def test_verify(self):
# Test
valid_result = cert_generator.verify_cert(VALID_CERT)
self.assertTrue(valid_result)
invalid_result = cert_generator.verify_cert(INVALID_CERT)
self.assertTrue(not invalid_result)
def check_consumer_cert_no_user(cert_pem):
# TODO document me
cert = Certificate(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if encoded_user is None:
return None
if not verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
return encoded_user
def check_consumer_cert(cert_pem):
# TODO document me
cert = Certificate(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if encoded_user is None:
return None
if not verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
user = check_username_password(encoded_user)
if user is None or consumer_users_role not in user['roles']:
return None
return user
def check_user_cert(cert_pem):
"""
Check a client ssl certificate.
Return None if the certificate is not valid
@type cert_pem: str
@param cert_pem: pem encoded ssl certificate
@rtype: L{pulp.server.db.model.User} instance or None
@return: user corresponding to the credentials
"""
cert = Certificate(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if not encoded_user:
return None
if not verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
try:
username, id = cert_generator.decode_admin_user(encoded_user)
except PulpException:
return None
return check_username_password(username)
