trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

enterprise: fix license check not using DER as spec specifies (#6348) 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-07-24 12:11:47 +02:00 committed by GitHub
parent 4359fab560
commit 4647fbacb0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
authentik/enterprise/models.py
View File

@ -9,7 +9,7 @@ from time import mktime
from uuid import uuid4 from uuid import uuid4
from cryptography.exceptions import InvalidSignature from cryptography.exceptions import InvalidSignature
from cryptography.x509 import Certificate, load_pem_x509_certificate from cryptography.x509 import Certificate, load_der_x509_certificate, load_pem_x509_certificate
from dacite import from_dict from dacite import from_dict
from django.db import models from django.db import models
from django.db.models.query import QuerySet from django.db.models.query import QuerySet
@ -61,8 +61,8 @@ class LicenseKey:
if len(x5c) < 1: if len(x5c) < 1:
raise ValidationError("Unable to verify license") raise ValidationError("Unable to verify license")
try: try:
our_cert = load_pem_x509_certificate(b64decode(x5c[0])) our_cert = load_der_x509_certificate(b64decode(x5c[0]))
intermediate = load_pem_x509_certificate(b64decode(x5c[1])) intermediate = load_der_x509_certificate(b64decode(x5c[1]))
our_cert.verify_directly_issued_by(intermediate) our_cert.verify_directly_issued_by(intermediate)
intermediate.verify_directly_issued_by(get_licensing_key()) intermediate.verify_directly_issued_by(get_licensing_key())
except (InvalidSignature, TypeError, ValueError, Error): except (InvalidSignature, TypeError, ValueError, Error):

108
schema.yml
View File

@ -3633,78 +3633,60 @@ paths:
operationId: core_tenants_list operationId: core_tenants_list
description: Tenant Viewset description: Tenant Viewset
parameters: parameters:
- name: branding_favicon - in: query
required: false name: branding_favicon
in: query
description: branding_favicon
schema: schema:
type: string type: string
- name: branding_logo - in: query
required: false name: branding_logo
in: query
description: branding_logo
schema: schema:
type: string type: string
- name: branding_title - in: query
required: false name: branding_title
in: query
description: branding_title
schema: schema:
type: string type: string
- name: default - in: query
required: false name: default
in: query schema:
description: default type: boolean
- in: query
name: domain
schema: schema:
type: string type: string
- name: domain - in: query
required: false name: event_retention
in: query
description: domain
schema: schema:
type: string type: string
- name: event_retention - in: query
required: false name: flow_authentication
in: query
description: event_retention
schema: schema:
type: string type: string
- name: flow_authentication format: uuid
required: false - in: query
in: query name: flow_device_code
description: flow_authentication
schema: schema:
type: string type: string
- name: flow_device_code format: uuid
required: false - in: query
in: query name: flow_invalidation
description: flow_device_code
schema: schema:
type: string type: string
- name: flow_invalidation format: uuid
required: false - in: query
in: query name: flow_recovery
description: flow_invalidation
schema: schema:
type: string type: string
- name: flow_recovery format: uuid
required: false - in: query
in: query name: flow_unenrollment
description: flow_recovery
schema: schema:
type: string type: string
- name: flow_unenrollment format: uuid
required: false - in: query
in: query name: flow_user_settings
description: flow_unenrollment
schema:
type: string
- name: flow_user_settings
required: false
in: query
description: flow_user_settings
schema: schema:
type: string type: string
format: uuid
- name: ordering - name: ordering
required: false required: false
in: query in: query
@ -3729,18 +3711,16 @@ paths:
description: A search term. description: A search term.
schema: schema:
type: string type: string
- name: tenant_uuid - in: query
required: false name: tenant_uuid
in: query
description: tenant_uuid
schema: schema:
type: string type: string
- name: web_certificate format: uuid
required: false - in: query
in: query name: web_certificate
description: web_certificate
schema: schema:
type: string type: string
format: uuid
tags: tags:
- core - core
security: security:
@ -5163,16 +5143,12 @@ paths:
schema: schema:
type: boolean type: boolean
default: true default: true
- name: managed - in: query
required: false name: managed
in: query
description: managed
schema: schema:
type: string type: string
- name: name - in: query
required: false name: name
in: query
description: name
schema: schema:
type: string type: string
- name: ordering - name: ordering