+import OpenSSL
+# M2Crypto is imported on the fly to minimize crashes
+# import M2Crypto
+
+from sfa.util.py23 import PY3
+
+from sfa.util.faults import (CertExpired, CertMissingParent,
+ CertNotSignedByParent)
+from sfa.util.sfalogging import logger
+
+# this tends to generate quite some logs for little or no value
+debug_verify_chain = True
+
+glo_passphrase_callback = None
+
+##
+# A global callback may be implemented for requesting passphrases from the
+# user. The function will be called with three arguments:
+#
+# keypair_obj: the keypair object that is calling the passphrase
+# string: the string containing the private key that's being loaded
+# x: unknown, appears to be 0, comes from pyOpenSSL and/or m2crypto
+#
+# The callback should return a string containing the passphrase.
+
+
+def set_passphrase_callback(callback_func):
+ global glo_passphrase_callback
+
+ glo_passphrase_callback = callback_func
+
+##
+# Sets a fixed passphrase.
+
+
+def set_passphrase(passphrase):
+ set_passphrase_callback(lambda k, s, x: passphrase)
+
+##
+# Check to see if a passphrase works for a particular private key string.
+# Intended to be used by passphrase callbacks for input validation.
+
+
+def test_passphrase(string, passphrase):
+ try:
+ OpenSSL.crypto.load_privatekey(
+ OpenSSL.crypto.FILETYPE_PEM, string, (lambda x: passphrase))
+ return True
+ except:
+ return False