def test_syntactic_sugar_methods(self): """ Tests the syntactic sugar methods for retrieving specific managers. """ # Setup factory.initialize() # Test self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager)) self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager)) self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager)) self.assertTrue(isinstance(factory.password_manager(), PasswordManager)) self.assertTrue(isinstance(factory.permission_manager(), PermissionManager)) self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager)) self.assertTrue(isinstance(factory.role_manager(), RoleManager)) self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager)) self.assertTrue(isinstance(factory.user_manager(), UserManager)) self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager)) self.assertTrue(isinstance(factory.repo_manager(), RepoManager)) self.assertTrue(isinstance(factory.repo_unit_association_manager(), RepoUnitAssociationManager)) self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager)) self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager)) self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager)) self.assertTrue(isinstance(factory.content_manager(), ContentManager)) self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager)) self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager)) self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager)) self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def check_user_cert(self, cert_pem): """ Check a client ssl certificate. Return None if the certificate is not valid :type cert_pem: str :param cert_pem: pem encoded ssl certificate :rtype: str or None :return: user login corresponding to the credentials """ cert = factory.certificate_manager(content=cert_pem) subject = cert.subject() encoded_user = subject.get('CN', None) if not encoded_user: return None cert_gen_manager = factory.cert_generation_manager() if not cert_gen_manager.verify_cert(cert_pem): _logger.error(_('Auth certificate with CN [%(u)s] is signed by a foreign CA') % {'u': encoded_user}) return None try: username, id = cert_gen_manager.decode_admin_user(encoded_user) except PulpException: return None return self.check_username_password(username)
def check_user_cert(self, cert_pem): """ Check a client ssl certificate. Return None if the certificate is not valid :type cert_pem: str :param cert_pem: pem encoded ssl certificate :rtype: str or None :return: user login corresponding to the credentials """ cert = factory.certificate_manager(content=cert_pem) subject = cert.subject() encoded_user = subject.get('CN', None) if not encoded_user: return None cert_gen_manager = factory.cert_generation_manager() if not cert_gen_manager.verify_cert(cert_pem): _logger.error( _('Auth certificate with CN [%(u)s] is signed by a foreign CA') % {'u': encoded_user}) return None try: username, id = cert_gen_manager.decode_admin_user(encoded_user) except PulpException: return None return self.check_username_password(username)
def check_consumer_cert(self, cert_pem): """ Check a consumer ssl certificate. Return None if the certificate is not valid :type cert_pem: str :param cert_pem: pem encoded ssl certificate :rtype: str or None :return: id of a consumer corresponding to the credentials """ cert = factory.certificate_manager(content=cert_pem) subject = cert.subject() consumerid = subject.get('CN', None) if consumerid is None: return None cert_gen_manager = factory.cert_generation_manager() if not cert_gen_manager.verify_cert(cert_pem): _logger.error( _('Auth certificate with CN [%(cn)s] is signed by a foreign CA' ) % {'cn': consumerid}) return None return consumerid
def check_consumer_cert(self, cert_pem): """ Check a consumer ssl certificate. Return None if the certificate is not valid :type cert_pem: str :param cert_pem: pem encoded ssl certificate :rtype: str or None :return: id of a consumer corresponding to the credentials """ cert = factory.certificate_manager(content=cert_pem) subject = cert.subject() consumerid = subject.get('CN', None) if consumerid is None: return None cert_gen_manager = factory.cert_generation_manager() if not cert_gen_manager.verify_cert(cert_pem): _logger.error(_('Auth certificate with CN [%(cn)s] is signed by a foreign CA') % {'cn': consumerid}) return None return consumerid
def register(consumer_id, display_name=None, description=None, notes=None, capabilities=None, rsa_pub=None): """ Registers a new Consumer :param consumer_id: unique identifier for the consumer :type consumer_id: str :param rsa_pub: The consumer public key used for message authentication. :type rsa_pub: str :param display_name: user-friendly name for the consumer :type display_name: str :param description: user-friendly text describing the consumer :type description: str :param notes: key-value pairs to pragmatically tag the consumer :type notes: dict :param capabilities: operations supported on the consumer :type capabilities: dict :raises DuplicateResource: if there is already a consumer or a used with the requested ID :raises InvalidValue: if any of the fields is unacceptable :return: A tuple of: (consumer, certificate) :rtype: tuple """ if not is_consumer_id_valid(consumer_id): raise InvalidValue(['id']) collection = Consumer.get_collection() consumer = collection.find_one({'id': consumer_id}) if consumer is not None: raise DuplicateResource(consumer_id) if notes is not None and not isinstance(notes, dict): raise InvalidValue(['notes']) if capabilities is not None and not isinstance(capabilities, dict): raise InvalidValue(['capabilities']) # Use the ID for the display name if one was not specified display_name = display_name or consumer_id # Creation consumer = Consumer(consumer_id, display_name, description, notes, capabilities, rsa_pub) _id = collection.save(consumer, safe=True) # Generate certificate cert_gen_manager = factory.cert_generation_manager() expiration_date = config.config.getint('security', 'consumer_cert_expiration') key, certificate = cert_gen_manager.make_cert(consumer_id, expiration_date, uid=str(_id)) factory.consumer_history_manager().record_event(consumer_id, 'consumer_registered') return consumer, Bundle.join(key, certificate)
def setUp(self): super(UserManagerTests, self).setUp() # Hardcoded to /var/lib/pulp, so change here to avoid permissions issues self.default_sn_path = SerialNumber.PATH SerialNumber.PATH = '/tmp/sn.dat' sn = SerialNumber() sn.reset() self.user_manager = manager_factory.user_manager() self.user_query_manager = manager_factory.user_query_manager() self.cert_generation_manager = manager_factory.cert_generation_manager()
def check_consumer_cert_no_user(cert_pem): # TODO document me cert = factory.certificate_manager(content=cert_pem) subject = cert.subject() encoded_user = subject.get('CN', None) if encoded_user is None: return None cert_gen_manager = factory.cert_generation_manager() if not cert_gen_manager.verify_cert(cert_pem): _log.error('Auth certificate with CN [%s] is signed by a foreign CA' % encoded_user) return None return encoded_user
def setUp(self): super(UserManagerTests, self).setUp() # Hardcoded to /var/lib/pulp, so change here to avoid permissions issues self.default_sn_path = SerialNumber.PATH SerialNumber.PATH = '/tmp/sn.dat' sn = SerialNumber() sn.reset() self.user_manager = manager_factory.user_manager() self.user_query_manager = manager_factory.user_query_manager() self.role_manager = manager_factory.role_manager() self.cert_generation_manager = manager_factory.cert_generation_manager()
def post(self, request): """ Return client SSL certificate and a private key. :param request: WSGI request object :type request: django.core.handlers.wsgi.WSGIRequest :return: Response containing cert and key :rtype: django.http.HttpResponse """ user = factory.principal_manager().get_principal() key, certificate = factory.cert_generation_manager().make_admin_user_cert(user) key_cert = {'key': key, 'certificate': certificate} return generate_json_response(key_cert)
def post(self, request): """ Return client SSL certificate and a private key. :param request: WSGI request object :type request: django.core.handlers.wsgi.WSGIRequest :return: Response containing cert and key :rtype: django.http.HttpResponse """ user = factory.principal_manager().get_principal() key, certificate = factory.cert_generation_manager( ).make_admin_user_cert(user) key_cert = {'key': key, 'certificate': certificate} return generate_json_response(key_cert)
def register(self, id, display_name=None, description=None, notes=None, capabilities=None): """ Registers a new Consumer @param id: unique identifier for the consumer @type id: str @param display_name: user-friendly name for the consumer @type display_name: str @param description: user-friendly text describing the consumer @type description: str @param notes: key-value pairs to programmatically tag the consumer @type notes: dict @param capabilities: operations permitted on the consumer @type capabilities: dict @raises DuplicateResource: if there is already a consumer or a used with the requested ID @raises InvalidValue: if any of the fields is unacceptable """ if not is_consumer_id_valid(id): raise InvalidValue(['id']) existing_consumer = Consumer.get_collection().find_one({'id' : id}) if existing_consumer is not None: raise DuplicateResource(id) if notes is not None and not isinstance(notes, dict): raise InvalidValue(['notes']) if capabilities is not None and not isinstance(capabilities, dict): raise InvalidValue(['capabilities']) # Use the ID for the display name if one was not specified display_name = display_name or id # Generate certificate cert_gen_manager = factory.cert_generation_manager() expiration_date = config.config.getint('security', 'consumer_cert_expiration') key, crt = cert_gen_manager.make_cert(id, expiration_date) # Creation create_me = Consumer(id, display_name, description, notes, capabilities, certificate=crt.strip()) Consumer.get_collection().save(create_me, safe=True) factory.consumer_history_manager().record_event(id, 'consumer_registered') create_me.certificate = Bundle.join(key, crt) return create_me
def test_get(self): # Setup user_query_manager = manager_factory.user_query_manager() cert_generation_manager = manager_factory.cert_generation_manager() user = user_query_manager.find_by_login(login='******') # Test status, body = self.post('/v2/actions/login/') # Verify self.assertEqual(200, status) certificate = manager_factory.certificate_manager(content=str(body['key']+body['certificate'])) cn = certificate.subject()['CN'] username, id = cert_generation_manager.decode_admin_user(cn) self.assertEqual(username, user['login']) self.assertEqual(id, user['id'])
def test_get(self): # Setup user_query_manager = manager_factory.user_query_manager() cert_generation_manager = manager_factory.cert_generation_manager() user = user_query_manager.find_by_login(login='******') # Test status, body = self.post('/v2/actions/login/') # Verify self.assertEqual(200, status) certificate = manager_factory.certificate_manager( content=str(body['key'] + body['certificate'])) cn = certificate.subject()['CN'] username, id = cert_generation_manager.decode_admin_user(cn) self.assertEqual(username, user['login']) self.assertEqual(id, user['id'])
def check_user_cert(cert_pem): """ Check a client ssl certificate. Return None if the certificate is not valid @type cert_pem: str @param cert_pem: pem encoded ssl certificate @rtype: L{pulp.server.db.model.User} instance or None @return: user corresponding to the credentials """ cert = factory.certificate_manager(content=cert_pem) subject = cert.subject() encoded_user = subject.get('CN', None) if not encoded_user: return None cert_gen_manager = factory.cert_generation_manager() if not cert_gen_manager.verify_cert(cert_pem): _log.error('Auth certificate with CN [%s] is signed by a foreign CA' % encoded_user) return None try: username, id = cert_gen_manager.decode_admin_user(encoded_user) except PulpException: return None return check_username_password(username)
def POST(self): user = factory.principal_manager().get_principal() key, certificate = factory.cert_generation_manager().make_admin_user_cert(user) key_cert = {"key": key, "certificate": certificate} return self.ok(key_cert)
def POST(self): user = factory.principal_manager().get_principal() key, certificate = factory.cert_generation_manager( ).make_admin_user_cert(user) key_cert = {"key": key, "certificate": certificate} return self.ok(key_cert)
def setUp(self): super(TestCertGeneration, self).setUp() self.cert_gen_manager = manager_factory.cert_generation_manager()
def POST(self): user = factory.principal_manager().get_principal() key, certificate = factory.cert_generation_manager().make_admin_user_cert(user) certificate = key + certificate return self.ok(certificate)