示例#1
0
    def creer_compte(self, cert: EnveloppeCleCert):
        issuer = cert.formatter_issuer()
        idmg = issuer['organizationName']
        nom_compte = cert.subject_rfc4514_string_mq()
        commande = {
            'createUser': nom_compte,
            'roles': [{
                'role': 'readWrite',
                'db': idmg,
            }]
        }

        self.__logger.debug("Creation compte Mongo : %s", commande)

        document_dao = self.__connexion.document_dao
        external_db = document_dao.get_database('$external')
        external_db.command(commande)
示例#2
0
    def ajouter_compte(self, enveloppe: EnveloppeCleCert):
        issuer = enveloppe.formatter_issuer()
        idmg = issuer['organizationName']

        subject = enveloppe.subject_rfc4514_string_mq()

        try:
            self.ajouter_exchanges(idmg)

            # Charger exchanges immediatement - un certificat sans exchanges ne peut pas acceder a mongo/mq
            exchanges = enveloppe.get_exchanges

            responses = list()
            responses.append(self._admin_api.create_user(subject))
            responses.append(self._admin_api.create_user_permission(subject, idmg))

            liste_inclure = {Constantes.SECURITE_PUBLIC}  # PUblic toujours inclus
            if Constantes.SECURITE_PROTEGE in exchanges:
                # pour l'echange protege, on inclus aussi l'echange prive (et public)
                liste_inclure.add(Constantes.SECURITE_PRIVE)
            if Constantes.SECURITE_SECURE in exchanges:
                # pour l'echange secure, on inclus aussi tous les autres echanges
                liste_inclure.add(Constantes.SECURITE_PRIVE)
                liste_inclure.add(Constantes.SECURITE_PROTEGE)
            liste_inclure.update(exchanges)

            liste_exchanges_exclure = [
                Constantes.SECURITE_PUBLIC,
                Constantes.SECURITE_PRIVE,
                Constantes.SECURITE_PROTEGE,
                Constantes.SECURITE_SECURE
            ]

            for exchange in liste_inclure:
                liste_exchanges_exclure.remove(exchange)  # Retire de la liste d'exchanges a exclure
                responses.append(self._admin_api.create_user_topic(subject, idmg, exchange))

            # Bloquer les exchanges a exclure
            for exchange in liste_exchanges_exclure:
                responses.append(self._admin_api.create_user_topic(subject, idmg, exchange, write='', read=''))

            if any([response.status_code not in [201, 204] for response in responses]):
                raise ValueError("Erreur ajout compte", subject)

        except x509.extensions.ExtensionNotFound:
            self.__logger.info("Aucun access a MQ pour certificat %s", subject)