def check_consumer_cert_no_user(cert_pem):
# TODO document me
cert = Certificate(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if encoded_user is None:
return None
if not verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
return encoded_user
def check_consumer_cert(cert_pem):
# TODO document me
cert = Certificate(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if encoded_user is None:
return None
if not verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
user = check_username_password(encoded_user)
if user is None or consumer_users_role not in user['roles']:
return None
return user
def test_generation(self):
# Setup
cid = "foobarbaz"
# Test
pk, x509_pem = cert_generator.make_cert(cid, 7)
# Verify
self.assertTrue(pk is not None)
self.assertTrue(x509_pem is not None)
cert = Certificate(content=x509_pem)
subject = cert.subject()
consumer_cert_uid = subject.get('CN', None)
self.assertEqual(cid, consumer_cert_uid)
def test_get(self):
# Setup
user_manager = UserManager()
user = user_manager.find_by_login(login='******')
# Test
status, body = self.post('/v2/actions/login/')
# Verify
self.assertEqual(200, status)
certificate = Certificate(content=str(body))
cn = certificate.subject()['CN']
username, id = cert_generator.decode_admin_user(cn)
self.assertEqual(username, user['login'])
self.assertEqual(id, user['id'])
def test_generate_user_certificate(self):
# Setup
user_manager = UserManager()
# TODO: Fix this when UserManager can create users
admin_user = user_manager.create_user('test-admin')
principal.set_principal(admin_user) # pretend the user is logged in
# Test
cert = self.manager.generate_user_certificate()
# Verify
self.assertTrue(cert is not None)
certificate = Certificate(content=cert)
cn = certificate.subject()['CN']
username, id = cert_generator.decode_admin_user(cn)
self.assertEqual(username, admin_user['login'])
self.assertEqual(id, admin_user['id'])
def check_user_cert(cert_pem):
"""
Check a client ssl certificate.
Return None if the certificate is not valid
@type cert_pem: str
@param cert_pem: pem encoded ssl certificate
@rtype: L{pulp.server.db.model.User} instance or None
@return: user corresponding to the credentials
"""
cert = Certificate(content=cert_pem)
subject = cert.subject()
encoded_user = subject.get('CN', None)
if not encoded_user:
return None
if not verify_cert(cert_pem):
_log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
encoded_user)
return None
try:
username, id = cert_generator.decode_admin_user(encoded_user)
except PulpException:
return None
return check_username_password(username)
