utility function for getting user email from x509 certificate
This commit is contained in:
dandds
parent
0d2a8faad4
commit
c0d72cd0d6
@ -1,7 +1,9 @@
|
|||||||
import re
|
import re
|
||||||
|
|
||||||
|
import cryptography.x509 as x509
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
|
||||||
|
|
||||||
# TODO: our sample SDN does not have an email address
|
|
||||||
def parse_sdn(sdn):
|
def parse_sdn(sdn):
|
||||||
try:
|
try:
|
||||||
parts = sdn.split(",")
|
parts = sdn.split(",")
|
||||||
@ -9,5 +11,21 @@ def parse_sdn(sdn):
|
|||||||
cn = cn_string.split("=")[-1]
|
cn = cn_string.split("=")[-1]
|
||||||
info = cn.split(".")
|
info = cn.split(".")
|
||||||
return {"last_name": info[0], "first_name": info[1], "dod_id": info[-1]}
|
return {"last_name": info[0], "first_name": info[1], "dod_id": info[-1]}
|
||||||
|
|
||||||
except (IndexError, AttributeError):
|
except (IndexError, AttributeError):
|
||||||
raise ValueError("'{}' is not a valid SDN".format(sdn))
|
raise ValueError("'{}' is not a valid SDN".format(sdn))
|
||||||
|
|
||||||
|
|
||||||
|
def email_from_certificate(cert_file):
|
||||||
|
cert = x509.load_pem_x509_certificate(cert_file, default_backend())
|
||||||
|
try:
|
||||||
|
ext = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName)
|
||||||
|
email = ext.value.get_values_for_type(x509.RFC822Name)
|
||||||
|
if email:
|
||||||
|
return email[0]
|
||||||
|
|
||||||
|
else:
|
||||||
|
raise ValueError("No email available for certificate with serial {}".format(cert.serial_number))
|
||||||
|
|
||||||
|
except x509.extensions.ExtensionNotFound:
|
||||||
|
raise ValueError("No subjectAltName available for certificate with serial {}".format(cert.serial_number))
|
||||||
|
|||||||
@ -5,12 +5,38 @@ from tests.mocks import DOD_SDN
|
|||||||
|
|
||||||
def test_parse_sdn():
|
def test_parse_sdn():
|
||||||
parsed = utils.parse_sdn(DOD_SDN)
|
parsed = utils.parse_sdn(DOD_SDN)
|
||||||
assert parsed.get('first_name') == 'ART'
|
assert parsed.get("first_name") == "ART"
|
||||||
assert parsed.get('last_name') == 'GARFUNKEL'
|
assert parsed.get("last_name") == "GARFUNKEL"
|
||||||
assert parsed.get('dod_id') == '5892460358'
|
assert parsed.get("dod_id") == "5892460358"
|
||||||
|
|
||||||
|
|
||||||
def test_parse_bad_sdn():
|
def test_parse_bad_sdn():
|
||||||
with pytest.raises(ValueError):
|
with pytest.raises(ValueError):
|
||||||
utils.parse_sdn('this has nothing to do with anything')
|
utils.parse_sdn("this has nothing to do with anything")
|
||||||
with pytest.raises(ValueError):
|
with pytest.raises(ValueError):
|
||||||
utils.parse_sdn(None)
|
utils.parse_sdn(None)
|
||||||
|
|
||||||
|
|
||||||
|
FIXTURE_EMAIL_ADDRESS = "artgarfunkel@uso.mil"
|
||||||
|
|
||||||
|
|
||||||
|
def test_parse_email_cert():
|
||||||
|
cert_file = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS), "rb").read()
|
||||||
|
email = utils.email_from_certificate(cert_file)
|
||||||
|
assert email == FIXTURE_EMAIL_ADDRESS
|
||||||
|
|
||||||
|
|
||||||
|
def test_parse_cert_with_no_email():
|
||||||
|
cert_file = open("tests/fixtures/no-email.crt", "rb").read()
|
||||||
|
with pytest.raises(ValueError) as excinfo:
|
||||||
|
email = utils.email_from_certificate(cert_file)
|
||||||
|
(message,) = excinfo.value.args
|
||||||
|
assert "email" in message
|
||||||
|
|
||||||
|
|
||||||
|
def test_parse_cert_with_no_san():
|
||||||
|
cert_file = open("tests/fixtures/no-san.crt", "rb").read()
|
||||||
|
with pytest.raises(ValueError) as excinfo:
|
||||||
|
email = utils.email_from_certificate(cert_file)
|
||||||
|
(message,) = excinfo.value.args
|
||||||
|
assert "subjectAltName" in message
|
||||||
|
|||||||
29
tests/fixtures/artgarfunkel@uso.mil.crt
vendored
Normal file
29
tests/fixtures/artgarfunkel@uso.mil.crt
vendored
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIE8DCCAtigAwIBAgIJALTstfJQuulmMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNV
|
||||||
|
BAMMGkdBUkZVTktFTC5BUlQuRy41ODkyNDYwMzU4MB4XDTE4MDgwODE0MDI0N1oX
|
||||||
|
DTI4MDgwNTE0MDI0N1owJTEjMCEGA1UEAwwaR0FSRlVOS0VMLkFSVC5HLjU4OTI0
|
||||||
|
NjAzNTgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1OuSSniuiUP3Q
|
||||||
|
JqVJOS2LE+kmK4Y5TexTCCDhBebarg+dEYipdA4AwZMKSDL/6D+lZJCM1MTsUgaN
|
||||||
|
X/8lRv2obVGnWuEL5Rbcwhlf3yTaohhlPk/qFyQoQaxcLZgwlwUn47i5jKG1cFqA
|
||||||
|
l4TignN3n6cwbpjFfkP9Oepiffu4ThrOsrOWTN56IB7TrHElFIdjVuUWbIuK9CET
|
||||||
|
8UWixUecrLr64AKyDndaVyzGJBwhtyn7AanVYld9la0FSxu8ZcYMikSOvOEqqOMA
|
||||||
|
Nu2NapInrb+g1JEPycXTpGxMiLbFscmAkgmAqkxzeFBW0UHCQsbxG6Ep1Km3QfYw
|
||||||
|
QqvEfNRPuGq2bGtpbMUF9K4DSsI2yErtc8QvKVQ86xEuwoiFxiRtO+WQKJrq8CqU
|
||||||
|
sZxcz6ZAw2pERIYtGCi573rxb8g7skEvlIPIYWqljEwFOIrgoRav0x3dHdfA5Ubh
|
||||||
|
M0fx38icinVmL0Xd7G0JFY2RFQ13/r/zaxmmm546tH9tSjn1bwaO/6OcX9g5kCUH
|
||||||
|
p2cWklug3/bDQyKre9UZBjI7bUMWtL1w6uhdRm5yq4lX+o8G/tbUYVPER75z+AKO
|
||||||
|
p/eizAKCKSHRXDKIJr3zZG54jyd+VzTcjBSNQN/liclEBzlnZqZUgPPUR8kQ0S3E
|
||||||
|
n8jQ/Jk9MS/DUuNvEzBgZS5e3KtpZwIDAQABoyMwITAfBgNVHREEGDAWgRRhcnRn
|
||||||
|
YXJmdW5rZWxAdXNvLm1pbDANBgkqhkiG9w0BAQsFAAOCAgEAQzAA7aweU7ZHDK3l
|
||||||
|
pjcpfXruVOqceGst/avMHZp3ZS9YOkd+K3jnLVBObfBGwZkJjsyqvs0AMVi3mTYY
|
||||||
|
WeEkhTk50G2xA2UydsOQcuH/qOT6duj54a0TCB4/2kMBq6IhCT3xR4rbfxA+5ArD
|
||||||
|
yCConiy1FUX5nofYGNC7VPUgjQb64LtTr1+wO6nTwdpALeOX2GZXoBWVQO2W+2Ul
|
||||||
|
buIGV5TnpjoJGJmuO/A76qwMi5+e6EYAKmomjGCaTKyvbb2WAlCoHzdDd+nQMFYm
|
||||||
|
gBBMVOkiTZ2udIbQMFGdqAZjDEP484rsCVrth4PKAZ9/3LAe6XddLZZbqq5cap2l
|
||||||
|
u6jDinFIeV2aldRh285qwvX7+R3KQK7k5wNDbf8DlaPUhnF+CliYDBKFCoKE60AY
|
||||||
|
mp40YME0NE3XSGuIemJUazxFAJ8zUu8yEP3K/mzAwtRHiy+yQwKyPK4Wl+skXYHs
|
||||||
|
XbouRkWK7jleVKXLiE0Uw0EbWkfAVBM8IgGWp70UivCTlAdokwdKBxsLhsn57mJ5
|
||||||
|
GP+9YTpwVQKWTBp06z0ZHaRI91d9Ke7YUSfDmLZ6VE9txqd9P2X2B2HbXFaYzGJh
|
||||||
|
gWtvqRh94ttaVsGr9iK7ANS9gXvn7Vb1ElyyF2wzP64WJtew7tywFq+Xhbm4/WPr
|
||||||
|
wM+BoGmfKP7uq0GBfu/HengJEGk=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
29
tests/fixtures/no-email.crt
vendored
Normal file
29
tests/fixtures/no-email.crt
vendored
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIE6TCCAtGgAwIBAgIJAKlkkD2Xt+vWMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNV
|
||||||
|
BAMMGkdBUkZVTktFTC5BUlQuRy41ODkyNDYwMzU4MB4XDTE4MDgwODE0MjI0MFoX
|
||||||
|
DTI4MDgwNTE0MjI0MFowJTEjMCEGA1UEAwwaR0FSRlVOS0VMLkFSVC5HLjU4OTI0
|
||||||
|
NjAzNTgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDi81dB+2WcfgoD
|
||||||
|
ls0A7q/lefu+rOEDp90o22MO/D4uAkqztI/O/JUzGs3MG6YWEREwanlgS67Cnhki
|
||||||
|
NFHWKh0QUXyqGqYgxmyNMXemawFI5ilpCXhToSoi3aKP8Da6YO1FbhF+X9NpEgpC
|
||||||
|
cNHwKnfzOreQ4s01q8TdKL6X9wQvtX1ILNjPpCRMrfaBkiD7VbAC+Ds8SW9V10MD
|
||||||
|
1jQkZyaPtZgNU9nou9OCwHpiva1HIckNy0E8UAuSGHWmwkK62rTUvZfKHrtWWaWY
|
||||||
|
G/njwSdotAZvH4xdFW+/wJdcpj1IHACtzkctLjub78RmuvPsNHcEy6x77efSJKvb
|
||||||
|
oBGvEzOFYqoXDhvLOpxQfsZNFO1suJlcXynzVx9hmVrUfw7l8Z/yUhuNKhuRQ7fw
|
||||||
|
+9YMuXrYrcTCsZx73eTsQCX7A6QSq5//N9GNSHl5/adZXcmSwFed6OOUrMRs73HY
|
||||||
|
IH35yiyGS4BbulyKUeGHdeiD00Crb2/DSxrH5M2BqFQw993clkhdbr8AT/B/lhh8
|
||||||
|
Bysc3fHxwXGN65k1vfgrMm3aULUHLDH9RWjMra8OF2dZndQfmFSIxVOmDmmVjfME
|
||||||
|
lBg1TXY+JyKdkZrMb8IOpd08F+g10s+OnImldjsoSW0qkxDzUIbDRSvPK5dxukDc
|
||||||
|
ygecXqeKB7Bm2lceAurcARZiDdGvRwIDAQABoxwwGjAYBgNVHREEETAPgg1nYXJm
|
||||||
|
dW5rZWwuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQCdaxkg4ZmmFqGqQ5bkjOucEowI
|
||||||
|
UpFIlgn3ORX/NjeAFpRlXr+kAyrezOfe3DzffFM63GVyqCR3swfwu0DdgpaGI++z
|
||||||
|
wMjXdDKDWfCSdFeFQczt/UyOQg7lkgKAgP6AgWrS9iOUwWY2Ecd+IhLjEAJ8ESgO
|
||||||
|
udi60tx9fDSlmpc3BlXBNkZUPGQW8abv+E2hV9dhNwCLVOxgK655E+9Lv3qRFFG5
|
||||||
|
HczGP8UcKL/0e1CIV8JfiPNG3lI9LJKE0fik7jN1nvPuM9ubKwKuxWgxDH4iP4aw
|
||||||
|
qa76rGYRT4VDcU89bRRX6fVCOK7iFd4db32zsAaFcOnztpMWAyIaTSZ4RuJivpqn
|
||||||
|
rTl0+ZOVHLierhFAH96prWcUBtyaprRCx5y/bIme+KBdEuge+s6+H4fYjMeryenQ
|
||||||
|
6kK8yqqAngDxxD400U1uP5TERu+E/JiP1AaiyPyh5j1bOjzM8/aohwTLK4pSeUHC
|
||||||
|
2AITpHPjXumTYMVLJliJ1/B+ZW8wS7kg1ICL6x9hrt/SbdDqQPZa/pE8NHuzMNSr
|
||||||
|
TaTDjaBEz50awlMYv4b3u+YQbVhGabw+2sYDG6VhiMakyuY2FCIi5Tc/ybBvXta8
|
||||||
|
lh8Xo8hSVlwvPumqLLITl17+KXHNL1KnTgWfXntFL6t/2OQrSbDfVXmThtW+FEmm
|
||||||
|
7ZFG54OsGWYdg8uNNg==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
31
tests/fixtures/no-san.crt
vendored
Normal file
31
tests/fixtures/no-san.crt
vendored
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFVTCCAz2gAwIBAgIJAJRtzRX0VhJJMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNV
|
||||||
|
BAMTGkdBUkZVTktFTC5BUlQuRy41ODkyNDYwMzU4MB4XDTE4MDgwODE0MjQ1NFoX
|
||||||
|
DTI4MDgwNTE0MjQ1NFowJTEjMCEGA1UEAxMaR0FSRlVOS0VMLkFSVC5HLjU4OTI0
|
||||||
|
NjAzNTgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCak8upRyMLNUKK
|
||||||
|
vP6Ly50KGXDAktTBOFHDDsTRIIBeEiRImcuQ3nrqgHPKxlYdPG1k88VSDnrCDZry
|
||||||
|
DTm58NGCrtB6tJPqlZag8vpNffk9pEPOBKvUN9v5xqGgSN3sIdv0aMtMRJUXS61R
|
||||||
|
gzKJ76D+QM/7sKFhtPmETcfkBN99On7Zxw33TcwIlpv8t8tPB6F/r8jw07oWFBza
|
||||||
|
Z1Ui2+mFs6rZlxFOP8qRo82iencrMuW3/Tvqjl0N/AHPkdT7PbqAyg1aDkHYIBvc
|
||||||
|
euk/23Rgp1BQCX/Dia412/mMW0l6wYrw3pMBQ0j9LPSKTWx6rf7xa5TTweqcoKhB
|
||||||
|
zaeOV90wQk7gd+13u12ZqtPDI2Lgzi9PiIIDyDOGe4yX+O4YGTOV1pX2RyYCx9Hi
|
||||||
|
D6Pz9LoABz7TYq7A+LjKx5T5Q4XXiyUiQHTHQ5dC8v1rcUdZBB47eyAE0ZtVcCVI
|
||||||
|
tcG6eJgbM907AAabwca5sy0ogfYABMSUz6YWA1SMeDclwtRBlSWMFa2OCDJl7wBU
|
||||||
|
5Iyj/5a4MJ834IJh++gxpeijTktU1RyCDRUgXlAQNdqFxPmgwPbTo4KPDOw/YUnt
|
||||||
|
PSZfO2jiqhXgSRxlG5+2CAMiUVo2kelJxemDkJ30Yk3ebjx6qyEYizE0Mmh3xFYf
|
||||||
|
cOr7h1dxhjvAUtu3/ekNZWdz4WUcMQIDAQABo4GHMIGEMB0GA1UdDgQWBBRGIuCr
|
||||||
|
zBlH956853iOtEt/RF1wkzBVBgNVHSMETjBMgBRGIuCrzBlH956853iOtEt/RF1w
|
||||||
|
k6EppCcwJTEjMCEGA1UEAxMaR0FSRlVOS0VMLkFSVC5HLjU4OTI0NjAzNTiCCQCU
|
||||||
|
bc0V9FYSSTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAHVurBIQJS
|
||||||
|
makSWkuIFYuhKI5GDU9R1xeFe56zDVKE6Xoqki6CxUlHcIY/QN2nJ02GVN12GMAi
|
||||||
|
p4jewaiomr0LIlmzk63jn380okRjOFNoieIyQiXL0rH2oV4DESbWLuLoFnWFHGI7
|
||||||
|
8VsyURDe00H58t3MsEEOzrbjSV7KeyifjIND6yrDuzoLY2FquTOq3Q41XRJxIOuk
|
||||||
|
0p0Cd9E07YzAb9kzODO5ZPvXfkAIqZIrAYb9bjcMs6gb8CbzA/STdSEPp2NjgAsc
|
||||||
|
fjI0VtUPyTX2fKE9nrHeSNsT7WFPslbzvXVtlmUvlyDgnHglKjsgSLTgFaAERUSz
|
||||||
|
WkJG0+lysAPga/qpD22C3OB/igT/S+KJjw8oubX6iAAxIDM1Oa+YStft5IXX2KSm
|
||||||
|
5FT2HIMtXBG9pkgmJ9O+xrDrJwSz+sezXYuV88T4fDYdXAUqgBudmml/h+OGEB4C
|
||||||
|
k3Mc0ibe5Np4SyDg9qWDa+u6GojQCkTA0ygxcXR0M/t204MXqV7g4zCt624BB+nH
|
||||||
|
TYLeq49SQsl2XmPLsjwWIToly1F6tizP0gWYFamGD2bqZNDIEl/5a/CLwpOlSWc8
|
||||||
|
K6tfqAlNnM56/vMXDeo/na7XLRHPkLisUZCxBYVuSFu77gZsawVxcZlO3Hwn1L7a
|
||||||
|
Pdu9qr067Y/6AAogCQANMXWfywkc+TZMlQ==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
Loading…
x
Reference in New Issue
Block a user