def test_cert_with_carriage_returns(self):
     # make sure it can parse a cert where the "-----" etc. lines end with
     # "\r\n" instead of just "\n". Failure to parse in this case was
     # discovered when trying to parse an employee-sku cert that jbowes
     # emailed to mhrivnak. the origin of the offending carriage returns is
     # unknown.
     crcert = certdata.ENTITLEMENT_CERT_V3_0.replace('-\n', '-\r\n')
     create_from_pem(crcert)
예제 #2
0
    def _check_extensions(self, cert_pem, dest, log_func):
        """
        Checks the requested destination path against the entitlement cert.

        :param cert_pem: certificate as PEM
        :type  cert_pem: str
        :param dest: path of desired destination
        :type  dest: str
        :param log_func: function used for logging
        :type  log_func: callable taking 1 argument of type basestring
        :return: True iff request is authorized, else False
        :rtype:  bool
        """
        cert = certificate.create_from_pem(cert_pem)

        # Extract the repo portion of the URL
        repo_dest = dest[dest.find(RELATIVE_URL) + len(RELATIVE_URL):]

        try:
            valid = cert.check_path(repo_dest)
        except AttributeError:
            # not an entitlement certificate, so no entitlements
            log_func('The provided client certificate is not an entitlement certificate.\n')
            valid = False
        if not valid:
            log_func('Request denied to destination [%s]' % dest)

        return valid
예제 #3
0
    def build(self, bundle):
        keypem = bundle['key']
        crtpem = bundle['cert']
        key = Key(keypem)

        cert = create_from_pem(crtpem)
        return (key, cert)
예제 #4
0
    def _check_extensions(self, cert_pem, dest, log_func, repo_url_prefixes):
        """
        Checks the requested destination path against the entitlement cert.

        :param cert_pem: certificate as PEM
        :type  cert_pem: str
        :param dest: path of desired destination
        :type  dest: str
        :param log_func: function used for logging
        :type  log_func: callable taking 1 argument of type basestring
        :param repo_url_prefixes: list of url prefixes to strip off before checking against cert
        :type  repo_url_prefixes: list of str
        :return: True iff request is authorized, else False
        :rtype:  bool
        """
        cert = certificate.create_from_pem(cert_pem)

        valid = False
        for prefix in repo_url_prefixes:
            # Extract the repo portion of the URL
            repo_dest = dest[dest.find(prefix) + len(prefix):]
            try:
                valid = cert.check_path(repo_dest)
            except AttributeError:
                # not an entitlement certificate, so no entitlements
                log_func('The provided client certificate is not an entitlement certificate.\n')
            # if we have a valid url check, no need to continue
            if valid:
                break

        if not valid:
            log_func('Request denied to destination [%s]' % dest)

        return valid
예제 #5
0
    def _print_products(self, zip_archive):
        entitlements = zip_archive._get_entitlements()
        if len(entitlements) == 0:
            self._print_section(_("Subscriptions:"), [["None"]], 1, True)
            return

        for ent_file in entitlements:
            part = zip_archive._read_file(ent_file)
            data = json.loads(part)
            to_print = []
            to_print.append((_("Name"), get_value(data, "pool.productName")))
            to_print.append((_("Quantity"), get_value(data, "quantity")))
            to_print.append((_("Created"), get_value(data, "created")))
            to_print.append((_("Start Date"), get_value(data, "startDate")))
            to_print.append((_("End Date"), get_value(data, "endDate")))
            to_print.append((_("Service Level"), self._get_product_attribute("support_level", data)))
            to_print.append((_("Service Type"), self._get_product_attribute("support_type", data)))
            to_print.append((_("Architectures"), self._get_product_attribute("arch", data)))
            to_print.append((_("SKU"), get_value(data, "pool.productId")))
            to_print.append((_("Contract"), get_value(data, "pool.contractNumber")))
            to_print.append((_("Order"), get_value(data, "pool.orderNumber")))
            to_print.append((_("Account"), get_value(data, "pool.accountNumber")))
            virt_limit = self._get_product_attribute("virt_limit", data)
            to_print.append((_("Virt Limit"), virt_limit))
            require_virt_who = False
            if virt_limit:
                require_virt_who = True
            to_print.append((_("Requires Virt-who"), require_virt_who))

            entitlement_file = os.path.join("export", "entitlements", "%s.json" % data["id"])
            to_print.append((_("Entitlement File"), entitlement_file))
            #Get the certificate to get the version
            serial = data["certificates"][0]["serial"]["id"]

            cert_file = os.path.join("export", "entitlement_certificates", "%s.pem" % serial)
            to_print.append((_("Certificate File"), cert_file))

            try:
                cert = certificate.create_from_pem(zip_archive._read_file(cert_file))
            except certificate.CertificateException, ce:
                raise certificate.CertificateException(
                        _("Unable to read certificate file '%s': %s") % (cert_file,
                        ce))
            to_print.append((_("Certificate Version"), cert.version))

            self._print_section(_("Subscription:"), to_print, 1, False)

            # Get the provided Products
            to_print = [(int(pp["productId"]), pp["productName"]) for pp in data["pool"]["providedProducts"]]

            self._print_section(_("Provided Products:"), sorted(to_print), 2, False)

            # Get the Content Sets
            if not self.options.no_content:
                to_print = [[item.url] for item in cert.content]
                self._print_section(_("Content Sets:"), sorted(to_print), 2, True)
            else:  # bz#1369577: print a blank line to separate subscriptions when --no-content in use
                print ""
예제 #6
0
    def build_cert(self, bundle):
        """Split a cert bundle into a EntitlementCertificate and a Key."""
        keypem = bundle['key']
        crtpem = bundle['cert']

        key = Key(keypem)
        cert = create_from_pem(crtpem)

        return (key, cert)
예제 #7
0
 def _create_rhsm_cert_from_pem(unquoted_certificate):
     try:
         rhsm_cert = certificate.create_from_pem(unquoted_certificate)
     except certificate.CertificateException:
         msg = _(
             "An error occurred while loading the client certificate data into python-rhsm."
         )
         raise PermissionError(msg)
     return rhsm_cert
예제 #8
0
    def build_cert(self, bundle):
        """Split a cert bundle into a EntitlementCertificate and a Key."""
        keypem = bundle['key']
        crtpem = bundle['cert']

        key = Key(keypem)
        cert = create_from_pem(crtpem)

        return (key, cert)
예제 #9
0
 def _get_cert(self, fn):
     if fn.endswith('.gz'):
         f = GzipFile(fn)
     else:
         f = open(fn)
     try:
         pem = f.read()
         return create_from_pem(pem)
     finally:
         f.close()
예제 #10
0
 def _get_cert(self, fn):
     if fn.endswith('.gz'):
         f = GzipFile(fn)
     else:
         f = open(fn)
     try:
         pem = f.read()
         return create_from_pem(pem)
     finally:
         f.close()
예제 #11
0
def _is_valid(cert_pem):
    '''
    validates the cert's common name as being pulp's identity

    :param cert_pem: PEM encoded client certificate sent with the request
    :type  cert_pem: string
    '''

    cert = certificate.create_from_pem(cert_pem)
    cn = cert.subject()['CN']

    return cn == IDENTITY_CN
예제 #12
0
 def _get_cert(self, filename):
     if filename.endswith('.gz'):
         f = GzipFile(filename)
     else:
         f = open(filename)
     try:
         pem = f.read()
         if type(pem) == bytes:
             pem = pem.decode('utf-8')
         cert = create_from_pem(pem)
         cert.pem = pem
         return cert
     finally:
         f.close()
예제 #13
0
 def _get_cert(self, filename):
     if filename.endswith('.gz'):
         f = GzipFile(filename)
     else:
         f = open(filename)
     try:
         pem = f.read()
         if type(pem) == bytes:
             pem = pem.decode('utf-8')
         cert = create_from_pem(pem)
         cert.pem = pem
         return cert
     finally:
         f.close()
    def _print_products(self, zip_archive):
        entitlements = zip_archive._get_entitlements()
        if len(entitlements) == 0:
            self._print_section(_("Subscriptions:"), [["None"]], 1, True)
            return

        for ent_file in entitlements:
            part = zip_archive._read_file(ent_file)
            data = json.loads(part)
            to_print = []
            to_print.append((_("Name"), get_value(data, "pool.productName")))
            to_print.append((_("Quantity"), get_value(data, "quantity")))
            to_print.append((_("Created"), get_value(data, "created")))
            to_print.append((_("Start Date"), get_value(data, "startDate")))
            to_print.append((_("End Date"), get_value(data, "endDate")))
            to_print.append((_("Service Level"), self._get_product_attribute("support_level", data)))
            to_print.append((_("Service Type"), self._get_product_attribute("support_type", data)))
            to_print.append((_("Architectures"), self._get_product_attribute("arch", data)))
            to_print.append((_("SKU"), get_value(data, "pool.productId")))
            to_print.append((_("Contract"), get_value(data, "pool.contractNumber")))
            to_print.append((_("Order"), get_value(data, "pool.orderNumber")))
            to_print.append((_("Account"), get_value(data, "pool.accountNumber")))

            entitlement_file = os.path.join("export", "entitlements", "%s.json" % data["id"])
            to_print.append((_("Entitlement File"), entitlement_file))
            #Get the certificate to get the version
            serial = data["certificates"][0]["serial"]["id"]

            cert_file = os.path.join("export", "entitlement_certificates", "%s.pem" % serial)
            to_print.append((_("Certificate File"), cert_file))

            try:
                cert = certificate.create_from_pem(zip_archive._read_file(cert_file))
            except certificate.CertificateException, ce:
                raise certificate.CertificateException(
                        _("Unable to read certificate file '%s': %s") % (cert_file,
                        ce))
            to_print.append((_("Certificate Version"), cert.version))

            self._print_section(_("Subscription:"), to_print, 1, False)

            # Get the provided Products
            to_print = [(int(pp["productId"]), pp["productName"]) for pp in data["pool"]["providedProducts"]]

            self._print_section(_("Provided Products:"), sorted(to_print), 2, False)

            # Get the Content Sets
            to_print = [[item.url] for item in cert.content]
            self._print_section(_("Content Sets:"), sorted(to_print), 2, True)
예제 #15
0
파일: app_util.py 프로젝트: yithian/crane
def _get_certificate():
    """
    Get the parsed certificate from the environment

    :rtype: rhsm.certificate2.EntitlementCertificate, or None
    """
    env = request.environ
    pem_str = env.get('SSL_CLIENT_CERT', '')
    if not pem_str:
        return None
    cert = certificate.create_from_pem(pem_str)
    # The certificate may not be an entitlement certificate in which case we also return None
    if not isinstance(cert, certificate2.EntitlementCertificate):
        return None
    return cert
예제 #16
0
def _get_certificate():
    """
    Get the parsed certificate from the environment

    :rtype: rhsm.certificate2.EntitlementCertificate, or None
    """
    env = request.environ
    pem_str = env.get('SSL_CLIENT_CERT', '')
    if not pem_str:
        return None
    cert = certificate.create_from_pem(pem_str)
    # The certificate may not be an entitlement certificate in which case we also return None
    if not isinstance(cert, certificate2.EntitlementCertificate):
        return None
    return cert
예제 #17
0
    def verify_valid_entitlement(self):
        """
        Verify that a valid entitlement was processed.

        @return: True if valid, False otherwise.
        """
        try:
            cert = create_from_pem(self.get_cert_content())
            # Don't want to check class explicitly, instead we'll look for
            # order info, which only an entitlement cert could have:
            if not hasattr(cert, 'order'):
                return False
        except CertificateException:
            return False
        ent_key = Key(self.get_key_content())
        if ent_key.bogus():
            return False
        return True
예제 #18
0
    def verify_valid_entitlement(self):
        """
        Verify that a valid entitlement was processed.

        @return: True if valid, False otherwise.
        """
        try:
            cert = create_from_pem(self.get_cert_content())
            # Don't want to check class explicitly, instead we'll look for
            # order info, which only an entitlement cert could have:
            if not hasattr(cert, 'order'):
                return False
        except CertificateException:
            return False
        ent_key = Key(self.get_key_content())
        if ent_key.bogus():
            return False
        return True
예제 #19
0
    def get_certs_for_enabled_repos(self, enabled_repos):
        """
        Find enabled repos that are providing product certificates
        """
        lst = []
        cache = self.read_productid_cache()
        if cache is None:
            cache = {}

        # skip repo's that we don't have productid info for...
        for repo in enabled_repos:
            try:
                with dnf.util.tmpdir() as tmpdir:
                    filename = self._download_productid(repo, tmpdir)
                    if filename:
                        cert = self._get_cert(filename)
                        if cert is None:
                            log.debug('Repository %s does not provide cert' %
                                      repo.id)
                            continue
                        lst.append((cert, repo.id))
                        cache[repo.id] = cert.pem
                    elif repo.id in cache and cache[repo.id] is not None:
                        cert = create_from_pem(cache[repo.id])
                        lst.append((cert, repo.id))
                    else:
                        # We have to look in all repos for productids, not just
                        # the ones we create, or anaconda doesn't install it.
                        self.meta_data_errors.append(repo.id)
            except Exception as e:
                log.warning("Error loading productid metadata for %s." % repo)
                log.exception(e)
                self.meta_data_errors.append(repo.id)

        if self.meta_data_errors:
            log.debug("Unable to load productid metadata for repos: %s",
                      self.meta_data_errors)

        if len(cache) > 0:
            self.write_productid_cache(cache)

        return lst
예제 #20
0
    def get_certs_for_enabled_repos(self, enabled_repos):
        """
        Find enabled repos that are providing product certificates
        """
        lst = []
        cache = self.read_productid_cache()
        if cache is None:
            cache = {}

        # skip repo's that we don't have productid info for...
        for repo in enabled_repos:
            try:
                with dnf.util.tmpdir() as tmpdir:
                    filename = self._download_productid(repo, tmpdir)
                    if filename:
                        cert = self._get_cert(filename)
                        if cert is None:
                            log.debug('Repository %s does not provide cert' % repo.id)
                            continue
                        lst.append((cert, repo.id))
                        cache[repo.id] = cert.pem
                    elif repo.id in cache and cache[repo.id] is not None:
                        cert = create_from_pem(cache[repo.id])
                        lst.append((cert, repo.id))
                    else:
                        # We have to look in all repos for productids, not just
                        # the ones we create, or anaconda doesn't install it.
                        self.meta_data_errors.append(repo.id)
            except Exception as e:
                log.warning("Error loading productid metadata for %s." % repo)
                log.exception(e)
                self.meta_data_errors.append(repo.id)

        if self.meta_data_errors:
            log.debug("Unable to load productid metadata for repos: %s",
                      self.meta_data_errors)

        if len(cache) > 0:
            self.write_productid_cache(cache)

        return lst
예제 #21
0
    def _check_extensions(self, cert_pem, dest, log_func, repo_url_prefixes):
        """
        Checks the requested destination path against the entitlement cert.

        :param cert_pem: certificate as PEM
        :type  cert_pem: str
        :param dest: path of desired destination
        :type  dest: str
        :param log_func: function used for logging
        :type  log_func: callable taking 1 argument of type basestring
        :param repo_url_prefixes: list of url prefixes to strip off before checking against cert
        :type  repo_url_prefixes: list of str
        :return: True iff request is authorized, else False
        :rtype:  bool
        """
        cert = certificate.create_from_pem(cert_pem)

        valid = False
        for prefix in repo_url_prefixes:
            if dest.startswith(prefix):
                # rhsm throws a ValueError if there's no leading /. Amusingly, it immediately
                # strips it off.
                repo_dest = os.path.join('/', os.path.relpath(dest, prefix))
                try:
                    valid = cert.check_path(repo_dest)
                except AttributeError:
                    # not an entitlement certificate, so no entitlements
                    log_func(
                        'The provided client certificate is not an entitlement certificate.\n'
                    )
                # if we have a valid url check, no need to continue
                if valid:
                    break

        if not valid:
            log_func('Request denied to destination [%s]' % dest)

        return valid
예제 #22
0
    def _check_extensions(self, cert_pem, dest, log_func, repo_url_prefixes):
        """
        Checks the requested destination path against the entitlement cert.

        :param cert_pem: certificate as PEM
        :type  cert_pem: str
        :param dest: path of desired destination
        :type  dest: str
        :param log_func: function used for logging
        :type  log_func: callable taking 1 argument of type basestring
        :param repo_url_prefixes: list of url prefixes to strip off before checking against cert
        :type  repo_url_prefixes: list of str
        :return: True iff request is authorized, else False
        :rtype:  bool
        """
        cert = certificate.create_from_pem(cert_pem)

        valid = False
        for prefix in repo_url_prefixes:
            if dest.startswith(prefix):
                # rhsm throws a ValueError if there's no leading /. Amusingly, it immediately
                # strips it off.
                repo_dest = os.path.join('/', os.path.relpath(dest, prefix))
                try:
                    valid = cert.check_path(repo_dest)
                except AttributeError:
                    # not an entitlement certificate, so no entitlements
                    log_func('The provided client certificate is not an entitlement certificate.\n')
                # if we have a valid url check, no need to continue
                if valid:
                    break

        if not valid:
            log_func('Request denied to destination [%s]' % dest)

        return valid
예제 #23
0
def parse_cert():
        client_cert = '''
-----BEGIN CERTIFICATE-----
MIIEyjCCArKgAwIBAgIIISy0Q9KHEoMwDQYJKoZIhvcNAQEFBQAwMzELMAkGA1UE
BhMCVVMxEjAQBgNVBAoMCVZpcnR1b3p6bzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0x
NjAxMjUwMDAwMDBaFw0xNzA5MDUwMDAwMDBaMCsxKTAnBgNVBAMTIGZmODA4MTgx
NTJlZjkxZGQwMTUyZWY5NWRlYWEwMDU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEArhqai9AEoyIhX2wevUoEtFE2YPk/XIA+TDhUnd32N6u9hNe8LM3x
JqquLpFB1VQLbbPajogIUrmm4b62e+GpGYUEJP6kyeFf4QbXuUWbkwbgft2drvFA
wEzbv/Yi2i4SuDFjAIXez49ToK9PTfl6u3BhXqetPc5i+FGYtsc86txm53F+meO2
WXhEMAVCfXnw4/7QpCsXRfN5S4n+cu46teUFlaPAzGeflnFBrpdQwQw+IsFjsWds
kKTg07OVJ0PJ4sdH61fPtROAoQtdt668yTifk56vjEztrAjA/G+NkYEZngBj8zb+
InmN+3b7Fkw3EM3QuQQsanGA7Z7gtGdh6wIDAQABo4HpMIHmMBEGCWCGSAGG+EIB
AQQEAwIFoDALBgNVHQ8EBAMCBLAwXAYDVR0jBFUwU4AUJxLzb7nZOcojBlKHPKE4
d/zgUdChN6Q1MDMxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlWaXJ0dW96em8xEDAO
BgNVBAMMB1Jvb3QgQ0GCAhABMB0GA1UdDgQWBBTJHgdTJ5WPg9c85XH3aQikHXPJ
4TATBgNVHSUEDDAKBggrBgEFBQcDAjASBgkrBgEEAZIICQYEBQwDMy4yMB4GCSsG
AQQBkggJBwQRBA942itJLS5hAAAGHgHBAmAwDQYJKoZIhvcNAQEFBQADggIBAHCz
PJgSvoaCkmuQGRFo2M5cF9IxfQ8wf9R0o9E2cbfH7hwDXUZoztlm6OhrdFJONfzO
i+i3VE2s2QkDyxV6RHFpJ4e3XoC9V5eiGI9X5xdY5d5jD+B5SjEd4WVpaRm+H6qK
eatUY1ldo9FVyMuMSWdj2J3Wzmrz16O4zpU/2gdwkYr//BsuCz6dTwsKoPK2+0FZ
EMixVZXT3osowu5huiJ42Of8arNFz85lTVXkY8X/3X/nABFU2+LfvGsXTrroy0yY
aWC7Katj5r/lnZCfy84nPT1wafyczJlZCZ37+rjlKga5Y06blLt4I36YDt42fi5w
A8CoiH/PI46bNJos2mvTd6+uzZnBh7ZR+kLI2+8eadDetsOfrqpfyUNcyCv2UFos
rJOt8K/oQuX4qidLaJscWaxcfP8rtmNEHj7tcRD4U/YhAk+oY43tyKDYh7V8ve9b
mfguLMq692DJGTgZ/v3Aq/UV1K26t+OMvpo1am+fyXLWSMeiBrTP9Sg+lT981057
NBnyV8bO1Js9FWs+yBLFh8dMVaGl4QdxMNBS+140gWkHJ349id9LMEjgwo+cVjYU
dDlq4c7RmzboDI3xccqDPJzBklp8bX1yQRx+dIcUV11ZCV6H1Nbcin6cZ+9Z+MFu
JdgBZ1ABr6Hq0KzACwFjsq6ybJOAstuqyL1SACri
-----END CERTIFICATE-----        
        '''.strip()
        
        path2check = '/test'
        cert = certificate.create_from_pem(client_cert)
        cert.check_path('/') # AttributeError: 'NoneType' object has no attribute 'value' 
        pass    
예제 #24
0
    def _check_extensions(self, cert_pem, dest, log_func, repo_url_prefixes):
        """
        Checks the requested destination path against the entitlement cert.

        :param cert_pem: certificate as PEM
        :type  cert_pem: str
        :param dest: path of desired destination
        :type  dest: str
        :param log_func: function used for logging
        :type  log_func: callable taking 1 argument of type basestring
        :param repo_url_prefixes: list of url prefixes to strip off before checking against cert
        :type  repo_url_prefixes: list of str
        :return: True iff request is authorized, else False
        :rtype:  bool
        """
        cert = certificate.create_from_pem(cert_pem)

        valid = False
        for prefix in repo_url_prefixes:
            # Extract the repo portion of the URL
            repo_dest = dest[dest.find(prefix) + len(prefix):]
            try:
                valid = cert.check_path(repo_dest)
            except AttributeError:
                # not an entitlement certificate, so no entitlements
                log_func(
                    'The provided client certificate is not an entitlement certificate.\n'
                )
            # if we have a valid url check, no need to continue
            if valid:
                break

        if not valid:
            log_func('Request denied to destination [%s]' % dest)

        return valid
예제 #25
0
 def _create_filename_from_cert_serial_number(self):
     "create from serial"
     cert_content = self.get_cert_content()
     ent_cert = create_from_pem(cert_content)
     return "%s.pem" % (ent_cert.serial)
 def test_existsandvalid(self, mock_exists, mock_read):
     mock_exists.return_value = True
     mock_read.return_value = certificate.create_from_pem(certdata.RHIC_CERT)
     testRhicCert = RhicCertificate()
     testRhicCert.cfg = StubConfig()
     self.assertTrue(testRhicCert.existsAndValid())
예제 #27
0
 def __init__(self, cert_pem):
     super(StatCertCommandStub, self).__init__()
     self._pem = cert_pem
     self._cert = create_from_pem(self._pem)
 def test_asn1_generalized_time(self):
     id_cert = create_from_pem(certdata.ASN1_GENERALIZEDTIME_CERT)
     self.assertTrue(isinstance(id_cert, IdentityCertificate))
     self.assertEqual(2016, id_cert.start.year)
     self.assertEqual(2116, id_cert.end.year)
예제 #29
0
 def setUp(self):
     self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V3_2)
예제 #30
0
 def setUp(self):
     self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V1_0)
예제 #31
0
 def test_creation(self):
     id_cert = create_from_pem(certdata.IDENTITY_CERT)
     self.assertTrue(isinstance(id_cert, IdentityCertificate))
     self.assertEquals("URI:CN=redhat.local.rm-rf.ca", id_cert.alt_name)
     self.assertEquals("0f5d4617-d913-4a0f-be61-d8a9c88e1476", id_cert.subject['CN'])
     self.assertFalse(hasattr(id_cert, 'products'))
예제 #32
0
 def setUp(self):
     self.prod_cert = create_from_pem(certdata.PRODUCT_CERT_V1_0)
 def setUp(self):
     self.ent_cert = create_from_pem(
         certdata.ENTITLEMENT_CERT_V3_2_WITH_CONTENT_ARCH)
예제 #34
0
 def __init__(self, keystring, certstring):
     self.key = keystring
     # TODO: bad variables, cert should be the certificate object, x509 is
     # used elsewhere for the rhsm._certificate object of the same name.
     self.cert = certstring
     self.x509 = create_from_pem(certstring)
예제 #35
0
 def setUp(self):
     self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V3_2_WITH_CONTENT_ARCH)
예제 #36
0
 def _create_filename_from_cert_serial_number(self):
     "create from serial"
     cert_content = self.get_cert_content()
     ent_cert = create_from_pem(cert_content)
     return "%s.pem" % (ent_cert.serial)
예제 #37
0
 def setUp(self):
     self.prod_cert = create_from_pem(certdata.PRODUCT_CERT_V1_0)
     self.ent_cert = create_from_pem(certdata.ENTITLEMENT_CERT_V1_0)
 def __init__(self, keystring, certstring):
     self.key = keystring
     self.cert = certstring
     self.x509 = create_from_pem(certstring)
예제 #39
0
3rAZrmyq2oN7JqA82PplY3XHoXVojt067Kq2Vqgj+oJtx9WZoACKX5mmU1Zsvxwy
kuPTfQDQ5JkjtS/N/Snls7A7TgOAy97v0Cp4H3UJpXwKKCV7ifd/eqcCgYEAzXq1
0xHu8Q1EYmG8IulyJ2oJFNX92kkPegHheMnFvqUHnmVFbsj8H5E+FQXNQX1aUS1K
1epDN9LlVKBtWF33WGMCFy6VK0v0MGMZGQ+vI/O01MU8d+DBy2HRKz2UPW3OWevX
9udxLASoaCD/3LCn3eeGT5ucRUw12AIQ6zEzTMMCgYEArL1BlzzHkf0gD4N3Cc4i
rYp4cls+ha8BNr9Upho0P9DP9NdkkZLWsE3pt9ldmdzfhIaZWzIhgT4FQlqwHy8C
QeOYN3wTaGB17uanBpf5gMTK3mtRoDLr6FjxwYj0iRzU0Hp/ekZDcFN+DAKgynRr
ZMxpmacE6PjIcPL+5WSNElcCgYBjjKrgipSvtlTGMUGbzGvgyo+Bx7cH9VOJMbYR
9fdWyM9rHvdHmBoGFTD1sGzj6J5EK+RQxQEx33v5xwuSv1uhN76AirH8Wv0AIFK9
gIrCqUSXvMLx9TMOnOJgx6G1LSjHCesElNaQk+UfJbWwLun1KUE5+lL4g9amQ0H9
IEYRTwKBgQCXpMJ2P0bomDQMeIou2CSGCuEMcx8NuTA9x4t6xrf6Hyv7O9K7+fr1
5aNLpomnn09oQvg9Siz+AMzVEUkkbYmiHf3lDng/RE00hW32SDLJMloJEFmQLCrV
ufxBTlg4v0B3xS1GgvATMY4hyk53o5PffmlRO03dbfpGK/rkTIPwFg==
-----END RSA PRIVATE KEY-----"""

EXPECTED_CERT = create_from_pem(EXPECTED_CERT_CONTENT)

# Used to simulate importing a valid bundle (cert+key) but when
# the cert is not actually an entitlement cert.
IDENTITY_CERT_WITH_KEY = """
-----BEGIN CERTIFICATE-----
MIIDVTCCAr6gAwIBAgIIdv1ldZ5/0IQwDQYJKoZIhvcNAQEFBQAwNjEVMBMGA1UE
AwwMMTkyLjE2OC4xLjI1MQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFsZWlnaDAe
Fw0xMjA3MzAxMzE5NTdaFw0yODA3MzAxMzE5NTdaMC8xLTArBgNVBAMTJDU2MzA4
ODU4LTZhOTMtNGFmZC04YjIyLWY1MjFhZmFlNTRiZjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJUDAlagg+Pbew+blR2S+DkDMZ81hfY3L10yalEDsXsq
NtX7eXG6eiSnsKXfZKpJXEZ1qIuW3OZEtOoBl5EWyQipBCsBufS4KKA2VbH5r8EA
gJKKXmu17pT9VH1mZ6A+eFUUAJU8CTvnNEchZLM9DZEoki4mPDiEizMPLpOzwtGp
KKaTIBWU8Fp1uO66EadjLsE/gbPSo4V1q60JE1P7qNHm07qVAM1OEKENxj4j49mr
bsiCPmVjppk+OezqwtJUseWEq/pAEYtOGJNy61l9EfFpp1HvaqdEsymjTal25j77
kMbNUIPRvOctB7ZKeoO1xThfK9Saw0RZDJqg7dxDcccCAwEAAaOB7jCB6zARBglg
예제 #40
0
 def setUp(self):
     self.prod_cert = create_from_pem(certdata.PRODUCT_CERT_V1_0)
예제 #41
0
 def get_cert(self):
     cert_content = self.get_cert_content()
     ent_cert = create_from_pem(cert_content)
     return ent_cert
예제 #42
0
 def setUp(self):
     self.ent_cert = create_from_pem(self.cert_data)
예제 #43
0
 def test_factory_method_without_ent_data(self):
     data = certdata.ENTITLEMENT_CERT_V3_0.split('-----BEGIN ENTITLEMENT DATA-----')[0]
     cert = create_from_pem(data)
     self.assertTrue(cert.content is None)
     self.assertTrue(cert.order is None)
     self.assertEqual(cert.products, [])
예제 #44
0
3rAZrmyq2oN7JqA82PplY3XHoXVojt067Kq2Vqgj+oJtx9WZoACKX5mmU1Zsvxwy
kuPTfQDQ5JkjtS/N/Snls7A7TgOAy97v0Cp4H3UJpXwKKCV7ifd/eqcCgYEAzXq1
0xHu8Q1EYmG8IulyJ2oJFNX92kkPegHheMnFvqUHnmVFbsj8H5E+FQXNQX1aUS1K
1epDN9LlVKBtWF33WGMCFy6VK0v0MGMZGQ+vI/O01MU8d+DBy2HRKz2UPW3OWevX
9udxLASoaCD/3LCn3eeGT5ucRUw12AIQ6zEzTMMCgYEArL1BlzzHkf0gD4N3Cc4i
rYp4cls+ha8BNr9Upho0P9DP9NdkkZLWsE3pt9ldmdzfhIaZWzIhgT4FQlqwHy8C
QeOYN3wTaGB17uanBpf5gMTK3mtRoDLr6FjxwYj0iRzU0Hp/ekZDcFN+DAKgynRr
ZMxpmacE6PjIcPL+5WSNElcCgYBjjKrgipSvtlTGMUGbzGvgyo+Bx7cH9VOJMbYR
9fdWyM9rHvdHmBoGFTD1sGzj6J5EK+RQxQEx33v5xwuSv1uhN76AirH8Wv0AIFK9
gIrCqUSXvMLx9TMOnOJgx6G1LSjHCesElNaQk+UfJbWwLun1KUE5+lL4g9amQ0H9
IEYRTwKBgQCXpMJ2P0bomDQMeIou2CSGCuEMcx8NuTA9x4t6xrf6Hyv7O9K7+fr1
5aNLpomnn09oQvg9Siz+AMzVEUkkbYmiHf3lDng/RE00hW32SDLJMloJEFmQLCrV
ufxBTlg4v0B3xS1GgvATMY4hyk53o5PffmlRO03dbfpGK/rkTIPwFg==
-----END RSA PRIVATE KEY-----"""

EXPECTED_CERT = create_from_pem(EXPECTED_CERT_CONTENT)

# Used to simulate importing a valid bundle (cert+key) but when
# the cert is not actually an entitlement cert.
IDENTITY_CERT_WITH_KEY = """
-----BEGIN CERTIFICATE-----
MIIDVTCCAr6gAwIBAgIIdv1ldZ5/0IQwDQYJKoZIhvcNAQEFBQAwNjEVMBMGA1UE
AwwMMTkyLjE2OC4xLjI1MQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFsZWlnaDAe
Fw0xMjA3MzAxMzE5NTdaFw0yODA3MzAxMzE5NTdaMC8xLTArBgNVBAMTJDU2MzA4
ODU4LTZhOTMtNGFmZC04YjIyLWY1MjFhZmFlNTRiZjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJUDAlagg+Pbew+blR2S+DkDMZ81hfY3L10yalEDsXsq
NtX7eXG6eiSnsKXfZKpJXEZ1qIuW3OZEtOoBl5EWyQipBCsBufS4KKA2VbH5r8EA
gJKKXmu17pT9VH1mZ6A+eFUUAJU8CTvnNEchZLM9DZEoki4mPDiEizMPLpOzwtGp
KKaTIBWU8Fp1uO66EadjLsE/gbPSo4V1q60JE1P7qNHm07qVAM1OEKENxj4j49mr
bsiCPmVjppk+OezqwtJUseWEq/pAEYtOGJNy61l9EfFpp1HvaqdEsymjTal25j77
kMbNUIPRvOctB7ZKeoO1xThfK9Saw0RZDJqg7dxDcccCAwEAAaOB7jCB6zARBglg
예제 #45
0
 def __init__(self, keystring, certstring):
     self.key = keystring
     # TODO: bad variables, cert should be the certificate object, x509 is
     # used elsewhere for the m2crypto object of the same name.
     self.cert = certstring
     self.x509 = create_from_pem(certstring)
예제 #46
0
    def _print_products(self, zip_archive):
        entitlements = zip_archive._get_entitlements()
        if len(entitlements) == 0:
            self._print_section(_("Subscriptions:"), [["None"]], 1, True)
            return

        for ent_file in entitlements:
            part = zip_archive._read_file(ent_file)
            data = json.loads(part)
            to_print = []
            to_print.append((_("Name"), get_value(data, "pool.productName")))
            to_print.append((_("Quantity"), get_value(data, "quantity")))
            to_print.append((_("Created"), get_value(data, "created")))
            to_print.append((_("Start Date"), get_value(data, "startDate")))
            to_print.append((_("End Date"), get_value(data, "endDate")))
            to_print.append(
                (_("Service Level"),
                 self._get_product_attribute("support_level", data)))
            to_print.append((_("Service Type"),
                             self._get_product_attribute("support_type",
                                                         data)))
            to_print.append(
                (_("Architectures"), self._get_product_attribute("arch",
                                                                 data)))
            to_print.append((_("SKU"), get_value(data, "pool.productId")))
            to_print.append(
                (_("Contract"), get_value(data, "pool.contractNumber")))
            to_print.append((_("Order"), get_value(data, "pool.orderNumber")))
            to_print.append((_("Account"), get_value(data,
                                                     "pool.accountNumber")))
            virt_limit = self._get_product_attribute("virt_limit", data)
            to_print.append((_("Virt Limit"), virt_limit))
            require_virt_who = False
            if virt_limit:
                require_virt_who = True
            to_print.append((_("Requires Virt-who"), require_virt_who))

            entitlement_file = os.path.join("export", "entitlements",
                                            "%s.json" % data["id"])
            to_print.append((_("Entitlement File"), entitlement_file))
            #Get the certificate to get the version
            serial = data["certificates"][0]["serial"]["id"]

            cert_file = os.path.join("export", "entitlement_certificates",
                                     "%s.pem" % serial)
            to_print.append((_("Certificate File"), cert_file))

            try:
                cert = certificate.create_from_pem(
                    zip_archive._read_file(cert_file).decode('utf-8'))
            except certificate.CertificateException as ce:
                raise certificate.CertificateException(
                    _("Unable to read certificate file '%s': %s") %
                    (cert_file, ce))
            to_print.append((_("Certificate Version"), cert.version))

            self._print_section(_("Subscription:"), to_print, 1, False)

            # Get the provided Products
            to_print = [(int(pp["productId"]), pp["productName"])
                        for pp in data["pool"]["providedProducts"]]

            self._print_section(_("Provided Products:"), sorted(to_print), 2,
                                False)

            # Get the derived provided Products (if available)
            if "derivedProvidedProducts" in data["pool"]:
                to_print = [(int(pp["productId"]), pp["productName"])
                            for pp in data["pool"]["derivedProvidedProducts"]]
                self._print_section(_("Derived Products:"), sorted(to_print),
                                    2, False)

            # Get the Content Sets
            if not self.options.no_content:
                to_print = [[item.url] for item in cert.content]
                self._print_section(_("Content Sets:"), sorted(to_print), 2,
                                    True)
            else:  # bz#1369577: print a blank line to separate subscriptions when --no-content in use
                print("")
예제 #47
0
 def test_default_version(self):
     id_cert = create_from_pem(certdata.IDENTITY_CERT)
     self.assertTrue(isinstance(id_cert, IdentityCertificate))
     self.assertEquals('1.0', str(id_cert.version))
3rAZrmyq2oN7JqA82PplY3XHoXVojt067Kq2Vqgj+oJtx9WZoACKX5mmU1Zsvxwy
kuPTfQDQ5JkjtS/N/Snls7A7TgOAy97v0Cp4H3UJpXwKKCV7ifd/eqcCgYEAzXq1
0xHu8Q1EYmG8IulyJ2oJFNX92kkPegHheMnFvqUHnmVFbsj8H5E+FQXNQX1aUS1K
1epDN9LlVKBtWF33WGMCFy6VK0v0MGMZGQ+vI/O01MU8d+DBy2HRKz2UPW3OWevX
9udxLASoaCD/3LCn3eeGT5ucRUw12AIQ6zEzTMMCgYEArL1BlzzHkf0gD4N3Cc4i
rYp4cls+ha8BNr9Upho0P9DP9NdkkZLWsE3pt9ldmdzfhIaZWzIhgT4FQlqwHy8C
QeOYN3wTaGB17uanBpf5gMTK3mtRoDLr6FjxwYj0iRzU0Hp/ekZDcFN+DAKgynRr
ZMxpmacE6PjIcPL+5WSNElcCgYBjjKrgipSvtlTGMUGbzGvgyo+Bx7cH9VOJMbYR
9fdWyM9rHvdHmBoGFTD1sGzj6J5EK+RQxQEx33v5xwuSv1uhN76AirH8Wv0AIFK9
gIrCqUSXvMLx9TMOnOJgx6G1LSjHCesElNaQk+UfJbWwLun1KUE5+lL4g9amQ0H9
IEYRTwKBgQCXpMJ2P0bomDQMeIou2CSGCuEMcx8NuTA9x4t6xrf6Hyv7O9K7+fr1
5aNLpomnn09oQvg9Siz+AMzVEUkkbYmiHf3lDng/RE00hW32SDLJMloJEFmQLCrV
ufxBTlg4v0B3xS1GgvATMY4hyk53o5PffmlRO03dbfpGK/rkTIPwFg==
-----END RSA PRIVATE KEY-----"""

EXPECTED_CERT = create_from_pem(EXPECTED_CERT_CONTENT)

# Used to simulate importing a valid bundle (cert+key) but when
# the cert is not actually an entitlement cert.
IDENTITY_CERT_WITH_KEY = """
-----BEGIN CERTIFICATE-----
MIIDVTCCAr6gAwIBAgIIdv1ldZ5/0IQwDQYJKoZIhvcNAQEFBQAwNjEVMBMGA1UE
AwwMMTkyLjE2OC4xLjI1MQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFsZWlnaDAe
Fw0xMjA3MzAxMzE5NTdaFw0yODA3MzAxMzE5NTdaMC8xLTArBgNVBAMTJDU2MzA4
ODU4LTZhOTMtNGFmZC04YjIyLWY1MjFhZmFlNTRiZjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJUDAlagg+Pbew+blR2S+DkDMZ81hfY3L10yalEDsXsq
NtX7eXG6eiSnsKXfZKpJXEZ1qIuW3OZEtOoBl5EWyQipBCsBufS4KKA2VbH5r8EA
gJKKXmu17pT9VH1mZ6A+eFUUAJU8CTvnNEchZLM9DZEoki4mPDiEizMPLpOzwtGp
KKaTIBWU8Fp1uO66EadjLsE/gbPSo4V1q60JE1P7qNHm07qVAM1OEKENxj4j49mr
bsiCPmVjppk+OezqwtJUseWEq/pAEYtOGJNy61l9EfFpp1HvaqdEsymjTal25j77
kMbNUIPRvOctB7ZKeoO1xThfK9Saw0RZDJqg7dxDcccCAwEAAaOB7jCB6zARBglg
 def __init__(self, cert_pem):
     super(StatCertCommandStub, self).__init__()
     self._pem = cert_pem
     self._cert = create_from_pem(self._pem)
예제 #50
0
 def test_default_version(self):
     id_cert = create_from_pem(certdata.IDENTITY_CERT)
     self.assertTrue(isinstance(id_cert, IdentityCertificate))
     self.assertEquals('1.0', str(id_cert.version))
 def __init__(self, cert_pem):
     CatCertCommand.__init__(self)
     self.cert = create_from_pem(cert_pem)
예제 #52
0
 def __init__(self, cert_pem):
     CatCertCommand.__init__(self)
     self.cert = create_from_pem(cert_pem)
                RhicCertificate.move()
                sys.exit(-1)
            else:
                raise
        except connection.RemoteServerException, e:
            if e.code == 404:
                print _("RHIC was not found by upstream server. See rhsm.log for more detail.")
                RhicCertificate.move()
                sys.exit(-1)
            else:
                raise

        if certs:
            try:
                writer = Writer()
                cert = certificate.create_from_pem(certs['cert'])
                key = certificate.Key(certs['key'])
                writer.write(key, cert)
            except:
                raise

        rhiclib.cleanExpiredCerts(ProductDirectory(), EntitlementDirectory(), facts.to_dict())

        sys.exit(0)

    if not ConsumerIdentity.existsAndValid():
        log.error('Either the consumer is not registered or the certificates' +
                  ' are corrupted. Certificate update using daemon failed.')
        sys.exit(-1)
    print _('Updating entitlement certificates & repositories')
예제 #54
0
 def get_cert(self):
     cert_content = self.get_cert_content()
     ent_cert = create_from_pem(cert_content)
     return ent_cert
 def setUp(self):
     self.ent_cert = create_from_pem(self.cert_data)