def process_checkin(self, bundle, skip_errors, **kwargs): if not bundle.data.has_key("products"): raise BadRequest("Missing 'products'") if not bundle.data.has_key("consumer_identifier"): raise BadRequest("Missing 'consumer_identifier'") if not bundle.data.has_key("system_facts"): raise BadRequest("Missing 'system_facts'") minutes = None if bundle.data.has_key("minutes"): try: minutes = int(bundle.data["minutes"]) if minutes < 1: raise BadRequest("'minutes' with value of '%s' is less than 1" % (minutes)) except: raise BadRequest("Unable to convert 'minutes' with value of '%s' to an integer" % (bundle.data["minutes"])) # Read the SSL identity certificate from the SSL request environment variables identity_cert = certs.get_client_cert_from_request(self.current_request) #_LOG.info("Using 'identity_cert': %s" % (identity_cert)) products = bundle.data["products"] consumer_identifier = bundle.data["consumer_identifier"] system_facts = bundle.data["system_facts"] checkin = CheckIn() bundle.obj = Entitlement() cert_info, ent_call_time = checkin.get_entitlement_certificate(identity_cert, consumer_identifier, system_facts, products, cert_length_in_min=minutes) bundle.obj.certs = cert_info # Setting time of last entitlement call, to be inserted in response header later in processing self.last_entitlement_call_length = ent_call_time return bundle
def get_identifier(self, request): """ Return the UUID and Account number embedded in the certificate @param request: @return: (CN, O) corresponds to CN being the UUID of the certificate and O being the account number """ x509_cert_from_request = get_client_cert_from_request(request) return get_identifier_from_cert(x509_cert_from_request)
def is_authenticated(self, request, **kwargs): """ Verify that the SSL client certificate used to form this SSL Connection has been signed by the configured CA. @param request: @type django.http.HttpRequest @param kwargs: @return: """ x509_cert_from_request = get_client_cert_from_request(request) if x509_cert_from_request: if self.cert_utils.validate_certificate(x509_cert_from_request, self.verification_ca): return True return False
def is_authenticated(self, request, **kwargs): """ Verify that the SSL client certificate used to form this SSL Connection has been signed by the configured CA. @param request: @type django.http.HttpRequest @param kwargs: @return: """ x509_cert_from_request = get_client_cert_from_request(request) if x509_cert_from_request: if self.cert_utils.validate_certificate(x509_cert_from_request, self.verification_ca): return True return HttpResponse( content="Unable to verify SSL client's identity certificate was signed by configured CA", status=httplib.UNAUTHORIZED)
def is_authorized(self, request, object=None): x509_cert_from_request = get_client_cert_from_request(request) identity_uuid, identity_account = get_identifier_from_cert(x509_cert_from_request) if not identity_uuid: return False return True
def test_get_identifier_from_cert(self): req = self.request_factory.request(SSL_CLIENT_CERT=self.valid_identity_cert_pem) client_cert = certs.get_client_cert_from_request(req) CN, O = certs.get_identifier_from_cert(client_cert) self.assertEqual(CN, self.expected_valid_identity_uuid) self.assertEqual(O, self.expected_valid_account_num)
def test_get_client_cert_from_request(self): req = self.request_factory.request(SSL_CLIENT_CERT=self.valid_identity_cert_pem) client_cert = certs.get_client_cert_from_request(req) self.assertEqual(client_cert, self.valid_identity_cert_pem)