Commit 482fff01 authored by andrea-manzi's avatar andrea-manzi
Browse files

Add certificate verification code to HTTP AUTH

parent 9e428f68
......@@ -24,19 +24,19 @@ BuildRequires: python-dateutil
BuildRequires: python-pylons
BuildRequires: scipy
BuildRequires: m2crypto
BuildRequires: python-m2ext
BuildRequires: python-coverage
BuildRequires: python-sqlalchemy
BuildRequires: python-requests
BuildRequires: pandoc
Requires: gridsite%{?_isa} >= 1.7
Requires: httpd%{?_isa}
Requires: mod_wsgi
Requires: python-fts = %{version}-%{release}
Requires: python-paste-deploy
Requires: python-dateutil
Requires: python-pylons
Requires: gfal2-python
Requires: gridsite%{?_isa} >= 1.7
Requires: httpd%{?_isa}
Requires: mod_wsgi
Requires: python-fts = %{version}-%{release}
Requires: python-paste-deploy
Requires: python-pylons
Requires: gfal2-python
%description
This package provides the FTS3 REST interface
......@@ -63,6 +63,8 @@ FTS3 Rest OAuth2 provider
Summary: FTS3 Rest HTTP_AUTHORIZATION signed-cert method
Group: Application/Internet
Requires: python-dateutil
Requires: python-m2ext
Requires: fts-rest = %{version}-%{release}
%description http-authz-signed-cert
......
......@@ -18,6 +18,7 @@
import re, time, dateutil.parser, logging, urllib
from base64 import b64decode
from M2Crypto import X509, EVP
from m2ext import SSL
from fts3rest.lib.middleware.fts3auth.credentials import InvalidCredentials, vo_from_fqan, build_vo_from_dn, generate_delegation_id
def do_authentication(credentials, env):
......@@ -62,6 +63,12 @@ def do_authentication(credentials, env):
log.info("Signature verification failed")
raise InvalidCredentials()
ctx = SSL.Context()
ctx.load_verify_locations(capath = "/etc/grid-security/certificates");
if not ctx.validate_certificate(x509):
log.info("Certificate verification failed")
raise InvalidCredentials()
credentials.user_dn = '/'+'/'.join(x509.get_subject().as_text().split(', '))
credentials.dn.append(credentials.user_dn)
if 'SSL_CLIENT_S_DN' in env:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment