Home       Trees       Indices       Help   
pulp
Package pulp :: Package server :: Package webservices :: Package httpd :: Module repo_cert_validation
[hide private]
[frames] | no frames]

Source Code for Module pulp.server.webservices.httpd.repo_cert_validation

 1  #!/usr/bin/python 
 2  # 
 3  # Copyright (c) 2010 Red Hat, Inc. 
 4  # 
 5  # This software is licensed to you under the GNU General Public License, 
 6  # version 2 (GPLv2). There is NO WARRANTY for this software, express or 
 7  # implied, including the implied warranties of MERCHANTABILITY or FITNESS 
 8  # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 
 9  # along with this software; if not, see 
10  # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. 
11  # 
12  # Red Hat trademarks are not licensed under GPLv2. No permission is 
13  # granted to use or replicate Red Hat trademarks that are incorporated 
14  # in this software or its documentation. 
15   
16  ''' 
17  Logic for determining if an entitlement certificate has permission to access a particular 
18  URL. 
19   
20  This logic exists in a separate module from the httpd authentication handler to prevent issues 
21  with mod_python imports not being available at unit test time. 
22  ''' 
23   
24  import logging 
25  import re 
26   
27  from pulp.server.auth.certificate import Certificate 
28   
29   
30  log = logging.getLogger(__name__) 
31   

32 -def is_valid(dest, cert_pem): 

33      ''' 
34      Returns if the specified certificate should be able to access a certain URL. 
35   
36      @param dest: destination URL trying to be accessed 
37      @type  dest: string 
38   
39      @param cert_pem: PEM encoded client certificate sent with the request 
40      @type  cert_pem: string 
41      ''' 
42   
43      cert = Certificate(content=cert_pem) 
44      extensions = cert.extensions() 
45   
46      log.debug('Destination [%s]' % dest) 
47      log.debug('Cert: %s' % cert) 
48   
49      valid = False 
50      for e in extensions: 
51          log.debug("extension: %s" % e) 
52          if is_download_url_ext(e): 
53              oid_url = extensions[e] 
54              log.debug("oid_url: %s" % e) 
55              if _validate(oid_url, dest): 
56                  valid = True 
57                  break 
58   
59      return valid 

60   

61 -def is_download_url_ext(ext_oid): 

62      ''' 
63      Tests to see if the given OID corresponds to a download URL value. 
64   
65      @param ext_oid: OID being tested; cannot be None 
66      @type  ext_oid: a pulp.certificiate.OID object 
67   
68      @return: True if the OID contains download URL information; False otherwise 
69      @rtype:  boolean 
70      ''' 
71      result = ext_oid.match('1.3.6.1.4.1.2312.9.2.') and ext_oid.match('.1.6') 
72      return result 

73   

74 -def _validate(oid_url, dest): 

75      log.debug('OID URL     [%s]' % oid_url) 
76   
77      # Swap out all $ variables (e.g. $basearch, $version) for a reg ex wildcard in that location 
78      # 
79      # For example, the following entitlement: 
80      #   content/dist/rhel/server/$version/$basearch/os 
81      # 
82      # Should allow any value for the variables: 
83      #   content/dist/rhel/server/.+?/.+?/os 
84   
85      oid_re = re.sub(r'\$.+?/', '.+?/', oid_url) 
86      log.debug('OID Reg Ex  [%s]' % oid_re) 
87      log.debug('dest:       [%s]' % dest) 
88      retval = (re.search(oid_re, dest) is not None) 
89      log.debug("_validate returning: %s" % retval)  
90      return retval 

91

   Home       Trees       Indices       Help   
pulp
Generated by Epydoc 3.0.1 on Tue Sep 7 12:30:40 2010 http://epydoc.sourceforge.net