X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcertificate.py;h=fb515e5aa4435942a6dbba90f12a61e9ab590cb1;hb=5b37ec55340b8b9d9214618001eed4ea9f0254aa;hp=9552d1ff9834676077666555e36297bfeb58adcb;hpb=fd395e1944dcd49f10a4d5b27ce4983ad389fb96;p=sfa.git

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index 9552d1ff..fb515e5a 100644
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -182,7 +182,8 @@ class Keypair:
     # @param filename name of file to store the keypair in
 
     def save_to_file(self, filename):
-        open(filename, 'w').write(self.as_pem())
+        with open(filename, 'w') as output:
+            output.write(self.as_pem())
         self.filename = filename
 
     ##
@@ -583,7 +584,6 @@ class Certificate:
         data = self.get_data(field='subjectAltName')
         if data:
             message += " SubjectAltName:"
-            counter = 0
             filtered = [self.filter_chunk(chunk) for chunk in data.split()]
             message += " ".join([f for f in filtered if f])
             omitted = len([f for f in filtered if not f])
@@ -714,7 +714,9 @@ class Certificate:
         if field in self.data:
             raise Exception("Cannot set {} more than once".format(field))
         self.data[field] = string
-        self.add_extension(field, 0, string)
+        # call str() because we've seen unicode there
+        # and the underlying C code doesn't like it
+        self.add_extension(field, 0, str(string))
 
     ##
     # Return the data string that was previously set with set_data
@@ -789,11 +791,11 @@ class Certificate:
     # @param cert certificate object
 
     def is_signed_by_cert(self, cert):
-        k = cert.get_pubkey()
+        key = cert.get_pubkey()
         logger.debug("Certificate.is_signed_by_cert -> verify on {}\n"
                      "with pubkey {}"
-                     .format(self, k))
-        result = self.verify(k)
+                     .format(self, key))
+        result = self.verify(key)
         return result
 
     ##
@@ -836,7 +838,6 @@ class Certificate:
         # the public key contained in it's parent. The chain is recursed
         # until a certificate is found that is signed by a trusted root.
 
-        logger.debug("Certificate.verify_chain {}".format(self.pretty_name()))
         # verify expiration time
         if self.x509.has_expired():
             if debug_verify_chain:
@@ -846,7 +847,8 @@ class Certificate:
 
         # if this cert is signed by a trusted_cert, then we are set
         for i, trusted_cert in enumerate(trusted_certs, 1):
-            logger.debug("Certificate.verify_chain - trying trusted #{} : {}"
+            logger.debug(5*'-' +
+                         " Certificate.verify_chain - trying trusted #{} : {}"
                          .format(i, trusted_cert.pretty_name()))
             if self.is_signed_by_cert(trusted_cert):
                 # verify expiration of trusted_cert ?