bugfix in certificate management, add str() conversion for safety

[sfa.git] / sfa / trust / certificate.py

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index b5296a6..199504d 100644 (file)
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -64,7 +64,7 @@ from sfa.util.faults import (CertExpired, CertMissingParent,
 from sfa.util.sfalogging import logger
 
 # this tends to generate quite some logs for little or no value
-debug_verify_chain = False
+debug_verify_chain = True
 
 glo_passphrase_callback = None
 
@@ -714,7 +714,9 @@ class Certificate:
         if field in self.data:
             raise Exception("Cannot set {} more than once".format(field))
         self.data[field] = string
-        self.add_extension(field, 0, string)
+        # call str() because we've seen unicode there
+        # and the underlying C code doesn't like it
+        self.add_extension(field, 0, str(string))
 
     ##
     # Return the data string that was previously set with set_data
@@ -789,8 +791,10 @@ class Certificate:
     # @param cert certificate object
 
     def is_signed_by_cert(self, cert):
-        logger.debug("Certificate.is_signed_by_cert -> invoking verify")
         k = cert.get_pubkey()
+        logger.debug("Certificate.is_signed_by_cert -> verify on {}\n"
+                     "with pubkey {}"
+                     .format(self, k))
         result = self.verify(k)
         return result
 
@@ -867,7 +871,7 @@ class Certificate:
                                               trusted_cert.pretty_name()))
             else:
                 logger.debug("verify_chain: not a direct"
-                             " descendant of a trusted root")
+                             " descendant of trusted root #{}".format(i))
 
         # if there is no parent, then no way to verify the chain
         if not self.parent: