...
 
Commits (2)
......@@ -9,7 +9,7 @@ VersionInfo = collections.namedtuple('version_info', ('major', 'minor', 'micro')
__version_info__ = VersionInfo(
major=0,
minor=1,
micro=2,
micro=3,
)
__version__ = '.'.join(str(val) for val in __version_info__)
__author__ = u'Michael Stroeder'
......
......@@ -3,6 +3,7 @@
ekca_service.plugins.otp - Module package for separate OTP checker plugins
"""
import ssl
from urllib.parse import urlparse
__all__ = [
......@@ -34,7 +35,7 @@ class OTPChecker:
"""
actually check whether OTP is valid for username
"""
raise OTPCheckFailed()
raise OTPCheckFailed('%s.check() must not be used directly!' % (self.__class__.__name__,))
class Dummy(OTPChecker):
......@@ -62,8 +63,12 @@ class Dummy(OTPChecker):
class OTPWebService(OTPChecker):
"""
Base class for OTP checker plugin classes, not directly used!
Base class for OTP checker plugin classes which
send requests to web services
Not directly used!
"""
req_mime_type = 'application/json'
cfg_key_url = 'OTP_CHECK_URL'
cfg_key_cacerts = 'OTP_CHECK_CACERTS'
cacerts_default = '/etc/ssl/ca-bundle.pem'
......@@ -76,3 +81,10 @@ class OTPWebService(OTPChecker):
OTPChecker.__init__(self, cfg, logger)
self._url = urlparse(self._cfg[self.cfg_key_url])
self._ca_certs = self._cfg.get(self.cfg_key_cacerts, self.cacerts_default)
def _ssl_context(self):
ctx = ssl.SSLContext()
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.check_hostname = True
ctx.load_verify_locations(cafile=self._ca_certs, capath=None, cadata=None)
return ctx