Exemplo n.º 1
0
    def get(self, environ, url):
        """Makes a HTTP request to the specified URL using the certificate
        obtained from the WSGI environ.
        @type environ: dict
        @param environ: WSGI environ
        @type url: basestring
        @param url: URL of resource to request
        @rtype: basestring
        @return: response from HTTP request
        """
        current_token = environ.get(self.token_env_key)
        if current_token:
            log.debug("Token ID: %s", current_token)
        else:
            log.debug("No token found with environ key: %s",
                      self.token_env_key)

        if self.token != current_token or not self.user_ssl_context:
            log.debug("Certificate request needed")
            if current_token:
                self.token = current_token
                # Get credential.
                log.debug("Making certificate request")
                (private_key,
                 certificate) = certificate_request.request_certificate(
                     self.token, self.resource_server_url,
                     self.client_ssl_config,
                     self.certificate_request_parameter)

                # Create SSL context using the resource owner's delegated
                # credential.
                self.user_ssl_context = ssl_context_util.make_ssl_context(
                    None, None, self.ca_cert_file, self.ca_dir, True)

                clientKey = crypto.load_privatekey(crypto.FILETYPE_PEM,
                                                   private_key)
                clientCert = crypto.load_certificate(crypto.FILETYPE_PEM,
                                                     certificate)

                self.user_ssl_context.use_privatekey(clientKey)
                self.user_ssl_context.use_certificate(clientCert)
                log.debug("Created new SSL context")
            else:
                log.warn("Certificate needed but no token available")

        config = httpsclientutils.Configuration(self.user_ssl_context, True)
        log.debug("Making request to URL: %s", url)
        response = httpsclientutils.fetch_from_url(url, config)

        return response
Exemplo n.º 2
0
    def __call__(self, environ, start_response):
        """
        @param environ: WSGI environment
        @type environ: dict
        @param start_response: WSGI start response function
        @type start_response: 
        @return: WSGI response
        @rtype: iterable
        """
        log.debug("CertificateRequestMiddleware.__call__ ...")

        req = Request(environ)
        log.debug("Request url: %s", req.url)
        log.debug("Request host_url: %s", req.host_url)
        log.debug("Request application_url: %s", req.application_url)

        # Get session.
        session = environ.get(self.session_env_key)
        if session is None:
            raise Exception(
                'CertificateRequestMiddleware.__call__: No beaker session key '
                '"%s" found in environ' % self.session_env_key)

        # Determine whether a certificate is stored in the session already.
        key_cert = None
        if self.__class__.CERTIFICATE_SESSION_KEY_OPTION in session:
            key_cert = session[self.__class__.CERTIFICATE_SESSION_KEY_OPTION]
        else:
            # If not, and an access token has been obtained, request a
            # certificate.
            client = Oauth2Client.get_client_instance(session, None,
                                                      create=False)
            if client and client.access_token:
                key_cert = certificate_request.request_certificate(
                                            client.access_token,
                                            self.resource_server_url,
                                            self.ssl_config,
                                            self.certificate_request_parameter)
                session[self.__class__.CERTIFICATE_SESSION_KEY_OPTION
                                                                    ] = key_cert
                # Make certificate available in the session immediately.
                session.save()
                session.persist()

        if key_cert:
            environ[self.certificate_env_key] = key_cert

        app_iter = self._app(environ, start_response)
        return app_iter
    def get(self, environ, url):
        """Makes a HTTP request to the specified URL using the certificate
        obtained from the WSGI environ.
        @type environ: dict
        @param environ: WSGI environ
        @type url: basestring
        @param url: URL of resource to request
        @rtype: basestring
        @return: response from HTTP request
        """
        current_token = environ.get(self.token_env_key)
        if current_token:
            log.debug("Token ID: %s", current_token)
        else:
            log.debug("No token found with environ key: %s", self.token_env_key)

        if self.token != current_token or not self.user_ssl_context:
            log.debug("Certificate request needed")
            if current_token:
                self.token = current_token
                # Get credential.
                log.debug("Making certificate request")
                (private_key, certificate) = certificate_request.request_certificate(
                    self.token, self.resource_server_url, self.client_ssl_config, self.certificate_request_parameter
                )

                # Create SSL context using the resource owner's delegated
                # credential.
                self.user_ssl_context = ssl_context_util.make_ssl_context(
                    None, None, self.ca_cert_file, self.ca_dir, True
                )

                clientKey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key)
                clientCert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)

                self.user_ssl_context.use_privatekey(clientKey)
                self.user_ssl_context.use_certificate(clientCert)
                log.debug("Created new SSL context")
            else:
                log.warn("Certificate needed but no token available")

        config = httpsclientutils.Configuration(self.user_ssl_context, True)
        log.debug("Making request to URL: %s", url)
        response = httpsclientutils.fetch_from_url(url, config)

        return response
Exemplo n.º 4
0
    def get_resource(self, environ, start_response):
        response = [
            "<h2>ndg_oauth WSGI Test Application: get secured resource</h2>"
        ]

        token = environ.get(self.token_env_key)
        if not token:
            response.append('<p>No OAuth token found.</p>')
        else:
            log.debug("Token found; %s" % token)
            try:
                (private_key,
                 certificate) = certificate_request.request_certificate(
                    token, self.resource_url, self.ssl_config,
                    self.certificate_request_parameter)
            except Exception, exc:
                response.append('<p>Exception obtaining certificate from OAuth '
                                'server: %s</p>' % exc)
            else:
Exemplo n.º 5
0
    def get_resource(self, environ, start_response):
        response = [
            "<h2>ndg_oauth WSGI Test Application: get secured resource</h2>"
        ]

        token = environ.get(self.token_env_key)
        if not token:
            response.append('<p>No OAuth token found.</p>')
        else:
            log.debug("Token found; %s" % token)
            try:
                (private_key,
                 certificate) = certificate_request.request_certificate(
                     token, self.resource_url, self.ssl_config,
                     self.certificate_request_parameter)
            except Exception, exc:
                response.append(
                    '<p>Exception obtaining certificate from OAuth '
                    'server: %s</p>' % exc)
            else: