Changeset 2404


Ignore:
Timestamp:
16/04/07 11:11:11 (12 years ago)
Author:
pjkersha
Message:

Renamed verifyCert -> verifyCertChain. Now raises an exception on an invalid certificate rather
than returning False.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wsSecurity.py

    r2401 r2404  
    7272    """For WS-Security generic exceptions not covered by other exception 
    7373    classes in this module""" 
     74 
     75class InvalidCertChain(Exception):     
     76    """Raised from SignatureHandler.verify if the certificate submitted to 
     77    verify a signature is not from a known CA""" 
    7478     
    7579class VerifyError(Exception): 
     
    470474         
    471475    #_________________________________________________________________________ 
    472     def verifyCert(self, certIn=None): 
     476    def verifyCertChain(self, certIn=None, raiseExcep=True): 
    473477        """Check a certificate has been issued by one of the known CA's 
    474         specified in X.509 stack""" 
     478        specified in X.509 stack 
     479         
     480        @type: ndg.security.common.X509.X509Cert / M2Crypto.X509.X509 / 
     481        string or None 
     482        @keyword certIn: X.509 certificate.   
     483         
     484        @type raiseExcep: bool 
     485        @keyword raiseExcep: set to True (default) to raise an exception if 
     486        the input certificate is invalid 
     487         
     488        @rtype bool 
     489        @return True if certificate was issued by a known CA""" 
     490         
    475491        if certIn: 
    476492            cert2Verify = self.__setCert(certIn) 
     
    483499                return True 
    484500            except: 
    485                 return False 
     501                pass 
     502             
     503        # No CA certs in the stack matched 
     504        if raiseExcep: 
     505            raise InvalidCertChain, \ 
     506        'Input certificate "%s" was not issued by a known CA' % cert2Verify.dn 
     507        else: 
     508            return False 
    486509                 
    487510         
     
    890913        # Verify certificate was issued by a known CA 
    891914        if self.caCertIsSet: 
    892             self.verifyCert() 
     915            self.verifyCertChain() 
    893916             
    894917        #print "Signature OK" 
Note: See TracChangeset for help on using the changeset viewer.