def test_match_negative(self):
self.assertFalse(self.oid.match(OID("1.2.3.4.5.9.7")))
self.assertFalse(self.oid.match(OID("1.2.4.")))
self.assertFalse(self.oid.match(OID("1.*.4.")))
# * matches only one item
self.assertFalse(self.oid.match(OID("1.*")))
# Not an OID
self.assertFalse(self.oid.match("1.2.3.4.5.6.7"))
def _read_x509(self, x509, path, pem):
if not x509:
if path is not None:
raise CertificateException("Error loading certificate: %s" %
path)
elif pem is not None:
raise CertificateException(
"Error loading certificate from string: %s" % pem)
else:
raise CertificateException(
"Error: none certificate data offered")
# Load the X509 extensions so we can determine what we're dealing with:
try:
extensions = _Extensions2(x509)
redhat_oid = OID(REDHAT_OID_NAMESPACE)
# Trim down to only the extensions in the Red Hat namespace:
extensions = extensions.branch(redhat_oid)
# Check the certificate version, absence of the extension implies v1.0:
cert_version_str = "1.0"
if EXT_CERT_VERSION in extensions:
cert_version_str = extensions[EXT_CERT_VERSION].decode('utf-8')
version = Version(cert_version_str)
if version.major == 1:
return self._create_v1_cert(version, extensions, x509, path)
if version.major == 3:
return self._create_v3_cert(version, extensions, x509, path,
pem)
except CertificateException as e:
raise e
except Exception as e:
log.exception(e)
raise CertificateException(str(e))
def test_match_positive(self):
self.assertTrue(self.oid.match(OID("1.2.3.4.5.6.7")))
self.assertTrue(self.oid.match(OID("1.")))
self.assertTrue(self.oid.match(OID("1.2.3.")))
self.assertTrue(self.oid.match(OID("1.*.3.4.5.6.7")))
self.assertTrue(self.oid.match(OID("1.*.3.4.*.6.*")))
self.assertTrue(self.oid.match(OID(".*")))
self.assertTrue(self.oid.match(OID(".5.6.7")))
self.assertTrue(self.oid.match(OID(".7")))
def _parse(self, x509):
"""
Override parent method for an X509 object from the new C wrapper.
"""
extensions = x509.get_all_extensions()
for (key, value) in list(extensions.items()):
oid = OID(key)
self[oid] = value
def _check_v1_path(self, path):
"""
Check the requested path against a v1 certificate
:param path: requested path
:type path: basestring
:return: True iff the path matches, else False
:rtype: bool
"""
path = path.strip('/')
valid = False
for ext_oid, oid_url in self.extensions.iteritems():
# if this is a download URL
if ext_oid.match(OID('2.')) and ext_oid.match(OID('.1.6')):
if self._validate_v1_url(oid_url, path):
valid = True
break
return valid
def _check_v1_path(self, path):
"""
Check the requested path against a v1 certificate
:param path: requested path
:type path: basestring
:return: True iff the path matches, else False
:rtype: bool
"""
path = path.strip("/")
valid = False
for ext_oid, oid_url in list(self.extensions.items()):
oid_url = oid_url.decode("utf-8")
# if this is a download URL
if ext_oid.match(OID("2.")) and ext_oid.match(OID(".1.6")):
if self._validate_v1_url(oid_url, path):
valid = True
break
return valid
def _read_x509(self, x509, path, pem):
if not x509:
raise CertificateException("Error loading certificate")
# Load the X509 extensions so we can determine what we're dealing with:
try:
extensions = _Extensions2(x509)
redhat_oid = OID(REDHAT_OID_NAMESPACE)
# Trim down to only the extensions in the Red Hat namespace:
extensions = extensions.ltrim(len(redhat_oid))
# Check the certificate version, absence of the extension implies v1.0:
cert_version_str = "1.0"
if EXT_CERT_VERSION in extensions:
cert_version_str = extensions[EXT_CERT_VERSION]
version = Version(cert_version_str)
if version.major == 1:
return self._create_v1_cert(version, extensions, x509, path)
if version.major == 3:
return self._create_v3_cert(version, extensions, x509, path, pem)
except CertificateException, e:
raise e
class OIDTests(unittest.TestCase):
def setUp(self):
self.oid = OID("1.2.3.4.5.6.7")
def test_length(self):
self.assertEquals(7, len(self.oid))
def test_match_positive(self):
self.assertTrue(self.oid.match(OID("1.2.3.4.5.6.7")))
self.assertTrue(self.oid.match(OID("1.")))
self.assertTrue(self.oid.match(OID("1.2.3.")))
self.assertTrue(self.oid.match(OID("1.*.3.4.5.6.7")))
self.assertTrue(self.oid.match(OID("1.*.3.4.*.6.*")))
self.assertTrue(self.oid.match(OID(".*")))
self.assertTrue(self.oid.match(OID(".5.6.7")))
self.assertTrue(self.oid.match(OID(".7")))
def test_match_negative(self):
self.assertFalse(self.oid.match(OID("1.2.3.4.5.9.7")))
self.assertFalse(self.oid.match(OID("1.2.4.")))
self.assertFalse(self.oid.match(OID("1.*.4.")))
# * matches only one item
self.assertFalse(self.oid.match(OID("1.*")))
# Not an OID
self.assertFalse(self.oid.match("1.2.3.4.5.6.7"))
def setUp(self):
self.oid = OID("1.2.3.4.5.6.7")
def setUp(self):
self.oid = OID("1.2.3.4.5.6.7")
class OIDTests(unittest.TestCase):
def setUp(self):
self.oid = OID("1.2.3.4.5.6.7")
def test_length(self):
self.assertEqual(7, len(self.oid))
def test_match_positive(self):
self.assertTrue(self.oid.match(OID("1.2.3.4.5.6.7")))
self.assertTrue(self.oid.match(OID("1.")))
self.assertTrue(self.oid.match(OID("1.2.3.")))
self.assertTrue(self.oid.match(OID("1.*.3.4.5.6.7")))
self.assertTrue(self.oid.match(OID("1.*.3.4.*.6.*")))
self.assertTrue(self.oid.match(OID(".*")))
self.assertTrue(self.oid.match(OID(".5.6.7")))
self.assertTrue(self.oid.match(OID(".7")))
def test_match_negative(self):
self.assertFalse(self.oid.match(OID("1.2.3.4.5.9.7")))
self.assertFalse(self.oid.match(OID("1.2.4.")))
self.assertFalse(self.oid.match(OID("1.*.4.")))
# * matches only one item
self.assertFalse(self.oid.match(OID("1.*")))
# Not an OID
self.assertFalse(self.oid.match("1.2.3.4.5.6.7"))