Changeset 7057 for TI12-security/trunk/MyProxyWebService
- Timestamp:
- 23/06/10 09:33:00 (11 years ago)
- Location:
- TI12-security/trunk/MyProxyWebService/myproxy/server
- Files:
-
- 1 deleted
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/MyProxyWebService/myproxy/server/wsgi/middleware.py
r7054 r7057 335 335 336 336 requestMethod = environ.get('REQUEST_METHOD') 337 certReqKey = self.__class__.CERT_REQ_POST_PARAM_KEYNAME 338 339 if requestMethod == 'POST': 340 pemCertReq = request.POST.get(certReqKey) 341 if pemCertReq is None: 342 response = ("No %r form variable set in POST message" % 343 certReqKey) 344 log.error(response) 345 raise HttpBasicAuthResponseException(response, 346 httplib.BAD_REQUEST) 347 348 log.debug("cert req = %r", pemCertReq) 349 350 # Expecting PEM encoded request 351 try: 352 certReq = crypto.load_certificate_request( 353 crypto.FILETYPE_PEM, 354 pemCertReq) 355 except crypto.Error, e: 356 log.error("Error loading input certificate request: %r", 357 pemCertReq) 358 raise HttpBasicAuthResponseException("Error loading input " 359 "certificate request", 360 httplib.BAD_REQUEST) 361 362 # Convert to ASN1 format expect by logon client call 363 asn1CertReq = crypto.dump_certificate_request( 364 crypto.FILETYPE_ASN1, 365 certReq) 366 367 # Alternative, GET method would set this variable, set to None 368 # here to correctly initialise MyProxy.logon call 369 pubKey = None 370 371 elif requestMethod == 'GET': 372 # Interpret as a HTML keygen request. See: 373 # https://developer.mozilla.org/en/HTML/Element/keygen 374 # A Netscape Signed Public Key and Challenge (SPKAC) is set as a 375 # query argument 376 spkac = request.GET.get(certReqKey) 377 if spkac is None: 378 response = ("No %r query argument set in GET request" % 379 certReqKey) 380 log.error(response) 381 raise HttpBasicAuthResponseException(response, 382 httplib.BAD_REQUEST) 383 384 # Remove any carriage returns to enable PyOpenSSL interface to 385 # correctly parse 386 strippedSpkac = ''.join(re.split('\s+', spkac)) 387 try: 388 spki = crypto.NetscapeSPKI(strippedSpkac) 389 390 except crypto.Error, e: 391 log.error("Error loading input signed public key and " 392 "challenge: %r", spkac) 393 raise HttpBasicAuthResponseException("Error loading input " 394 "Signed Public Key " 395 "and challenge", 396 httplib.BAD_REQUEST) 397 398 # Extract public key 399 try: 400 pubKey = spki.get_pubkey() 401 402 except crypto.Error, e: 403 log.error("Error extracting public key from input " 404 "signed public key and challenge: %r", spkac) 405 raise HttpBasicAuthResponseException("Error procesing " 406 "input Signed Public " 407 "Key and challenge", 408 httplib.BAD_REQUEST) 409 410 # Alternative, POST method would set this variable, set to None 411 # here to correctly initialise MyProxy.logon call 412 certReq = crypto.X509Req() 413 certReq.set_pubkey(pubKey) 414 asn1CertReq = crypto.dump_certificate_request( 415 crypto.FILETYPE_ASN1, 416 certReq) 417 else: 337 if requestMethod != 'POST': 418 338 response = "HTTP Request method not recognised" 419 339 log.error("HTTP Request method %r not recognised", … … 421 341 raise HttpBasicAuthResponseException(response, 422 342 httplib.METHOD_NOT_ALLOWED) 343 344 certReqKey = self.__class__.CERT_REQ_POST_PARAM_KEYNAME 345 pemCertReq = request.POST.get(certReqKey) 346 if pemCertReq is None: 347 response = ("No %r form variable set in POST message" % 348 certReqKey) 349 log.error(response) 350 raise HttpBasicAuthResponseException(response, 351 httplib.BAD_REQUEST) 352 353 log.debug("cert req = %r", pemCertReq) 354 355 # Expecting PEM encoded request 356 try: 357 certReq = crypto.load_certificate_request( 358 crypto.FILETYPE_PEM, 359 pemCertReq) 360 except crypto.Error, e: 361 log.error("Error loading input certificate request: %r", 362 pemCertReq) 363 raise HttpBasicAuthResponseException("Error loading input " 364 "certificate request", 365 httplib.BAD_REQUEST) 366 367 # Convert to ASN1 format expect by logon client call 368 asn1CertReq = crypto.dump_certificate_request( 369 crypto.FILETYPE_ASN1, 370 certReq) 423 371 424 372 try:
Note: See TracChangeset
for help on using the changeset viewer.