from sfa.util.sfalogging import logger
# this tends to generate quite some logs for little or no value
-debug_verify_chain = False
+debug_verify_chain = True
glo_passphrase_callback = None
# @param filename name of file to store the keypair in
def save_to_file(self, filename):
- open(filename, 'w').write(self.as_pem())
+ with open(filename, 'w') as output:
+ output.write(self.as_pem())
self.filename = filename
##
data = self.get_data(field='subjectAltName')
if data:
message += " SubjectAltName:"
- counter = 0
filtered = [self.filter_chunk(chunk) for chunk in data.split()]
message += " ".join([f for f in filtered if f])
omitted = len([f for f in filtered if not f])
if field in self.data:
raise Exception("Cannot set {} more than once".format(field))
self.data[field] = string
- self.add_extension(field, 0, string)
+ # call str() because we've seen unicode there
+ # and the underlying C code doesn't like it
+ self.add_extension(field, 0, str(string))
##
# Return the data string that was previously set with set_data
# @param cert certificate object
def is_signed_by_cert(self, cert):
- logger.debug("Certificate.is_signed_by_cert -> invoking verify")
- k = cert.get_pubkey()
- result = self.verify(k)
+ key = cert.get_pubkey()
+ logger.debug("Certificate.is_signed_by_cert -> verify on {}\n"
+ "with pubkey {}"
+ .format(self, key))
+ result = self.verify(key)
return result
##
# the public key contained in it's parent. The chain is recursed
# until a certificate is found that is signed by a trusted root.
- logger.debug("Certificate.verify_chain {}".format(self.pretty_name()))
# verify expiration time
if self.x509.has_expired():
if debug_verify_chain:
# if this cert is signed by a trusted_cert, then we are set
for i, trusted_cert in enumerate(trusted_certs, 1):
- logger.debug("Certificate.verify_chain - trying trusted #{} : {}"
+ logger.debug(5*'-' +
+ " Certificate.verify_chain - trying trusted #{} : {}"
.format(i, trusted_cert.pretty_name()))
if self.is_signed_by_cert(trusted_cert):
# verify expiration of trusted_cert ?
trusted_cert.pretty_name()))
else:
logger.debug("verify_chain: not a direct"
- " descendant of a trusted root")
+ " descendant of trusted root #{}".format(i))
# if there is no parent, then no way to verify the chain
if not self.parent: