git://git.onelab.eu
/
sfa.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
checking in some debugging statements, will remove them later
[sfa.git]
/
sfa
/
trust
/
certificate.py
diff --git
a/sfa/trust/certificate.py
b/sfa/trust/certificate.py
index
58486ec
..
9480f7a
100644
(file)
--- a/
sfa/trust/certificate.py
+++ b/
sfa/trust/certificate.py
@@
-18,6
+18,7
@@
import os
import tempfile
import base64
import os
import tempfile
import base64
+import traceback
from OpenSSL import crypto
import M2Crypto
from M2Crypto import X509
from OpenSSL import crypto
import M2Crypto
from M2Crypto import X509
@@
-54,7
+55,8
@@
def convert_public_key(key):
try:
k.load_pubkey_from_file(ssl_fn)
except:
try:
k.load_pubkey_from_file(ssl_fn)
except:
- print "XXX: Error while converting key: ", key_str
+ print "XXX: Error while converting key: ", key
+ traceback.print_exc()
k = None
# remove the temporary files
k = None
# remove the temporary files
@@
-162,11
+164,21
@@
class Keypair:
def as_pem(self):
return crypto.dump_privatekey(crypto.FILETYPE_PEM, self.key)
def as_pem(self):
return crypto.dump_privatekey(crypto.FILETYPE_PEM, self.key)
+ ##
+ # Return an M2Crypto key object
+
def get_m2_pkey(self):
if not self.m2key:
self.m2key = M2Crypto.EVP.load_key_string(self.as_pem())
return self.m2key
def get_m2_pkey(self):
if not self.m2key:
self.m2key = M2Crypto.EVP.load_key_string(self.as_pem())
return self.m2key
+ ##
+ # Returns a string containing the public key represented by this object.
+
+ def get_pubkey_string(self):
+ m2pkey = self.get_m2_pkey()
+ return base64.b64encode(m2pkey.as_der())
+
##
# Return an OpenSSL pkey object
##
# Return an OpenSSL pkey object
@@
-504,10
+516,14
@@
class Certificate:
# until a certificate is found that is signed by a trusted root.
# TODO: verify expiration time
# until a certificate is found that is signed by a trusted root.
# TODO: verify expiration time
-
+ print "====Verify Chain====="
# if this cert is signed by a trusted_cert, then we are set
for trusted_cert in trusted_certs:
# if this cert is signed by a trusted_cert, then we are set
for trusted_cert in trusted_certs:
+ print "***************"
# TODO: verify expiration of trusted_cert ?
# TODO: verify expiration of trusted_cert ?
+ print "CLIENT CERT", self.dump()
+ print "TRUSTED CERT", trusted_cert.dump()
+ print "Client is signed by Trusted?", self.is_signed_by_cert(trusted_cert)
if self.is_signed_by_cert(trusted_cert):
#print self.get_subject(), "is signed by a root"
return
if self.is_signed_by_cert(trusted_cert):
#print self.get_subject(), "is signed by a root"
return