X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcertificate.py;h=59ec4427fd929aa113b843d8e7986544414ade96;hb=756cdcc457721340785ee25028f72220527d7694;hp=f0a2d71c916ff0f625ee0fe28734d80884088e13;hpb=e39e728991b762ae0b52b52b06655f0c7f1b7421;p=sfa.git

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index f0a2d71c..59ec4427 100644
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -51,7 +51,7 @@ from sfa.util.sfalogging import logger
 glo_passphrase_callback = None
 
 ##
-# A global callback msy be implemented for requesting passphrases from the
+# A global callback may be implemented for requesting passphrases from the
 # user. The function will be called with three arguments:
 #
 #    keypair_obj: the keypair object that is calling the passphrase
@@ -89,7 +89,7 @@ def convert_public_key(key):
 
     # we can only convert rsa keys
     if "ssh-dss" in key:
-        return None
+        raise Exception, "keyconvert: dss keys are not supported"
 
     (ssh_f, ssh_fn) = tempfile.mkstemp()
     ssl_fn = tempfile.mktemp()
@@ -103,20 +103,21 @@ def convert_public_key(key):
     # that it can be expected to see why it failed.
     # TODO: for production, cleanup the temporary files
     if not os.path.exists(ssl_fn):
-        return None
+        raise Exception, "keyconvert: generated certificate not found. keyconvert may have failed."
 
     k = Keypair()
     try:
         k.load_pubkey_from_file(ssl_fn)
+        return k
     except:
         logger.log_exc("convert_public_key caught exception")
-        k = None
-
-    # remove the temporary files
-    os.remove(ssh_fn)
-    os.remove(ssl_fn)
-
-    return k
+        raise
+    finally:
+        # remove the temporary files
+        if os.path.exists(ssh_fn):
+            os.remove(ssh_fn)
+        if os.path.exists(ssl_fn):
+            os.remove(ssl_fn)
 
 ##
 # Public-private key pairs are implemented by the Keypair class.
@@ -713,7 +714,7 @@ class Certificate:
         # if there is no parent, then no way to verify the chain
         if not self.parent:
             logger.debug("verify_chain: NO. %s has no parent and issuer %s is not in %d trusted roots"%(self.get_printable_subject(), self.get_issuer(), len(trusted_certs)))
-            raise CertMissingParent(self.get_printable_subject() + ": Issuer %s not trusted by any of %d trusted roots, and cert has no parent." % (self.get_issuer(), len(trusted_certs)))
+            raise CertMissingParent(self.get_printable_subject() + ": Issuer %s is not one of the %d trusted roots, and cert has no parent." % (self.get_issuer(), len(trusted_certs)))
 
         # if it wasn't signed by the parent...
         if not self.is_signed_by_cert(self.parent):