Skip to content
Snippets Groups Projects
Commit 2b1b1400 authored by Pavel Kácha's avatar Pavel Kácha
Browse files

More auth functionality where it belongs, simplified for reuse

parent 4251d0de
Branches
Tags
No related merge requests found
......@@ -304,6 +304,11 @@ class PlainAuthenticator(ObjectReq):
logging.getLogger(__name__).info("authenticate: %s" % str(client))
# These args are not for handler
args.pop("client", None)
args.pop("secret", None)
args.pop("hostnames", None)
return client
......@@ -364,12 +369,20 @@ class X509Authenticator(PlainAuthenticator):
class X509NameAuthenticator(PlainAuthenticator):
def get_cert_name(self, pem):
def authenticate(self, env, args):
try:
cert_name = env["SSL_CLIENT_S_DN_CN"]
except:
exception = self.req.error(message="authenticate: cannot get or parse certificate from env", error=403, exc=sys.exc_info(), env=env)
exception.log(logging.getLogger(__name__))
return None
cert = M2Crypto.X509.load_cert_string(pem)
if cert_name != args.setdefault("client", [cert_name])[0]:
exception = self.req.error(message="authenticate: client name does not correspond with certificate", error=403, cn = cert_name, args = args)
exception.log(logging.getLogger(__name__))
return None
subj = cert.get_subject()
commons = [n.get_data().as_text() for n in subj.get_entries_by_nid(subj.nid["CN"])]
return PlainAuthenticator.authenticate(self, env, args)
return commons[0]
......@@ -860,11 +873,6 @@ class Server(ObjectReq):
if not auth:
raise self.req.error(message="I'm watching. Not authorized.", error=403, client=client.name)
# These args are not for handler
args.pop("client", None)
args.pop("secret", None)
args.pop("hostnames", None)
args = self.sanitize_args(path, method, args)
try:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment