X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcertificate.py;h=9480f7af186e369a6d1cf8b40011d61bbdf08791;hb=95d3d2e7ee31d2b4b066ed6f1340599eac9f4397;hp=4815ebc8c46476bb44117135b8c26756c016e503;hpb=80cdde3274e9a2a2e61af6f627d817329f6faa3f;p=sfa.git

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index 4815ebc8..9480f7af 100644
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -18,6 +18,7 @@
 import os
 import tempfile
 import base64
+import traceback
 from OpenSSL import crypto
 import M2Crypto
 from M2Crypto import X509
@@ -26,7 +27,7 @@ from M2Crypto import EVP
 from sfa.util.faults import *
 
 def convert_public_key(key):
-    keyconvert_path = "/usr/share/keyconvert/keyconvert"
+    keyconvert_path = "/usr/bin/keyconvert"
     if not os.path.isfile(keyconvert_path):
         raise IOError, "Could not find keyconvert in %s" % keyconvert_path
 
@@ -54,7 +55,8 @@ def convert_public_key(key):
     try:
         k.load_pubkey_from_file(ssl_fn)
     except:
-        print "XXX: Error while converting key: ", key_str
+        print "XXX: Error while converting key: ", key
+        traceback.print_exc()
         k = None
 
     # remove the temporary files
@@ -162,11 +164,21 @@ class Keypair:
    def as_pem(self):
       return crypto.dump_privatekey(crypto.FILETYPE_PEM, self.key)
 
+   ##
+   # Return an M2Crypto key object
+
    def get_m2_pkey(self):
       if not self.m2key:
          self.m2key = M2Crypto.EVP.load_key_string(self.as_pem())
       return self.m2key
 
+   ##
+   # Returns a string containing the public key represented by this object.
+
+   def get_pubkey_string(self):
+      m2pkey = self.get_m2_pkey()
+      return base64.b64encode(m2pkey.as_der())
+
    ##
    # Return an OpenSSL pkey object
 
@@ -504,10 +516,14 @@ class Certificate:
         # until a certificate is found that is signed by a trusted root.
 
         # TODO: verify expiration time
-
+        print "====Verify Chain====="
         # if this cert is signed by a trusted_cert, then we are set
         for trusted_cert in trusted_certs:
+            print "***************"
             # TODO: verify expiration of trusted_cert ?
+            print "CLIENT CERT", self.dump()
+            print "TRUSTED CERT", trusted_cert.dump()
+            print "Client is signed by Trusted?", self.is_signed_by_cert(trusted_cert)
             if self.is_signed_by_cert(trusted_cert):
                 #print self.get_subject(), "is signed by a root"
                 return