def get(self, environ, url): """Makes a HTTP request to the specified URL using the certificate obtained from the WSGI environ. @type environ: dict @param environ: WSGI environ @type url: basestring @param url: URL of resource to request @rtype: basestring @return: response from HTTP request """ current_token = environ.get(self.token_env_key) if current_token: log.debug("Token ID: %s", current_token) else: log.debug("No token found with environ key: %s", self.token_env_key) if self.token != current_token or not self.user_ssl_context: log.debug("Certificate request needed") if current_token: self.token = current_token # Get credential. log.debug("Making certificate request") (private_key, certificate) = certificate_request.request_certificate( self.token, self.resource_server_url, self.client_ssl_config, self.certificate_request_parameter) # Create SSL context using the resource owner's delegated # credential. self.user_ssl_context = ssl_context_util.make_ssl_context( None, None, self.ca_cert_file, self.ca_dir, True) clientKey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key) clientCert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate) self.user_ssl_context.use_privatekey(clientKey) self.user_ssl_context.use_certificate(clientCert) log.debug("Created new SSL context") else: log.warn("Certificate needed but no token available") config = httpsclientutils.Configuration(self.user_ssl_context, True) log.debug("Making request to URL: %s", url) response = httpsclientutils.fetch_from_url(url, config) return response
def __call__(self, environ, start_response): """ @param environ: WSGI environment @type environ: dict @param start_response: WSGI start response function @type start_response: @return: WSGI response @rtype: iterable """ log.debug("CertificateRequestMiddleware.__call__ ...") req = Request(environ) log.debug("Request url: %s", req.url) log.debug("Request host_url: %s", req.host_url) log.debug("Request application_url: %s", req.application_url) # Get session. session = environ.get(self.session_env_key) if session is None: raise Exception( 'CertificateRequestMiddleware.__call__: No beaker session key ' '"%s" found in environ' % self.session_env_key) # Determine whether a certificate is stored in the session already. key_cert = None if self.__class__.CERTIFICATE_SESSION_KEY_OPTION in session: key_cert = session[self.__class__.CERTIFICATE_SESSION_KEY_OPTION] else: # If not, and an access token has been obtained, request a # certificate. client = Oauth2Client.get_client_instance(session, None, create=False) if client and client.access_token: key_cert = certificate_request.request_certificate( client.access_token, self.resource_server_url, self.ssl_config, self.certificate_request_parameter) session[self.__class__.CERTIFICATE_SESSION_KEY_OPTION ] = key_cert # Make certificate available in the session immediately. session.save() session.persist() if key_cert: environ[self.certificate_env_key] = key_cert app_iter = self._app(environ, start_response) return app_iter
def get(self, environ, url): """Makes a HTTP request to the specified URL using the certificate obtained from the WSGI environ. @type environ: dict @param environ: WSGI environ @type url: basestring @param url: URL of resource to request @rtype: basestring @return: response from HTTP request """ current_token = environ.get(self.token_env_key) if current_token: log.debug("Token ID: %s", current_token) else: log.debug("No token found with environ key: %s", self.token_env_key) if self.token != current_token or not self.user_ssl_context: log.debug("Certificate request needed") if current_token: self.token = current_token # Get credential. log.debug("Making certificate request") (private_key, certificate) = certificate_request.request_certificate( self.token, self.resource_server_url, self.client_ssl_config, self.certificate_request_parameter ) # Create SSL context using the resource owner's delegated # credential. self.user_ssl_context = ssl_context_util.make_ssl_context( None, None, self.ca_cert_file, self.ca_dir, True ) clientKey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key) clientCert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate) self.user_ssl_context.use_privatekey(clientKey) self.user_ssl_context.use_certificate(clientCert) log.debug("Created new SSL context") else: log.warn("Certificate needed but no token available") config = httpsclientutils.Configuration(self.user_ssl_context, True) log.debug("Making request to URL: %s", url) response = httpsclientutils.fetch_from_url(url, config) return response
def get_resource(self, environ, start_response): response = [ "<h2>ndg_oauth WSGI Test Application: get secured resource</h2>" ] token = environ.get(self.token_env_key) if not token: response.append('<p>No OAuth token found.</p>') else: log.debug("Token found; %s" % token) try: (private_key, certificate) = certificate_request.request_certificate( token, self.resource_url, self.ssl_config, self.certificate_request_parameter) except Exception, exc: response.append('<p>Exception obtaining certificate from OAuth ' 'server: %s</p>' % exc) else:
def get_resource(self, environ, start_response): response = [ "<h2>ndg_oauth WSGI Test Application: get secured resource</h2>" ] token = environ.get(self.token_env_key) if not token: response.append('<p>No OAuth token found.</p>') else: log.debug("Token found; %s" % token) try: (private_key, certificate) = certificate_request.request_certificate( token, self.resource_url, self.ssl_config, self.certificate_request_parameter) except Exception, exc: response.append( '<p>Exception obtaining certificate from OAuth ' 'server: %s</p>' % exc) else: