def get(self, environ, url):
"""Makes a HTTP request to the specified URL using the certificate
obtained from the WSGI environ.
@type environ: dict
@param environ: WSGI environ
@type url: basestring
@param url: URL of resource to request
@rtype: basestring
@return: response from HTTP request
"""
current_token = environ.get(self.token_env_key)
if current_token:
log.debug("Token ID: %s", current_token)
else:
log.debug("No token found with environ key: %s",
self.token_env_key)
if self.token != current_token or not self.user_ssl_context:
log.debug("Certificate request needed")
if current_token:
self.token = current_token
# Get credential.
log.debug("Making certificate request")
(private_key,
certificate) = certificate_request.request_certificate(
self.token, self.resource_server_url,
self.client_ssl_config,
self.certificate_request_parameter)
# Create SSL context using the resource owner's delegated
# credential.
self.user_ssl_context = ssl_context_util.make_ssl_context(
None, None, self.ca_cert_file, self.ca_dir, True)
clientKey = crypto.load_privatekey(crypto.FILETYPE_PEM,
private_key)
clientCert = crypto.load_certificate(crypto.FILETYPE_PEM,
certificate)
self.user_ssl_context.use_privatekey(clientKey)
self.user_ssl_context.use_certificate(clientCert)
log.debug("Created new SSL context")
else:
log.warn("Certificate needed but no token available")
config = httpsclientutils.Configuration(self.user_ssl_context, True)
log.debug("Making request to URL: %s", url)
response = httpsclientutils.fetch_from_url(url, config)
return response
def __call__(self, environ, start_response):
"""
@param environ: WSGI environment
@type environ: dict
@param start_response: WSGI start response function
@type start_response:
@return: WSGI response
@rtype: iterable
"""
log.debug("CertificateRequestMiddleware.__call__ ...")
req = Request(environ)
log.debug("Request url: %s", req.url)
log.debug("Request host_url: %s", req.host_url)
log.debug("Request application_url: %s", req.application_url)
# Get session.
session = environ.get(self.session_env_key)
if session is None:
raise Exception(
'CertificateRequestMiddleware.__call__: No beaker session key '
'"%s" found in environ' % self.session_env_key)
# Determine whether a certificate is stored in the session already.
key_cert = None
if self.__class__.CERTIFICATE_SESSION_KEY_OPTION in session:
key_cert = session[self.__class__.CERTIFICATE_SESSION_KEY_OPTION]
else:
# If not, and an access token has been obtained, request a
# certificate.
client = Oauth2Client.get_client_instance(session, None,
create=False)
if client and client.access_token:
key_cert = certificate_request.request_certificate(
client.access_token,
self.resource_server_url,
self.ssl_config,
self.certificate_request_parameter)
session[self.__class__.CERTIFICATE_SESSION_KEY_OPTION
] = key_cert
# Make certificate available in the session immediately.
session.save()
session.persist()
if key_cert:
environ[self.certificate_env_key] = key_cert
app_iter = self._app(environ, start_response)
return app_iter
def get(self, environ, url):
"""Makes a HTTP request to the specified URL using the certificate
obtained from the WSGI environ.
@type environ: dict
@param environ: WSGI environ
@type url: basestring
@param url: URL of resource to request
@rtype: basestring
@return: response from HTTP request
"""
current_token = environ.get(self.token_env_key)
if current_token:
log.debug("Token ID: %s", current_token)
else:
log.debug("No token found with environ key: %s", self.token_env_key)
if self.token != current_token or not self.user_ssl_context:
log.debug("Certificate request needed")
if current_token:
self.token = current_token
# Get credential.
log.debug("Making certificate request")
(private_key, certificate) = certificate_request.request_certificate(
self.token, self.resource_server_url, self.client_ssl_config, self.certificate_request_parameter
)
# Create SSL context using the resource owner's delegated
# credential.
self.user_ssl_context = ssl_context_util.make_ssl_context(
None, None, self.ca_cert_file, self.ca_dir, True
)
clientKey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key)
clientCert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.user_ssl_context.use_privatekey(clientKey)
self.user_ssl_context.use_certificate(clientCert)
log.debug("Created new SSL context")
else:
log.warn("Certificate needed but no token available")
config = httpsclientutils.Configuration(self.user_ssl_context, True)
log.debug("Making request to URL: %s", url)
response = httpsclientutils.fetch_from_url(url, config)
return response
def get_resource(self, environ, start_response):
response = [
"<h2>ndg_oauth WSGI Test Application: get secured resource</h2>"
]
token = environ.get(self.token_env_key)
if not token:
response.append('<p>No OAuth token found.</p>')
else:
log.debug("Token found; %s" % token)
try:
(private_key,
certificate) = certificate_request.request_certificate(
token, self.resource_url, self.ssl_config,
self.certificate_request_parameter)
except Exception, exc:
response.append('<p>Exception obtaining certificate from OAuth '
'server: %s</p>' % exc)
else:
def get_resource(self, environ, start_response):
response = [
"<h2>ndg_oauth WSGI Test Application: get secured resource</h2>"
]
token = environ.get(self.token_env_key)
if not token:
response.append('<p>No OAuth token found.</p>')
else:
log.debug("Token found; %s" % token)
try:
(private_key,
certificate) = certificate_request.request_certificate(
token, self.resource_url, self.ssl_config,
self.certificate_request_parameter)
except Exception, exc:
response.append(
'<p>Exception obtaining certificate from OAuth '
'server: %s</p>' % exc)
else: