def _get_cert_config_if_allowed(self, domain, cert):
if cert is not None:
if isinstance(cert, bytes):
cert = load_certificate(cert_bytes=cert)
if isinstance(cert, x509.Certificate):
host = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
else:
raise TypeError('cert must be a raw certificate in PEM or DER format or an x509.Certificate instance.')
else:
logger.warning('Request received for domain %s by unauthentified host.', domain)
raise HTTPResponse(
status=401,
body={'message': 'Authentication required'}
)
certconfig = self.certificates_config.match(domain)
if certconfig:
logger.debug('Domain %s matches pattern %s', domain, certconfig.pattern)
if host in self.admin_hosts or host in certconfig.allowed_hosts:
return certconfig
else:
logger.warning('Host %s unauthorized for domain %s.', host, domain)
raise HTTPResponse(
status=403,
body={'message': 'Host {} unauthorized for domain {}'.format(host, domain)}
)
else:
logger.warning('No config matching domain %s found.', domain)
raise HTTPResponse(
status=404,
body={'message': 'No configuration found for domain {}'.format(domain)}
)
评论列表
文章目录
