Пример #1
0
    def test_verify(self):
        # Test
        valid_result = cert_generator.verify_cert(VALID_CERT)
        self.assertTrue(valid_result)

        invalid_result = cert_generator.verify_cert(INVALID_CERT)
        self.assertTrue(not invalid_result)
Пример #2
0
def check_consumer_cert_no_user(cert_pem):
    # TODO document me
    cert = Certificate(content=cert_pem)
    subject = cert.subject()
    encoded_user = subject.get('CN', None)
    if encoded_user is None:
        return None
    if not verify_cert(cert_pem):
        _log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
                   encoded_user)
        return None
    return encoded_user
Пример #3
0
def check_consumer_cert(cert_pem):
    # TODO document me
    cert = Certificate(content=cert_pem)
    subject = cert.subject()
    encoded_user = subject.get('CN', None)
    if encoded_user is None:
        return None
    if not verify_cert(cert_pem):
        _log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
                   encoded_user)
        return None
    user = check_username_password(encoded_user)
    if user is None or consumer_users_role not in user['roles']:
        return None
    return user
Пример #4
0
def check_user_cert(cert_pem):
    """
    Check a client ssl certificate.
    Return None if the certificate is not valid
    @type cert_pem: str
    @param cert_pem: pem encoded ssl certificate
    @rtype: L{pulp.server.db.model.User} instance or None
    @return: user corresponding to the credentials
    """
    cert = Certificate(content=cert_pem)
    subject = cert.subject()
    encoded_user = subject.get('CN', None)
    if not encoded_user:
        return None
    if not verify_cert(cert_pem):
        _log.error('Auth certificate with CN [%s] is signed by a foreign CA' %
                   encoded_user)
        return None
    try:
        username, id = cert_generator.decode_admin_user(encoded_user)
    except PulpException:
        return None
    return check_username_password(username)