determine_rights() now supports 'authority+sa' and 'authority+ma' types

[sfa.git] / sfa / trust / certificate.py

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index 839d1df..6846472 100644 (file)
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -160,6 +160,9 @@ class Keypair:
         ASN1.set_time(500)
         m2x509.set_not_before(ASN1)
         m2x509.set_not_after(ASN1)
+        # x509v3 so it can have extensions
+        # prob not necc since this cert itself is junk but still...
+        m2x509.set_version(2)
         junk_key = Keypair(create=True)
         m2x509.sign(pkey=junk_key.get_m2_pkey(), md="sha1")
 
@@ -296,6 +299,8 @@ class Certificate:
         self.cert.set_serial_number(3)
         self.cert.gmtime_adj_notBefore(0)
         self.cert.gmtime_adj_notAfter(60*60*24*365*5) # five years
+        self.cert.set_version(2) # x509v3 so it can have extensions        
+
 
     ##
     # Given a pyOpenSSL X509 object, store that object inside of this
@@ -560,7 +565,6 @@ class Certificate:
     # @param cert certificate object
 
     def is_signed_by_cert(self, cert):
-        print 'is_signed_by_cert'
         k = cert.get_pubkey()
         result = self.verify(k)
         return result
@@ -633,7 +637,7 @@ class Certificate:
             return CertNotSignedByParent(self.get_subject())
 
         # if the parent isn't verified...
-        sfa_logger().debug("verify_chain: .. %s, -> verifying parent %s",self.get_subject(),self.parent.get_subject())
+        sfa_logger().debug("verify_chain: .. %s, -> verifying parent %s"%(self.get_subject(),self.parent.get_subject()))
         self.parent.verify_chain(trusted_certs)
 
         return