X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcertificate.py;h=9b488357f4a082002ebfb53c9bbdbfe8e89fc579;hb=3d7237fa0b5f2b4a60cb97c7fb3b6aecfd94558a;hp=3b725bdec7d431c8be48bcabb9ce18c0fc7a350a;hpb=a223761e6fd7cf0148e1ceecd6e78ce03c288772;p=sfa.git

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index 3b725bde..9b488357 100644
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -1,5 +1,5 @@
 ##
-# Geniwrapper uses two crypto libraries: pyOpenSSL and M2Crypto to implement
+# SFA uses two crypto libraries: pyOpenSSL and M2Crypto to implement
 # the necessary crypto functionality. Ideally just one of these libraries
 # would be used, but unfortunately each of these libraries is independently
 # lacking. The pyOpenSSL library is missing many necessary functions, and
@@ -33,7 +33,6 @@ def convert_public_key(key):
 
     # we can only convert rsa keys 
     if "ssh-dss" in key:
-        print "XXX: DSA key encountered, ignoring"
         return None
     
     (ssh_f, ssh_fn) = tempfile.mkstemp()
@@ -43,19 +42,17 @@ def convert_public_key(key):
 
     cmd = keyconvert_path + " " + ssh_fn + " " + ssl_fn
     os.system(cmd)
-
+    
     # this check leaves the temporary file containing the public key so
     # that it can be expected to see why it failed.
     # TODO: for production, cleanup the temporary files
     if not os.path.exists(ssl_fn):
-        report.trace("  failed to convert key from " + ssh_fn + " to " + ssl_fn)
         return None
-
+    
     k = Keypair()
     try:
         k.load_pubkey_from_file(ssl_fn)
     except:
-        print "XXX: Error while converting key: ", key
         traceback.print_exc()
         k = None
 
@@ -203,6 +200,9 @@ class Keypair:
       k.verify_update(data)
       return M2Crypto.m2.verify_final(k.ctx, base64.b64decode(sig), k.pkey)
 
+   def compute_hash(self, value):
+      return self.sign_string(str(value))      
+
 ##
 # The certificate class implements a general purpose X509 certificate, making
 # use of the appropriate pyOpenSSL or M2Crypto abstractions. It also adds
@@ -516,10 +516,14 @@ class Certificate:
         # until a certificate is found that is signed by a trusted root.
 
         # TODO: verify expiration time
-
+        #print "====Verify Chain====="
         # if this cert is signed by a trusted_cert, then we are set
         for trusted_cert in trusted_certs:
+            #print "***************"
             # TODO: verify expiration of trusted_cert ?
+            #print "CLIENT CERT", self.dump()
+            #print "TRUSTED CERT", trusted_cert.dump()
+            #print "Client is signed by Trusted?", self.is_signed_by_cert(trusted_cert)
             if self.is_signed_by_cert(trusted_cert):
                 #print self.get_subject(), "is signed by a root"
                 return