External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-14 19:30:39 -03:30
Code Issues Packages Projects Releases Wiki Activity

[bugfix-pem-validation] update from code review

Browse Source
This commit is contained in:
Brian Duffy 2018-02-10 01:08:29 +00:00
parent 68057560e5
commit 7d956a3b68
2 changed files with 30 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
awx/main/tests/unit/test_validators.py
View File

@ -19,6 +19,24 @@ from rest_framework.serializers import ValidationError as RestValidationError
import pytest
def test_invalid_keys():
invalid_keys = [
"---BEGIN FOO -----foobar-----END FOO----",
"-----BEGIN FOO---foobar-----END FOO----",
"-----BEGIN FOO-----foobar---END FOO----",
"----- BEGIN FOO ----- foobar ----- FAIL FOO ----",
"----- FAIL FOO ----- foobar ----- END FOO ----",
"----BEGIN FOO----foobar----END FOO--------BEGIN FOO----foobar----END FOO----"
]
for invalid_key in invalid_keys:
with pytest.raises(ValidationError):
validate_private_key(invalid_key)
with pytest.raises(ValidationError):
validate_certificate(invalid_key)
with pytest.raises(ValidationError):
validate_ssh_private_key(invalid_key)
def test_valid_catted_rsa_key():
valid_key = TEST_CATTED_SSH_KEY_DATA
pem_objects = validate_private_key(valid_key)
@ -55,16 +73,6 @@ def test_valid_locked_rsa_key():
assert pem_objects[0]['key_enc']
def test_invalid_rsa_key():
invalid_key = TEST_SSH_KEY_DATA.replace('-----END', '----END')
with pytest.raises(ValidationError):
validate_private_key(invalid_key)
with pytest.raises(ValidationError):
validate_certificate(invalid_key)
with pytest.raises(ValidationError):
validate_ssh_private_key(invalid_key)
def test_valid_openssh_key():
valid_key = TEST_OPENSSH_KEY_DATA
pem_objects = validate_private_key(valid_key)

22
awx/main/validators.py
View File

@ -48,11 +48,10 @@ def validate_pem(data, min_keys=0, max_keys=None, min_certs=0, max_certs=None):
# Build regular expressions for matching each object in the PEM file.
pem_obj_re = re.compile(
r'^-{5}\ *BEGIN ([A-Z ]+?)\ *-{5}' +
r'\s*(.+?)\s*' +
r'-{5}\ *END [A-Z ]+?\ *-{5}' +
r'\s?(.*?)$',
re.DOTALL
r'^-{4,} *BEGIN (?P<type>[A-Z ]+?) *-{4,}' +
r'\s*(?P<data>.+?)\s*' +
r'-{4,} *END [A-Z ]+? *-{4,}' +
r'(?P<next>.*?)$', re.DOTALL
)
pem_obj_header_re = re.compile(r'^(.+?):\s*?(.+?)(\\??)$')
@ -68,12 +67,13 @@ def validate_pem(data, min_keys=0, max_keys=None, min_certs=0, max_certs=None):
raise ValidationError(_('Invalid certificate or key: %s...') % data[:100])
# The rest of the PEM data to process
data = match.group(3).lstrip()
data = match.group('next').lstrip()
print data
# Check PEM object type, check key type if private key.
pem_obj_info = {}
pem_obj_info['all'] = match.group(0)
pem_obj_info['type'] = pem_obj_type = match.group(1)
pem_obj_info['type'] = pem_obj_type = match.group('type')
if pem_obj_type.endswith('PRIVATE KEY'):
key_count += 1
pem_obj_info['type'] = 'PRIVATE KEY'
@ -88,7 +88,7 @@ def validate_pem(data, min_keys=0, max_keys=None, min_certs=0, max_certs=None):
raise ValidationError(_('Unsupported PEM object type: "%s"') % pem_obj_type)
# Ensure that this PEM object is valid base64 data.
pem_obj_info['data'] = match.group(2)
pem_obj_info['data'] = match.group('data')
base64_data = ''
line_continues = False
for line in pem_obj_info['data'].splitlines():
@ -169,8 +169,10 @@ def validate_certificate(data):
Validate that data contains one or more certificates. Adds BEGIN/END lines
if necessary.
"""
if 'BEGIN CERTIFICATE' not in data:
data = '-----BEGIN CERTIFICATE-----\n{}\n-----END CERTIFICATE-----\n'.format(data)
if 'BEGIN' not in data:
data = "-----BEGIN CERTIFICATE-----\n{}".format(data)
if 'END' not in data:
data = "{}\n-----END CERTIFICATE-----\n".format(data)
return validate_pem(data, max_keys=0, min_certs=1)