# we can only convert rsa keys
if "ssh-dss" in key:
- print "XXX: DSA key encountered, ignoring"
return None
(ssh_f, ssh_fn) = tempfile.mkstemp()
cmd = keyconvert_path + " " + ssh_fn + " " + ssl_fn
os.system(cmd)
-
+
# this check leaves the temporary file containing the public key so
# that it can be expected to see why it failed.
# TODO: for production, cleanup the temporary files
if not os.path.exists(ssl_fn):
- report.trace(" failed to convert key from " + ssh_fn + " to " + ssl_fn)
return None
-
+
k = Keypair()
try:
k.load_pubkey_from_file(ssl_fn)
except:
- print "XXX: Error while converting key: ", key
traceback.print_exc()
k = None
k.verify_update(data)
return M2Crypto.m2.verify_final(k.ctx, base64.b64decode(sig), k.pkey)
+ def compute_hash(self, value):
+ return self.sign_string(str(value))
+
##
# The certificate class implements a general purpose X509 certificate, making
# use of the appropriate pyOpenSSL or M2Crypto abstractions. It also adds
# until a certificate is found that is signed by a trusted root.
# TODO: verify expiration time
-
+ #print "====Verify Chain====="
# if this cert is signed by a trusted_cert, then we are set
for trusted_cert in trusted_certs:
+ #print "***************"
# TODO: verify expiration of trusted_cert ?
+ #print "CLIENT CERT", self.dump()
+ #print "TRUSTED CERT", trusted_cert.dump()
+ #print "Client is signed by Trusted?", self.is_signed_by_cert(trusted_cert)
if self.is_signed_by_cert(trusted_cert):
#print self.get_subject(), "is signed by a root"
return
- # if the public keys are the same then we are set
- if self.is_pubkey(trusted_cert.get_pubkey()):
- return
# if there is no parent, then no way to verify the chain
if not self.parent: