def test_cert_with_carriage_returns(self):
# make sure it can parse a cert where the "-----" etc. lines end with
# "\r\n" instead of just "\n". Failure to parse in this case was
# discovered when trying to parse an employee-sku cert that jbowes
# emailed to mhrivnak. the origin of the offending carriage returns is
# unknown.
crcert = certdata.ENTITLEMENT_CERT_V3_0.replace('-\n', '-\r\n')
create_from_pem(crcert)
def _check_extensions(self, cert_pem, dest, log_func):
"""
Checks the requested destination path against the entitlement cert.
:param cert_pem: certificate as PEM
:type cert_pem: str
:param dest: path of desired destination
:type dest: str
:param log_func: function used for logging
:type log_func: callable taking 1 argument of type basestring
:return: True iff request is authorized, else False
:rtype: bool
"""
cert = certificate.create_from_pem(cert_pem)
# Extract the repo portion of the URL
repo_dest = dest[dest.find(RELATIVE_URL) + len(RELATIVE_URL):]
try:
valid = cert.check_path(repo_dest)
except AttributeError:
# not an entitlement certificate, so no entitlements
log_func('The provided client certificate is not an entitlement certificate.\n')
valid = False
if not valid:
log_func('Request denied to destination [%s]' % dest)
return valid
def build(self, bundle):
keypem = bundle['key']
crtpem = bundle['cert']
key = Key(keypem)
cert = create_from_pem(crtpem)
return (key, cert)
def _check_extensions(self, cert_pem, dest, log_func, repo_url_prefixes):
"""
Checks the requested destination path against the entitlement cert.
:param cert_pem: certificate as PEM
:type cert_pem: str
:param dest: path of desired destination
:type dest: str
:param log_func: function used for logging
:type log_func: callable taking 1 argument of type basestring
:param repo_url_prefixes: list of url prefixes to strip off before checking against cert
:type repo_url_prefixes: list of str
:return: True iff request is authorized, else False
:rtype: bool
"""
cert = certificate.create_from_pem(cert_pem)
valid = False
for prefix in repo_url_prefixes:
# Extract the repo portion of the URL
repo_dest = dest[dest.find(prefix) + len(prefix):]
try:
valid = cert.check_path(repo_dest)
except AttributeError:
# not an entitlement certificate, so no entitlements
log_func('The provided client certificate is not an entitlement certificate.\n')
# if we have a valid url check, no need to continue
if valid:
break
if not valid:
log_func('Request denied to destination [%s]' % dest)
return valid
def _print_products(self, zip_archive):
entitlements = zip_archive._get_entitlements()
if len(entitlements) == 0:
self._print_section(_("Subscriptions:"), [["None"]], 1, True)
return
for ent_file in entitlements:
part = zip_archive._read_file(ent_file)
data = json.loads(part)
to_print = []
to_print.append((_("Name"), get_value(data, "pool.productName")))
to_print.append((_("Quantity"), get_value(data, "quantity")))
to_print.append((_("Created"), get_value(data, "created")))
to_print.append((_("Start Date"), get_value(data, "startDate")))
to_print.append((_("End Date"), get_value(data, "endDate")))
to_print.append((_("Service Level"), self._get_product_attribute("support_level", data)))
to_print.append((_("Service Type"), self._get_product_attribute("support_type", data)))
to_print.append((_("Architectures"), self._get_product_attribute("arch", data)))
to_print.append((_("SKU"), get_value(data, "pool.productId")))
to_print.append((_("Contract"), get_value(data, "pool.contractNumber")))
to_print.append((_("Order"), get_value(data, "pool.orderNumber")))
to_print.append((_("Account"), get_value(data, "pool.accountNumber")))
virt_limit = self._get_product_attribute("virt_limit", data)
to_print.append((_("Virt Limit"), virt_limit))
require_virt_who = False
if virt_limit:
require_virt_who = True
to_print.append((_("Requires Virt-who"), require_virt_who))
entitlement_file = os.path.join("export", "entitlements", "%s.json" % data["id"])
to_print.append((_("Entitlement File"), entitlement_file))
#Get the certificate to get the version
serial = data["certificates"][0]["serial"]["id"]
cert_file = os.path.join("export", "entitlement_certificates", "%s.pem" % serial)
to_print.append((_("Certificate File"), cert_file))
try:
cert = certificate.create_from_pem(zip_archive._read_file(cert_file))
except certificate.CertificateException, ce:
raise certificate.CertificateException(
_("Unable to read certificate file '%s': %s") % (cert_file,
ce))
to_print.append((_("Certificate Version"), cert.version))
self._print_section(_("Subscription:"), to_print, 1, False)
# Get the provided Products
to_print = [(int(pp["productId"]), pp["productName"]) for pp in data["pool"]["providedProducts"]]
self._print_section(_("Provided Products:"), sorted(to_print), 2, False)
# Get the Content Sets
if not self.options.no_content:
to_print = [[item.url] for item in cert.content]
self._print_section(_("Content Sets:"), sorted(to_print), 2, True)
else: # bz#1369577: print a blank line to separate subscriptions when --no-content in use
print ""
def build_cert(self, bundle):
"""Split a cert bundle into a EntitlementCertificate and a Key."""
keypem = bundle['key']
crtpem = bundle['cert']
key = Key(keypem)
cert = create_from_pem(crtpem)
return (key, cert)
def _create_rhsm_cert_from_pem(unquoted_certificate):
try:
rhsm_cert = certificate.create_from_pem(unquoted_certificate)
except certificate.CertificateException:
msg = _(
"An error occurred while loading the client certificate data into python-rhsm."
)
raise PermissionError(msg)
return rhsm_cert
def build_cert(self, bundle):
"""Split a cert bundle into a EntitlementCertificate and a Key."""
keypem = bundle['key']
crtpem = bundle['cert']
key = Key(keypem)
cert = create_from_pem(crtpem)
return (key, cert)
def _get_cert(self, fn):
if fn.endswith('.gz'):
f = GzipFile(fn)
else:
f = open(fn)
try:
pem = f.read()
return create_from_pem(pem)
finally:
f.close()
def _get_cert(self, fn):
if fn.endswith('.gz'):
f = GzipFile(fn)
else:
f = open(fn)
try:
pem = f.read()
return create_from_pem(pem)
finally:
f.close()
def _is_valid(cert_pem):
'''
validates the cert's common name as being pulp's identity
:param cert_pem: PEM encoded client certificate sent with the request
:type cert_pem: string
'''
cert = certificate.create_from_pem(cert_pem)
cn = cert.subject()['CN']
return cn == IDENTITY_CN
def _get_cert(self, filename):
if filename.endswith('.gz'):
f = GzipFile(filename)
else:
f = open(filename)
try:
pem = f.read()
if type(pem) == bytes:
pem = pem.decode('utf-8')
cert = create_from_pem(pem)
cert.pem = pem
return cert
finally:
f.close()
def _get_cert(self, filename):
if filename.endswith('.gz'):
f = GzipFile(filename)
else:
f = open(filename)
try:
pem = f.read()
if type(pem) == bytes:
pem = pem.decode('utf-8')
cert = create_from_pem(pem)
cert.pem = pem
return cert
finally:
f.close()
def _print_products(self, zip_archive):
entitlements = zip_archive._get_entitlements()
if len(entitlements) == 0:
self._print_section(_("Subscriptions:"), [["None"]], 1, True)
return
for ent_file in entitlements:
part = zip_archive._read_file(ent_file)
data = json.loads(part)
to_print = []
to_print.append((_("Name"), get_value(data, "pool.productName")))
to_print.append((_("Quantity"), get_value(data, "quantity")))
to_print.append((_("Created"), get_value(data, "created")))
to_print.append((_("Start Date"), get_value(data, "startDate")))
to_print.append((_("End Date"), get_value(data, "endDate")))
to_print.append((_("Service Level"), self._get_product_attribute("support_level", data)))
to_print.append((_("Service Type"), self._get_product_attribute("support_type", data)))
to_print.append((_("Architectures"), self._get_product_attribute("arch", data)))
to_print.append((_("SKU"), get_value(data, "pool.productId")))
to_print.append((_("Contract"), get_value(data, "pool.contractNumber")))
to_print.append((_("Order"), get_value(data, "pool.orderNumber")))
to_print.append((_("Account"), get_value(data, "pool.accountNumber")))
entitlement_file = os.path.join("export", "entitlements", "%s.json" % data["id"])
to_print.append((_("Entitlement File"), entitlement_file))
#Get the certificate to get the version
serial = data["certificates"][0]["serial"]["id"]
cert_file = os.path.join("export", "entitlement_certificates", "%s.pem" % serial)
to_print.append((_("Certificate File"), cert_file))
try:
cert = certificate.create_from_pem(zip_archive._read_file(cert_file))
except certificate.CertificateException, ce:
raise certificate.CertificateException(
_("Unable to read certificate file '%s': %s") % (cert_file,
ce))
to_print.append((_("Certificate Version"), cert.version))
self._print_section(_("Subscription:"), to_print, 1, False)
# Get the provided Products
to_print = [(int(pp["productId"]), pp["productName"]) for pp in data["pool"]["providedProducts"]]
self._print_section(_("Provided Products:"), sorted(to_print), 2, False)
# Get the Content Sets
to_print = [[item.url] for item in cert.content]
self._print_section(_("Content Sets:"), sorted(to_print), 2, True)
def _get_certificate():
"""
Get the parsed certificate from the environment
:rtype: rhsm.certificate2.EntitlementCertificate, or None
"""
env = request.environ
pem_str = env.get('SSL_CLIENT_CERT', '')
if not pem_str:
return None
cert = certificate.create_from_pem(pem_str)
# The certificate may not be an entitlement certificate in which case we also return None
if not isinstance(cert, certificate2.EntitlementCertificate):
return None
return cert
def _get_certificate():
"""
Get the parsed certificate from the environment
:rtype: rhsm.certificate2.EntitlementCertificate, or None
"""
env = request.environ
pem_str = env.get('SSL_CLIENT_CERT', '')
if not pem_str:
return None
cert = certificate.create_from_pem(pem_str)
# The certificate may not be an entitlement certificate in which case we also return None
if not isinstance(cert, certificate2.EntitlementCertificate):
return None
return cert
def verify_valid_entitlement(self):
"""
Verify that a valid entitlement was processed.
@return: True if valid, False otherwise.
"""
try:
cert = create_from_pem(self.get_cert_content())
# Don't want to check class explicitly, instead we'll look for
# order info, which only an entitlement cert could have:
if not hasattr(cert, 'order'):
return False
except CertificateException:
return False
ent_key = Key(self.get_key_content())
if ent_key.bogus():
return False
return True
def verify_valid_entitlement(self):
"""
Verify that a valid entitlement was processed.
@return: True if valid, False otherwise.
"""
try:
cert = create_from_pem(self.get_cert_content())
# Don't want to check class explicitly, instead we'll look for
# order info, which only an entitlement cert could have:
if not hasattr(cert, 'order'):
return False
except CertificateException:
return False
ent_key = Key(self.get_key_content())
if ent_key.bogus():
return False
return True
def get_certs_for_enabled_repos(self, enabled_repos):
"""
Find enabled repos that are providing product certificates
"""
lst = []
cache = self.read_productid_cache()
if cache is None:
cache = {}
# skip repo's that we don't have productid info for...
for repo in enabled_repos:
try:
with dnf.util.tmpdir() as tmpdir:
filename = self._download_productid(repo, tmpdir)
if filename:
cert = self._get_cert(filename)
if cert is None:
log.debug('Repository %s does not provide cert' %
repo.id)
continue
lst.append((cert, repo.id))
cache[repo.id] = cert.pem
elif repo.id in cache and cache[repo.id] is not None:
cert = create_from_pem(cache[repo.id])
lst.append((cert, repo.id))
else:
# We have to look in all repos for productids, not just
# the ones we create, or anaconda doesn't install it.
self.meta_data_errors.append(repo.id)
except Exception as e:
log.warning("Error loading productid metadata for %s." % repo)
log.exception(e)
self.meta_data_errors.append(repo.id)
if self.meta_data_errors:
log.debug("Unable to load productid metadata for repos: %s",
self.meta_data_errors)
if len(cache) > 0:
self.write_productid_cache(cache)
return lst
def get_certs_for_enabled_repos(self, enabled_repos):
"""
Find enabled repos that are providing product certificates
"""
lst = []
cache = self.read_productid_cache()
if cache is None:
cache = {}
# skip repo's that we don't have productid info for...
for repo in enabled_repos:
try:
with dnf.util.tmpdir() as tmpdir:
filename = self._download_productid(repo, tmpdir)
if filename:
cert = self._get_cert(filename)
if cert is None:
log.debug('Repository %s does not provide cert' % repo.id)
continue
lst.append((cert, repo.id))
cache[repo.id] = cert.pem
elif repo.id in cache and cache[repo.id] is not None:
cert = create_from_pem(cache[repo.id])
lst.append((cert, repo.id))
else:
# We have to look in all repos for productids, not just
# the ones we create, or anaconda doesn't install it.
self.meta_data_errors.append(repo.id)
except Exception as e:
log.warning("Error loading productid metadata for %s." % repo)
log.exception(e)
self.meta_data_errors.append(repo.id)
if self.meta_data_errors:
log.debug("Unable to load productid metadata for repos: %s",
self.meta_data_errors)
if len(cache) > 0:
self.write_productid_cache(cache)
return lst
def _check_extensions(self, cert_pem, dest, log_func, repo_url_prefixes):
"""
Checks the requested destination path against the entitlement cert.
:param cert_pem: certificate as PEM
:type cert_pem: str
:param dest: path of desired destination
:type dest: str
:param log_func: function used for logging
:type log_func: callable taking 1 argument of type basestring
:param repo_url_prefixes: list of url prefixes to strip off before checking against cert
:type repo_url_prefixes: list of str
:return: True iff request is authorized, else False
:rtype: bool
"""
cert = certificate.create_from_pem(cert_pem)
valid = False
for prefix in repo_url_prefixes:
if dest.startswith(prefix):
# rhsm throws a ValueError if there's no leading /. Amusingly, it immediately
# strips it off.
repo_dest = os.path.join('/', os.path.relpath(dest, prefix))
try:
valid = cert.check_path(repo_dest)
except AttributeError:
# not an entitlement certificate, so no entitlements
log_func(
'The provided client certificate is not an entitlement certificate.\n'
)
# if we have a valid url check, no need to continue
if valid:
break
if not valid:
log_func('Request denied to destination [%s]' % dest)
return valid
def _check_extensions(self, cert_pem, dest, log_func, repo_url_prefixes):
"""
Checks the requested destination path against the entitlement cert.
:param cert_pem: certificate as PEM
:type cert_pem: str
:param dest: path of desired destination
:type dest: str
:param log_func: function used for logging
:type log_func: callable taking 1 argument of type basestring
:param repo_url_prefixes: list of url prefixes to strip off before checking against cert
:type repo_url_prefixes: list of str
:return: True iff request is authorized, else False
:rtype: bool
"""
cert = certificate.create_from_pem(cert_pem)
valid = False
for prefix in repo_url_prefixes:
if dest.startswith(prefix):
# rhsm throws a ValueError if there's no leading /. Amusingly, it immediately
# strips it off.
repo_dest = os.path.join('/', os.path.relpath(dest, prefix))
try:
valid = cert.check_path(repo_dest)
except AttributeError:
# not an entitlement certificate, so no entitlements
log_func('The provided client certificate is not an entitlement certificate.\n')
# if we have a valid url check, no need to continue
if valid:
break
if not valid:
log_func('Request denied to destination [%s]' % dest)
return valid
def parse_cert():
client_cert = '''
-----BEGIN CERTIFICATE-----
MIIEyjCCArKgAwIBAgIIISy0Q9KHEoMwDQYJKoZIhvcNAQEFBQAwMzELMAkGA1UE
BhMCVVMxEjAQBgNVBAoMCVZpcnR1b3p6bzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0x
NjAxMjUwMDAwMDBaFw0xNzA5MDUwMDAwMDBaMCsxKTAnBgNVBAMTIGZmODA4MTgx
NTJlZjkxZGQwMTUyZWY5NWRlYWEwMDU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEArhqai9AEoyIhX2wevUoEtFE2YPk/XIA+TDhUnd32N6u9hNe8LM3x
JqquLpFB1VQLbbPajogIUrmm4b62e+GpGYUEJP6kyeFf4QbXuUWbkwbgft2drvFA
wEzbv/Yi2i4SuDFjAIXez49ToK9PTfl6u3BhXqetPc5i+FGYtsc86txm53F+meO2
WXhEMAVCfXnw4/7QpCsXRfN5S4n+cu46teUFlaPAzGeflnFBrpdQwQw+IsFjsWds
kKTg07OVJ0PJ4sdH61fPtROAoQtdt668yTifk56vjEztrAjA/G+NkYEZngBj8zb+
InmN+3b7Fkw3EM3QuQQsanGA7Z7gtGdh6wIDAQABo4HpMIHmMBEGCWCGSAGG+EIB
AQQEAwIFoDALBgNVHQ8EBAMCBLAwXAYDVR0jBFUwU4AUJxLzb7nZOcojBlKHPKE4
d/zgUdChN6Q1MDMxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlWaXJ0dW96em8xEDAO
BgNVBAMMB1Jvb3QgQ0GCAhABMB0GA1UdDgQWBBTJHgdTJ5WPg9c85XH3aQikHXPJ
4TATBgNVHSUEDDAKBggrBgEFBQcDAjASBgkrBgEEAZIICQYEBQwDMy4yMB4GCSsG
AQQBkggJBwQRBA942itJLS5hAAAGHgHBAmAwDQYJKoZIhvcNAQEFBQADggIBAHCz
PJgSvoaCkmuQGRFo2M5cF9IxfQ8wf9R0o9E2cbfH7hwDXUZoztlm6OhrdFJONfzO
i+i3VE2s2QkDyxV6RHFpJ4e3XoC9V5eiGI9X5xdY5d5jD+B5SjEd4WVpaRm+H6qK
eatUY1ldo9FVyMuMSWdj2J3Wzmrz16O4zpU/2gdwkYr//BsuCz6dTwsKoPK2+0FZ
EMixVZXT3osowu5huiJ42Of8arNFz85lTVXkY8X/3X/nABFU2+LfvGsXTrroy0yY
aWC7Katj5r/lnZCfy84nPT1wafyczJlZCZ37+rjlKga5Y06blLt4I36YDt42fi5w
A8CoiH/PI46bNJos2mvTd6+uzZnBh7ZR+kLI2+8eadDetsOfrqpfyUNcyCv2UFos
rJOt8K/oQuX4qidLaJscWaxcfP8rtmNEHj7tcRD4U/YhAk+oY43tyKDYh7V8ve9b
mfguLMq692DJGTgZ/v3Aq/UV1K26t+OMvpo1am+fyXLWSMeiBrTP9Sg+lT981057
NBnyV8bO1Js9FWs+yBLFh8dMVaGl4QdxMNBS+140gWkHJ349id9LMEjgwo+cVjYU
dDlq4c7RmzboDI3xccqDPJzBklp8bX1yQRx+dIcUV11ZCV6H1Nbcin6cZ+9Z+MFu
JdgBZ1ABr6Hq0KzACwFjsq6ybJOAstuqyL1SACri
-----END CERTIFICATE-----
'''.strip()
path2check = '/test'
cert = certificate.create_from_pem(client_cert)
cert.check_path('/') # AttributeError: 'NoneType' object has no attribute 'value'
pass
def _check_extensions(self, cert_pem, dest, log_func, repo_url_prefixes):
"""
Checks the requested destination path against the entitlement cert.
:param cert_pem: certificate as PEM
:type cert_pem: str
:param dest: path of desired destination
:type dest: str
:param log_func: function used for logging
:type log_func: callable taking 1 argument of type basestring
:param repo_url_prefixes: list of url prefixes to strip off before checking against cert
:type repo_url_prefixes: list of str
:return: True iff request is authorized, else False
:rtype: bool
"""
cert = certificate.create_from_pem(cert_pem)
valid = False
for prefix in repo_url_prefixes:
# Extract the repo portion of the URL
repo_dest = dest[dest.find(prefix) + len(prefix):]
try:
valid = cert.check_path(repo_dest)
except AttributeError:
# not an entitlement certificate, so no entitlements
log_func(
'The provided client certificate is not an entitlement certificate.\n'
)
# if we have a valid url check, no need to continue
if valid:
break
if not valid:
log_func('Request denied to destination [%s]' % dest)
return valid
def _create_filename_from_cert_serial_number(self):
"create from serial"
cert_content = self.get_cert_content()
ent_cert = create_from_pem(cert_content)
return "%s.pem" % (ent_cert.serial)
def test_existsandvalid(self, mock_exists, mock_read):
mock_exists.return_value = True
mock_read.return_value = certificate.create_from_pem(certdata.RHIC_CERT)
testRhicCert = RhicCertificate()
testRhicCert.cfg = StubConfig()
self.assertTrue(testRhicCert.existsAndValid())
def __init__(self, cert_pem):
super(StatCertCommandStub, self).__init__()
self._pem = cert_pem
self._cert = create_from_pem(self._pem)
def test_asn1_generalized_time(self):
id_cert = create_from_pem(certdata.ASN1_GENERALIZEDTIME_CERT)
self.assertTrue(isinstance(id_cert, IdentityCertificate))
self.assertEqual(2016, id_cert.start.year)
self.assertEqual(2116, id_cert.end.year)
def setUp(self):
self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V3_2)
def setUp(self):
self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V1_0)
def test_creation(self):
id_cert = create_from_pem(certdata.IDENTITY_CERT)
self.assertTrue(isinstance(id_cert, IdentityCertificate))
self.assertEquals("URI:CN=redhat.local.rm-rf.ca", id_cert.alt_name)
self.assertEquals("0f5d4617-d913-4a0f-be61-d8a9c88e1476", id_cert.subject['CN'])
self.assertFalse(hasattr(id_cert, 'products'))
def setUp(self):
self.prod_cert = create_from_pem(certdata.PRODUCT_CERT_V1_0)
def setUp(self):
self.ent_cert = create_from_pem(
certdata.ENTITLEMENT_CERT_V3_2_WITH_CONTENT_ARCH)
def __init__(self, keystring, certstring):
self.key = keystring
# TODO: bad variables, cert should be the certificate object, x509 is
# used elsewhere for the rhsm._certificate object of the same name.
self.cert = certstring
self.x509 = create_from_pem(certstring)
def setUp(self):
self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V3_2_WITH_CONTENT_ARCH)
def _create_filename_from_cert_serial_number(self):
"create from serial"
cert_content = self.get_cert_content()
ent_cert = create_from_pem(cert_content)
return "%s.pem" % (ent_cert.serial)
def setUp(self):
self.prod_cert = create_from_pem(certdata.PRODUCT_CERT_V1_0)
self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V1_0)
def __init__(self, keystring, certstring):
self.key = keystring
self.cert = certstring
self.x509 = create_from_pem(certstring)
3rAZrmyq2oN7JqA82PplY3XHoXVojt067Kq2Vqgj+oJtx9WZoACKX5mmU1Zsvxwy kuPTfQDQ5JkjtS/N/Snls7A7TgOAy97v0Cp4H3UJpXwKKCV7ifd/eqcCgYEAzXq1 0xHu8Q1EYmG8IulyJ2oJFNX92kkPegHheMnFvqUHnmVFbsj8H5E+FQXNQX1aUS1K 1epDN9LlVKBtWF33WGMCFy6VK0v0MGMZGQ+vI/O01MU8d+DBy2HRKz2UPW3OWevX 9udxLASoaCD/3LCn3eeGT5ucRUw12AIQ6zEzTMMCgYEArL1BlzzHkf0gD4N3Cc4i rYp4cls+ha8BNr9Upho0P9DP9NdkkZLWsE3pt9ldmdzfhIaZWzIhgT4FQlqwHy8C QeOYN3wTaGB17uanBpf5gMTK3mtRoDLr6FjxwYj0iRzU0Hp/ekZDcFN+DAKgynRr ZMxpmacE6PjIcPL+5WSNElcCgYBjjKrgipSvtlTGMUGbzGvgyo+Bx7cH9VOJMbYR 9fdWyM9rHvdHmBoGFTD1sGzj6J5EK+RQxQEx33v5xwuSv1uhN76AirH8Wv0AIFK9 gIrCqUSXvMLx9TMOnOJgx6G1LSjHCesElNaQk+UfJbWwLun1KUE5+lL4g9amQ0H9 IEYRTwKBgQCXpMJ2P0bomDQMeIou2CSGCuEMcx8NuTA9x4t6xrf6Hyv7O9K7+fr1 5aNLpomnn09oQvg9Siz+AMzVEUkkbYmiHf3lDng/RE00hW32SDLJMloJEFmQLCrV ufxBTlg4v0B3xS1GgvATMY4hyk53o5PffmlRO03dbfpGK/rkTIPwFg== -----END RSA PRIVATE KEY-----""" EXPECTED_CERT = create_from_pem(EXPECTED_CERT_CONTENT) # Used to simulate importing a valid bundle (cert+key) but when # the cert is not actually an entitlement cert. IDENTITY_CERT_WITH_KEY = """ -----BEGIN CERTIFICATE----- MIIDVTCCAr6gAwIBAgIIdv1ldZ5/0IQwDQYJKoZIhvcNAQEFBQAwNjEVMBMGA1UE AwwMMTkyLjE2OC4xLjI1MQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFsZWlnaDAe Fw0xMjA3MzAxMzE5NTdaFw0yODA3MzAxMzE5NTdaMC8xLTArBgNVBAMTJDU2MzA4 ODU4LTZhOTMtNGFmZC04YjIyLWY1MjFhZmFlNTRiZjCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAJUDAlagg+Pbew+blR2S+DkDMZ81hfY3L10yalEDsXsq NtX7eXG6eiSnsKXfZKpJXEZ1qIuW3OZEtOoBl5EWyQipBCsBufS4KKA2VbH5r8EA gJKKXmu17pT9VH1mZ6A+eFUUAJU8CTvnNEchZLM9DZEoki4mPDiEizMPLpOzwtGp KKaTIBWU8Fp1uO66EadjLsE/gbPSo4V1q60JE1P7qNHm07qVAM1OEKENxj4j49mr bsiCPmVjppk+OezqwtJUseWEq/pAEYtOGJNy61l9EfFpp1HvaqdEsymjTal25j77 kMbNUIPRvOctB7ZKeoO1xThfK9Saw0RZDJqg7dxDcccCAwEAAaOB7jCB6zARBglg
def setUp(self):
self.prod_cert = create_from_pem(certdata.PRODUCT_CERT_V1_0)
def get_cert(self):
cert_content = self.get_cert_content()
ent_cert = create_from_pem(cert_content)
return ent_cert
def setUp(self):
self.ent_cert = create_from_pem(self.cert_data)
def test_factory_method_without_ent_data(self):
data = certdata.ENTITLEMENT_CERT_V3_0.split('-----BEGIN ENTITLEMENT DATA-----')[0]
cert = create_from_pem(data)
self.assertTrue(cert.content is None)
self.assertTrue(cert.order is None)
self.assertEqual(cert.products, [])
3rAZrmyq2oN7JqA82PplY3XHoXVojt067Kq2Vqgj+oJtx9WZoACKX5mmU1Zsvxwy kuPTfQDQ5JkjtS/N/Snls7A7TgOAy97v0Cp4H3UJpXwKKCV7ifd/eqcCgYEAzXq1 0xHu8Q1EYmG8IulyJ2oJFNX92kkPegHheMnFvqUHnmVFbsj8H5E+FQXNQX1aUS1K 1epDN9LlVKBtWF33WGMCFy6VK0v0MGMZGQ+vI/O01MU8d+DBy2HRKz2UPW3OWevX 9udxLASoaCD/3LCn3eeGT5ucRUw12AIQ6zEzTMMCgYEArL1BlzzHkf0gD4N3Cc4i rYp4cls+ha8BNr9Upho0P9DP9NdkkZLWsE3pt9ldmdzfhIaZWzIhgT4FQlqwHy8C QeOYN3wTaGB17uanBpf5gMTK3mtRoDLr6FjxwYj0iRzU0Hp/ekZDcFN+DAKgynRr ZMxpmacE6PjIcPL+5WSNElcCgYBjjKrgipSvtlTGMUGbzGvgyo+Bx7cH9VOJMbYR 9fdWyM9rHvdHmBoGFTD1sGzj6J5EK+RQxQEx33v5xwuSv1uhN76AirH8Wv0AIFK9 gIrCqUSXvMLx9TMOnOJgx6G1LSjHCesElNaQk+UfJbWwLun1KUE5+lL4g9amQ0H9 IEYRTwKBgQCXpMJ2P0bomDQMeIou2CSGCuEMcx8NuTA9x4t6xrf6Hyv7O9K7+fr1 5aNLpomnn09oQvg9Siz+AMzVEUkkbYmiHf3lDng/RE00hW32SDLJMloJEFmQLCrV ufxBTlg4v0B3xS1GgvATMY4hyk53o5PffmlRO03dbfpGK/rkTIPwFg== -----END RSA PRIVATE KEY-----""" EXPECTED_CERT = create_from_pem(EXPECTED_CERT_CONTENT) # Used to simulate importing a valid bundle (cert+key) but when # the cert is not actually an entitlement cert. IDENTITY_CERT_WITH_KEY = """ -----BEGIN CERTIFICATE----- MIIDVTCCAr6gAwIBAgIIdv1ldZ5/0IQwDQYJKoZIhvcNAQEFBQAwNjEVMBMGA1UE AwwMMTkyLjE2OC4xLjI1MQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFsZWlnaDAe Fw0xMjA3MzAxMzE5NTdaFw0yODA3MzAxMzE5NTdaMC8xLTArBgNVBAMTJDU2MzA4 ODU4LTZhOTMtNGFmZC04YjIyLWY1MjFhZmFlNTRiZjCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAJUDAlagg+Pbew+blR2S+DkDMZ81hfY3L10yalEDsXsq NtX7eXG6eiSnsKXfZKpJXEZ1qIuW3OZEtOoBl5EWyQipBCsBufS4KKA2VbH5r8EA gJKKXmu17pT9VH1mZ6A+eFUUAJU8CTvnNEchZLM9DZEoki4mPDiEizMPLpOzwtGp KKaTIBWU8Fp1uO66EadjLsE/gbPSo4V1q60JE1P7qNHm07qVAM1OEKENxj4j49mr bsiCPmVjppk+OezqwtJUseWEq/pAEYtOGJNy61l9EfFpp1HvaqdEsymjTal25j77 kMbNUIPRvOctB7ZKeoO1xThfK9Saw0RZDJqg7dxDcccCAwEAAaOB7jCB6zARBglg
def __init__(self, keystring, certstring):
self.key = keystring
# TODO: bad variables, cert should be the certificate object, x509 is
# used elsewhere for the m2crypto object of the same name.
self.cert = certstring
self.x509 = create_from_pem(certstring)
def _print_products(self, zip_archive):
entitlements = zip_archive._get_entitlements()
if len(entitlements) == 0:
self._print_section(_("Subscriptions:"), [["None"]], 1, True)
return
for ent_file in entitlements:
part = zip_archive._read_file(ent_file)
data = json.loads(part)
to_print = []
to_print.append((_("Name"), get_value(data, "pool.productName")))
to_print.append((_("Quantity"), get_value(data, "quantity")))
to_print.append((_("Created"), get_value(data, "created")))
to_print.append((_("Start Date"), get_value(data, "startDate")))
to_print.append((_("End Date"), get_value(data, "endDate")))
to_print.append(
(_("Service Level"),
self._get_product_attribute("support_level", data)))
to_print.append((_("Service Type"),
self._get_product_attribute("support_type",
data)))
to_print.append(
(_("Architectures"), self._get_product_attribute("arch",
data)))
to_print.append((_("SKU"), get_value(data, "pool.productId")))
to_print.append(
(_("Contract"), get_value(data, "pool.contractNumber")))
to_print.append((_("Order"), get_value(data, "pool.orderNumber")))
to_print.append((_("Account"), get_value(data,
"pool.accountNumber")))
virt_limit = self._get_product_attribute("virt_limit", data)
to_print.append((_("Virt Limit"), virt_limit))
require_virt_who = False
if virt_limit:
require_virt_who = True
to_print.append((_("Requires Virt-who"), require_virt_who))
entitlement_file = os.path.join("export", "entitlements",
"%s.json" % data["id"])
to_print.append((_("Entitlement File"), entitlement_file))
#Get the certificate to get the version
serial = data["certificates"][0]["serial"]["id"]
cert_file = os.path.join("export", "entitlement_certificates",
"%s.pem" % serial)
to_print.append((_("Certificate File"), cert_file))
try:
cert = certificate.create_from_pem(
zip_archive._read_file(cert_file).decode('utf-8'))
except certificate.CertificateException as ce:
raise certificate.CertificateException(
_("Unable to read certificate file '%s': %s") %
(cert_file, ce))
to_print.append((_("Certificate Version"), cert.version))
self._print_section(_("Subscription:"), to_print, 1, False)
# Get the provided Products
to_print = [(int(pp["productId"]), pp["productName"])
for pp in data["pool"]["providedProducts"]]
self._print_section(_("Provided Products:"), sorted(to_print), 2,
False)
# Get the derived provided Products (if available)
if "derivedProvidedProducts" in data["pool"]:
to_print = [(int(pp["productId"]), pp["productName"])
for pp in data["pool"]["derivedProvidedProducts"]]
self._print_section(_("Derived Products:"), sorted(to_print),
2, False)
# Get the Content Sets
if not self.options.no_content:
to_print = [[item.url] for item in cert.content]
self._print_section(_("Content Sets:"), sorted(to_print), 2,
True)
else: # bz#1369577: print a blank line to separate subscriptions when --no-content in use
print("")
def test_default_version(self):
id_cert = create_from_pem(certdata.IDENTITY_CERT)
self.assertTrue(isinstance(id_cert, IdentityCertificate))
self.assertEquals('1.0', str(id_cert.version))
3rAZrmyq2oN7JqA82PplY3XHoXVojt067Kq2Vqgj+oJtx9WZoACKX5mmU1Zsvxwy kuPTfQDQ5JkjtS/N/Snls7A7TgOAy97v0Cp4H3UJpXwKKCV7ifd/eqcCgYEAzXq1 0xHu8Q1EYmG8IulyJ2oJFNX92kkPegHheMnFvqUHnmVFbsj8H5E+FQXNQX1aUS1K 1epDN9LlVKBtWF33WGMCFy6VK0v0MGMZGQ+vI/O01MU8d+DBy2HRKz2UPW3OWevX 9udxLASoaCD/3LCn3eeGT5ucRUw12AIQ6zEzTMMCgYEArL1BlzzHkf0gD4N3Cc4i rYp4cls+ha8BNr9Upho0P9DP9NdkkZLWsE3pt9ldmdzfhIaZWzIhgT4FQlqwHy8C QeOYN3wTaGB17uanBpf5gMTK3mtRoDLr6FjxwYj0iRzU0Hp/ekZDcFN+DAKgynRr ZMxpmacE6PjIcPL+5WSNElcCgYBjjKrgipSvtlTGMUGbzGvgyo+Bx7cH9VOJMbYR 9fdWyM9rHvdHmBoGFTD1sGzj6J5EK+RQxQEx33v5xwuSv1uhN76AirH8Wv0AIFK9 gIrCqUSXvMLx9TMOnOJgx6G1LSjHCesElNaQk+UfJbWwLun1KUE5+lL4g9amQ0H9 IEYRTwKBgQCXpMJ2P0bomDQMeIou2CSGCuEMcx8NuTA9x4t6xrf6Hyv7O9K7+fr1 5aNLpomnn09oQvg9Siz+AMzVEUkkbYmiHf3lDng/RE00hW32SDLJMloJEFmQLCrV ufxBTlg4v0B3xS1GgvATMY4hyk53o5PffmlRO03dbfpGK/rkTIPwFg== -----END RSA PRIVATE KEY-----""" EXPECTED_CERT = create_from_pem(EXPECTED_CERT_CONTENT) # Used to simulate importing a valid bundle (cert+key) but when # the cert is not actually an entitlement cert. IDENTITY_CERT_WITH_KEY = """ -----BEGIN CERTIFICATE----- MIIDVTCCAr6gAwIBAgIIdv1ldZ5/0IQwDQYJKoZIhvcNAQEFBQAwNjEVMBMGA1UE AwwMMTkyLjE2OC4xLjI1MQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFsZWlnaDAe Fw0xMjA3MzAxMzE5NTdaFw0yODA3MzAxMzE5NTdaMC8xLTArBgNVBAMTJDU2MzA4 ODU4LTZhOTMtNGFmZC04YjIyLWY1MjFhZmFlNTRiZjCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAJUDAlagg+Pbew+blR2S+DkDMZ81hfY3L10yalEDsXsq NtX7eXG6eiSnsKXfZKpJXEZ1qIuW3OZEtOoBl5EWyQipBCsBufS4KKA2VbH5r8EA gJKKXmu17pT9VH1mZ6A+eFUUAJU8CTvnNEchZLM9DZEoki4mPDiEizMPLpOzwtGp KKaTIBWU8Fp1uO66EadjLsE/gbPSo4V1q60JE1P7qNHm07qVAM1OEKENxj4j49mr bsiCPmVjppk+OezqwtJUseWEq/pAEYtOGJNy61l9EfFpp1HvaqdEsymjTal25j77 kMbNUIPRvOctB7ZKeoO1xThfK9Saw0RZDJqg7dxDcccCAwEAAaOB7jCB6zARBglg
def __init__(self, cert_pem):
super(StatCertCommandStub, self).__init__()
self._pem = cert_pem
self._cert = create_from_pem(self._pem)
def test_default_version(self):
id_cert = create_from_pem(certdata.IDENTITY_CERT)
self.assertTrue(isinstance(id_cert, IdentityCertificate))
self.assertEquals('1.0', str(id_cert.version))
def __init__(self, cert_pem):
CatCertCommand.__init__(self)
self.cert = create_from_pem(cert_pem)
def __init__(self, cert_pem):
CatCertCommand.__init__(self)
self.cert = create_from_pem(cert_pem)
RhicCertificate.move()
sys.exit(-1)
else:
raise
except connection.RemoteServerException, e:
if e.code == 404:
print _("RHIC was not found by upstream server. See rhsm.log for more detail.")
RhicCertificate.move()
sys.exit(-1)
else:
raise
if certs:
try:
writer = Writer()
cert = certificate.create_from_pem(certs['cert'])
key = certificate.Key(certs['key'])
writer.write(key, cert)
except:
raise
rhiclib.cleanExpiredCerts(ProductDirectory(), EntitlementDirectory(), facts.to_dict())
sys.exit(0)
if not ConsumerIdentity.existsAndValid():
log.error('Either the consumer is not registered or the certificates' +
' are corrupted. Certificate update using daemon failed.')
sys.exit(-1)
print _('Updating entitlement certificates & repositories')
def get_cert(self):
cert_content = self.get_cert_content()
ent_cert = create_from_pem(cert_content)
return ent_cert
def setUp(self):
self.ent_cert = create_from_pem(self.cert_data)
