예제 #1
0
    def ajouter_compte(self, enveloppe: EnveloppeCleCert):
        issuer = enveloppe.formatter_issuer()
        idmg = issuer['organizationName']

        subject = enveloppe.subject_rfc4514_string_mq()

        try:
            self.ajouter_exchanges(idmg)

            # Charger exchanges immediatement - un certificat sans exchanges ne peut pas acceder a mongo/mq
            exchanges = enveloppe.get_exchanges

            responses = list()
            responses.append(self._admin_api.create_user(subject))
            responses.append(self._admin_api.create_user_permission(subject, idmg))

            liste_inclure = {Constantes.SECURITE_PUBLIC}  # PUblic toujours inclus
            if Constantes.SECURITE_PROTEGE in exchanges:
                # pour l'echange protege, on inclus aussi l'echange prive (et public)
                liste_inclure.add(Constantes.SECURITE_PRIVE)
            if Constantes.SECURITE_SECURE in exchanges:
                # pour l'echange secure, on inclus aussi tous les autres echanges
                liste_inclure.add(Constantes.SECURITE_PRIVE)
                liste_inclure.add(Constantes.SECURITE_PROTEGE)
            liste_inclure.update(exchanges)

            liste_exchanges_exclure = [
                Constantes.SECURITE_PUBLIC,
                Constantes.SECURITE_PRIVE,
                Constantes.SECURITE_PROTEGE,
                Constantes.SECURITE_SECURE
            ]

            for exchange in liste_inclure:
                liste_exchanges_exclure.remove(exchange)  # Retire de la liste d'exchanges a exclure
                responses.append(self._admin_api.create_user_topic(subject, idmg, exchange))

            # Bloquer les exchanges a exclure
            for exchange in liste_exchanges_exclure:
                responses.append(self._admin_api.create_user_topic(subject, idmg, exchange, write='', read=''))

            if any([response.status_code not in [201, 204] for response in responses]):
                raise ValueError("Erreur ajout compte", subject)

        except x509.extensions.ExtensionNotFound:
            self.__logger.info("Aucun access a MQ pour certificat %s", subject)
예제 #2
0
    def creer_compte(self, cert: EnveloppeCleCert):
        issuer = cert.formatter_issuer()
        idmg = issuer['organizationName']
        nom_compte = cert.subject_rfc4514_string_mq()
        commande = {
            'createUser': nom_compte,
            'roles': [{
                'role': 'readWrite',
                'db': idmg,
            }]
        }

        self.__logger.debug("Creation compte Mongo : %s", commande)

        document_dao = self.__connexion.document_dao
        external_db = document_dao.get_database('$external')
        external_db.command(commande)
예제 #3
0
    def _ajouter_compte_pem(self, cert_pem, commande):
        # Charger pem
        certificat = EnveloppeCleCert()
        certificat.cert_from_pem_bytes(cert_pem.encode('utf-8'))
        try:
            gestionnaire_mongo: GestionnaireComptesMongo = self._service_monitor.gestionnaire_mongo
            if gestionnaire_mongo:
                gestionnaire_mongo.creer_compte(certificat)
        except DuplicateKeyError:
            self.__logger.info("Compte mongo deja cree : " +
                               certificat.subject_rfc4514_string_mq())
        except KeyError as kerr:
            self.__logger.debug("Certificat ignore " + str(kerr))
        gestionnaire_comptes_mq: GestionnaireComptesMQ = self._service_monitor.gestionnaire_mq
        gestionnaire_comptes_mq.ajouter_compte(certificat)
        # Transmettre reponse d'ajout de compte, au besoin
        properties = commande.get('properties')
        if properties:
            reply_to = properties.reply_to
            correlation_id = properties.correlation_id

            if reply_to and correlation_id:
                self._service_monitor.generateur_transactions.transmettre_reponse(
                    {'resultat_ok': True}, reply_to, correlation_id)