TODO document me
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if encoded_user is None:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
return encoded_user
def setUp(self):
super(UserManagerTests, self).setUp()
# Hardcoded to /var/lib/pulp, so change here to avoid permissions issues
self.default_sn_path = SerialNumber.PATH
SerialNumber.PATH = '/tmp/sn.dat'
sn = SerialNumber()
sn.reset()
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.role_manager = manager_factory.role_manager()
self.cert_generation_manager = manager_factory.cert_generation_manager()
def post(self, request):
"""
Return client SSL certificate and a private key.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing cert and key
:rtype: django.http.HttpResponse
"""
user = factory.principal_manager().get_principal()
key, certificate = factory.cert_generation_manager().make_admin_user_cert(user)
key_cert = {'key': key, 'certificate': certificate}
return generate_json_response(key_cert)
def post(self, request):
"""
Return client SSL certificate and a private key.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing cert and key
:rtype: django.http.HttpResponse
"""
user = factory.principal_manager().get_principal()
key, certificate = factory.cert_generation_manager(
).make_admin_user_cert(user)
key_cert = {'key': key, 'certificate': certificate}
return generate_json_response(key_cert)
def register(self, id, display_name=None, description=None, notes=None, capabilities=None):
"""
Registers a new Consumer
@param id: unique identifier for the consumer
@type id: str
@param display_name: user-friendly name for the consumer
@type display_name: str
@param description: user-friendly text describing the consumer
@type description: str
@param notes: key-value pairs to programmatically tag the consumer
@type notes: dict
@param capabilities: operations permitted on the consumer
@type capabilities: dict
@raises DuplicateResource: if there is already a consumer or a used with the requested ID
@raises InvalidValue: if any of the fields is unacceptable
"""
if not is_consumer_id_valid(id):
raise InvalidValue(['id'])
existing_consumer = Consumer.get_collection().find_one({'id' : id})
if existing_consumer is not None:
raise DuplicateResource(id)
if notes is not None and not isinstance(notes, dict):
raise InvalidValue(['notes'])
if capabilities is not None and not isinstance(capabilities, dict):
raise InvalidValue(['capabilities'])
# Use the ID for the display name if one was not specified
display_name = display_name or id
# Generate certificate
cert_gen_manager = factory.cert_generation_manager()
expiration_date = config.config.getint('security', 'consumer_cert_expiration')
key, crt = cert_gen_manager.make_cert(id, expiration_date)
# Creation
create_me = Consumer(id, display_name, description, notes, capabilities, certificate=crt.strip())
Consumer.get_collection().save(create_me, safe=True)
factory.consumer_history_manager().record_event(id, 'consumer_registered')
create_me.certificate = Bundle.join(key, crt)
return create_me
def register(self, id, display_name=None, description=None, notes=None, capabilities=None):
"""
Registers a new Consumer
@param id: unique identifier for the consumer
@type id: str
@param display_name: user-friendly name for the consumer
@type display_name: str
@param description: user-friendly text describing the consumer
@type description: str
@param notes: key-value pairs to programmatically tag the consumer
@type notes: dict
@param capabilities: operations permitted on the consumer
@type capabilities: dict
@raises DuplicateResource: if there is already a consumer or a used with the requested ID
@raises InvalidValue: if any of the fields is unacceptable
"""
if not is_consumer_id_valid(id):
raise InvalidValue(['id'])
existing_consumer = Consumer.get_collection().find_one({'id' : id})
if existing_consumer is not None:
raise DuplicateResource(id)
if notes is not None and not isinstance(notes, dict):
raise InvalidValue(['notes'])
if capabilities is not None and not isinstance(capabilities, dict):
raise InvalidValue(['capabilities'])
# Use the ID for the display name if one was not specified
display_name = display_name or id
# Generate certificate
cert_gen_manager = factory.cert_generation_manager()
expiration_date = config.config.getint('security', 'consumer_cert_expiration')
key, crt = cert_gen_manager.make_cert(id, expiration_date)
# Creation
create_me = Consumer(id, display_name, description, notes, capabilities, certificate=crt.strip())
Consumer.get_collection().save(create_me, safe=True)
factory.consumer_history_manager().record_event(id, 'consumer_registered')
create_me.certificate = Bundle.join(key, crt)
return create_me
def test_get(self):
# Setup
user_query_manager = manager_factory.user_query_manager()
cert_generation_manager = manager_factory.cert_generation_manager()
user = user_query_manager.find_by_login(login='******')
# Test
status, body = self.post('/v2/actions/login/')
# Verify
self.assertEqual(200, status)
certificate = manager_factory.certificate_manager(content=str(body['key']+body['certificate']))
cn = certificate.subject()['CN']
username, id = cert_generation_manager.decode_admin_user(cn)
self.assertEqual(username, user['login'])
self.assertEqual(id, user['id'])
def test_get(self):
# Setup
user_query_manager = manager_factory.user_query_manager()
cert_generation_manager = manager_factory.cert_generation_manager()
user = user_query_manager.find_by_login(login='******')
# Test
status, body = self.post('/v2/actions/login/')
# Verify
self.assertEqual(200, status)
certificate = manager_factory.certificate_manager(
content=str(body['key'] + body['certificate']))
cn = certificate.subject()['CN']
username, id = cert_generation_manager.decode_admin_user(cn)
self.assertEqual(username, user['login'])
self.assertEqual(id, user['id'])
def check_user_cert(cert_pem):
"""
Check a client ssl certificate.
Return None if the certificate is not valid
@type cert_pem: str
@param cert_pem: pem encoded ssl certificate
@rtype: L{pulp.server.db.model.User} instance or None
@return: user corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if not encoded_user:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
try:
username, id = cert_gen_manager.decode_admin_user(encoded_user)
except PulpException:
return None
return check_username_password(username)
def POST(self):
user = factory.principal_manager().get_principal()
key, certificate = factory.cert_generation_manager().make_admin_user_cert(user)
key_cert = {"key": key, "certificate": certificate}
return self.ok(key_cert)
def POST(self):
user = factory.principal_manager().get_principal()
key, certificate = factory.cert_generation_manager(
).make_admin_user_cert(user)
key_cert = {"key": key, "certificate": certificate}
return self.ok(key_cert)
def setUp(self):
super(TestCertGeneration, self).setUp()
self.cert_gen_manager = manager_factory.cert_generation_manager()
def setUp(self):
super(TestCertGeneration, self).setUp()
self.cert_gen_manager = manager_factory.cert_generation_manager()
def POST(self):
user = factory.principal_manager().get_principal()
key, certificate = factory.cert_generation_manager().make_admin_user_cert(user)
certificate = key + certificate
return self.ok(certificate)
