enterprise: fix license check not using DER as spec specifies (#6348)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-07-24 12:11:47 +02:00 committed by GitHub
parent 4359fab560
commit 4647fbacb0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 69 deletions

View file

@ -9,7 +9,7 @@ from time import mktime
from uuid import uuid4
from cryptography.exceptions import InvalidSignature
from cryptography.x509 import Certificate, load_pem_x509_certificate
from cryptography.x509 import Certificate, load_der_x509_certificate, load_pem_x509_certificate
from dacite import from_dict
from django.db import models
from django.db.models.query import QuerySet
@ -61,8 +61,8 @@ class LicenseKey:
if len(x5c) < 1:
raise ValidationError("Unable to verify license")
try:
our_cert = load_pem_x509_certificate(b64decode(x5c[0]))
intermediate = load_pem_x509_certificate(b64decode(x5c[1]))
our_cert = load_der_x509_certificate(b64decode(x5c[0]))
intermediate = load_der_x509_certificate(b64decode(x5c[1]))
our_cert.verify_directly_issued_by(intermediate)
intermediate.verify_directly_issued_by(get_licensing_key())
except (InvalidSignature, TypeError, ValueError, Error):

View file

@ -3633,78 +3633,60 @@ paths:
operationId: core_tenants_list
description: Tenant Viewset
parameters:
- name: branding_favicon
required: false
in: query
description: branding_favicon
- in: query
name: branding_favicon
schema:
type: string
- name: branding_logo
required: false
in: query
description: branding_logo
- in: query
name: branding_logo
schema:
type: string
- name: branding_title
required: false
in: query
description: branding_title
- in: query
name: branding_title
schema:
type: string
- name: default
required: false
in: query
description: default
- in: query
name: default
schema:
type: boolean
- in: query
name: domain
schema:
type: string
- name: domain
required: false
in: query
description: domain
- in: query
name: event_retention
schema:
type: string
- name: event_retention
required: false
in: query
description: event_retention
- in: query
name: flow_authentication
schema:
type: string
- name: flow_authentication
required: false
in: query
description: flow_authentication
format: uuid
- in: query
name: flow_device_code
schema:
type: string
- name: flow_device_code
required: false
in: query
description: flow_device_code
format: uuid
- in: query
name: flow_invalidation
schema:
type: string
- name: flow_invalidation
required: false
in: query
description: flow_invalidation
format: uuid
- in: query
name: flow_recovery
schema:
type: string
- name: flow_recovery
required: false
in: query
description: flow_recovery
format: uuid
- in: query
name: flow_unenrollment
schema:
type: string
- name: flow_unenrollment
required: false
in: query
description: flow_unenrollment
schema:
type: string
- name: flow_user_settings
required: false
in: query
description: flow_user_settings
format: uuid
- in: query
name: flow_user_settings
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
@ -3729,18 +3711,16 @@ paths:
description: A search term.
schema:
type: string
- name: tenant_uuid
required: false
in: query
description: tenant_uuid
- in: query
name: tenant_uuid
schema:
type: string
- name: web_certificate
required: false
in: query
description: web_certificate
format: uuid
- in: query
name: web_certificate
schema:
type: string
format: uuid
tags:
- core
security:
@ -5163,16 +5143,12 @@ paths:
schema:
type: boolean
default: true
- name: managed
required: false
in: query
description: managed
- in: query
name: managed
schema:
type: string
- name: name
required: false
in: query
description: name
- in: query
name: name
schema:
type: string
- name: ordering