def check_user_cert(self, cert_pem):
"""
Check a client ssl certificate.
Return None if the certificate is not valid
:type cert_pem: str
:param cert_pem: pem encoded ssl certificate
:rtype: str or None
:return: user login corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if not encoded_user:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_logger.error(
_('Auth certificate with CN [%(u)s] is signed by a foreign CA')
% {'u': encoded_user})
return None
try:
username, id = cert_gen_manager.decode_admin_user(encoded_user)
except PulpException:
return None
return self.check_username_password(username)
def check_consumer_cert(self, cert_pem):
"""
Check a consumer ssl certificate.
Return None if the certificate is not valid
:type cert_pem: str
:param cert_pem: pem encoded ssl certificate
:rtype: str or None
:return: id of a consumer corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
consumerid = subject.get('CN', None)
if consumerid is None:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_logger.error(
_('Auth certificate with CN [%(cn)s] is signed by a foreign CA'
) % {'cn': consumerid})
return None
return consumerid
def check_consumer_cert(self, cert_pem):
"""
Check a consumer ssl certificate.
Return None if the certificate is not valid
:type cert_pem: str
:param cert_pem: pem encoded ssl certificate
:rtype: str or None
:return: id of a consumer corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
consumerid = subject.get('CN', None)
if consumerid is None:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_logger.error(_('Auth certificate with CN [%(cn)s] is signed by a foreign CA') %
{'cn': consumerid})
return None
return consumerid
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(),
RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def check_user_cert(self, cert_pem):
"""
Check a client ssl certificate.
Return None if the certificate is not valid
:type cert_pem: str
:param cert_pem: pem encoded ssl certificate
:rtype: str or None
:return: user login corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if not encoded_user:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_logger.error(_('Auth certificate with CN [%(u)s] is signed by a foreign CA') %
{'u': encoded_user})
return None
try:
username, id = cert_gen_manager.decode_admin_user(encoded_user)
except PulpException:
return None
return self.check_username_password(username)
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(), RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def check_consumer_cert_no_user(cert_pem):
# TODO document me
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if encoded_user is None:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
return encoded_user
def test_generation(self):
# Setup
cid = "foobarbaz"
# Test
pk, x509_pem = self.cert_gen_manager.make_cert(cid, 7)
# Verify
self.assertTrue(pk is not None)
self.assertTrue(x509_pem is not None)
cert = manager_factory.certificate_manager(content=x509_pem)
subject = cert.subject()
consumer_cert_uid = subject.get('CN', None)
self.assertEqual(cid, consumer_cert_uid)
def test_generation(self):
# Setup
cid = "foobarbaz"
# Test
pk, x509_pem = self.cert_gen_manager.make_cert(cid, 7)
# Verify
self.assertTrue(pk is not None)
self.assertTrue(x509_pem is not None)
cert = manager_factory.certificate_manager(content=x509_pem)
subject = cert.subject()
consumer_cert_uid = subject.get('CN', None)
self.assertEqual(cid, consumer_cert_uid)
def test_generation(self):
# Setup
uid = 'pulp-user'
cn = "pulp-consumer"
# Test
pk, x509_pem = self.cert_gen_manager.make_cert(cn, 7, uid=uid)
# Verify
self.assertTrue(pk is not None)
self.assertTrue(x509_pem is not None)
cert = manager_factory.certificate_manager(content=x509_pem)
subject = cert.subject()
self.assertEqual(cn, subject.get('CN'))
self.assertEqual(uid, subject.get('UID'))
def test_generation(self):
# Setup
uid = 'pulp-user'
cn = "pulp-consumer"
# Test
pk, x509_pem = self.cert_gen_manager.make_cert(cn, 7, uid=uid)
# Verify
self.assertTrue(pk is not None)
self.assertTrue(x509_pem is not None)
cert = manager_factory.certificate_manager(content=x509_pem)
subject = cert.subject()
self.assertEqual(cn, subject.get('CN'))
self.assertEqual(uid, subject.get('UID'))
def _test_generate_user_certificate(self):
# Setup
admin_user = self.user_manager.create_user('test-admin')
manager_factory.principal_manager().set_principal(admin_user) # pretend the user is logged in
# Test
cert = self.user_manager.generate_user_certificate()
# Verify
self.assertTrue(cert is not None)
certificate = manager_factory.certificate_manager(content=cert)
cn = certificate.subject()['CN']
username, id = self.cert_generation_manager.decode_admin_user(cn)
self.assertEqual(username, admin_user['login'])
self.assertEqual(id, admin_user['id'])
def _test_generate_user_certificate(self):
# Setup
admin_user = self.user_manager.create_user('test-admin')
manager_factory.principal_manager().set_principal(
admin_user) # pretend the user is logged in
# Test
cert = self.user_manager.generate_user_certificate()
# Verify
self.assertTrue(cert is not None)
certificate = manager_factory.certificate_manager(content=cert)
cn = certificate.subject()['CN']
username, id = self.cert_generation_manager.decode_admin_user(cn)
self.assertEqual(username, admin_user['login'])
self.assertEqual(id, admin_user['id'])
def test_get(self):
# Setup
user_query_manager = manager_factory.user_query_manager()
cert_generation_manager = manager_factory.cert_generation_manager()
user = user_query_manager.find_by_login(login='******')
# Test
status, body = self.post('/v2/actions/login/')
# Verify
self.assertEqual(200, status)
certificate = manager_factory.certificate_manager(content=str(body['key']+body['certificate']))
cn = certificate.subject()['CN']
username, id = cert_generation_manager.decode_admin_user(cn)
self.assertEqual(username, user['login'])
self.assertEqual(id, user['id'])
def test_get(self):
# Setup
user_query_manager = manager_factory.user_query_manager()
cert_generation_manager = manager_factory.cert_generation_manager()
user = user_query_manager.find_by_login(login='******')
# Test
status, body = self.post('/v2/actions/login/')
# Verify
self.assertEqual(200, status)
certificate = manager_factory.certificate_manager(
content=str(body['key'] + body['certificate']))
cn = certificate.subject()['CN']
username, id = cert_generation_manager.decode_admin_user(cn)
self.assertEqual(username, user['login'])
self.assertEqual(id, user['id'])
def check_user_cert(cert_pem):
"""
Check a client ssl certificate.
Return None if the certificate is not valid
@type cert_pem: str
@param cert_pem: pem encoded ssl certificate
@rtype: L{pulp.server.db.model.User} instance or None
@return: user corresponding to the credentials
"""
cert = factory.certificate_manager(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if not encoded_user:
return None
cert_gen_manager = factory.cert_generation_manager()
if not cert_gen_manager.verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
try:
username, id = cert_gen_manager.decode_admin_user(encoded_user)
except PulpException:
return None
return check_username_password(username)
