Ignore:
Timestamp:
11/12/08 17:08:31 (11 years ago)
Author:
pjkersha
Message:

#1004 Security Filter:

  • SSLClientAuthNMiddleware initial version near completion
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/X509.py

    r4603 r4606  
    347347        return x509Cert 
    348348         
    349 #_____________________________________________________________________________ 
    350349# Alternative AttCert constructors 
    351 # 
    352350def X509CertRead(filePath): 
    353351    """Create a new X509 certificate read in from a file""" 
     
    358356    return x509Cert 
    359357 
    360  
    361 #_____________________________________________________________________________ 
    362358def X509CertParse(x509CertTxt): 
    363359    """Create a new X509 certificate from string of file content""" 
     
    369365 
    370366 
    371 #_____________________________________________________________________________ 
    372 class X509StackError(Exception): 
     367class X509StackError(X509CertError): 
    373368    """Error from X509Stack type""" 
    374369 
    375 #_____________________________________________________________________________ 
    376 class CertIssuerNotFound(X509StackError): 
     370class X509StackEmptyError(X509CertError): 
     371    """Expecting non-zero length X509Stack""" 
     372 
     373class X509CertIssuerNotFound(X509CertError): 
    377374    """Raise from verifyCertChain if no certificate can be found to verify the 
    378375    input""" 
    379376 
    380 class SelfSignedCert(X509StackError): 
     377class SelfSignedCert(X509CertError): 
    381378    """Raise from verifyCertChain if cert. is self-signed and  
    382379    rejectSelfSignedCert=True""" 
     380 
     381class X509CertInvalidSignature(X509CertError): 
     382    """X.509 Certificate has an invalid signature""" 
    383383        
    384 #_____________________________________________________________________________ 
    385384class X509Stack(object): 
    386385    """Wrapper for M2Crypto X509_Stack""" 
     
    479478            # populated 
    480479            if n2Validate == 0: 
    481                 raise X509StackError, \ 
    482                 "Empty stack and no x509Cert2Verify set: no cert.s to verify" 
     480                raise X509StackEmptyError("Empty stack and no x509Cert2Verify " 
     481                                          "set: no cert.s to verify") 
    483482 
    484483            x509Cert2Verify = self[-1] 
     
    505504                # signature of the cert. to be verified 
    506505                if not x509Cert2Verify.verify(issuerX509Cert.pubKey): 
    507                     X509CertError, 'Signature is invalid for cert. "%s"' % \ 
    508                                     x509Cert2Verify.dn 
     506                    X509CertInvalidSignature('Signature is invalid for cert. ' 
     507                                             '"%s"' % x509Cert2Verify.dn) 
    509508                 
    510509                # In the next iteration the issuer cert. will be checked: 
     
    525524                # If only one iteration occured then it must be a self 
    526525                # signed certificate 
    527                 raise SelfSignedCert, "Certificate is self signed" 
     526                raise SelfSignedCert("Certificate is self signed: [DN=%s]" % 
     527                                     issuerX509Cert.dn) 
    528528            
    529529            if not caX509Stack: 
     
    531531                          
    532532        elif not caX509Stack: 
    533             raise CertIssuerNotFound, \ 
    534                     'No issuer cert. found for cert. "%s"'%x509Cert2Verify.dn 
     533            raise X509CertIssuerNotFound('No issuer cert. found for cert. ' 
     534                                         '"%s"' % x509Cert2Verify.dn) 
    535535             
    536536        for caCert in caX509Stack: 
     
    542542        if issuerX509Cert:    
    543543            if not x509Cert2Verify.verify(issuerX509Cert.pubKey): 
    544                 X509CertError, 'Signature is invalid for cert. "%s"' % \ 
    545                                 x509Cert2Verify.dn 
     544                X509CertInvalidSignature('Signature is invalid for cert. "%s"'% 
     545                                         x509Cert2Verify.dn) 
    546546             
    547547            # Chain is validated through to CA cert 
    548548            return 
    549549        else: 
    550             raise CertIssuerNotFound, 'No issuer cert. found for cert. "%s"'%\ 
    551                                 x509Cert2Verify.dn 
     550            raise X509CertIssuerNotFound('No issuer cert. found for ' 
     551                                         'certificate "%s"'%x509Cert2Verify.dn) 
    552552         
    553553        # If this point is reached then an issuing cert is missing from the 
    554554        # chain         
    555         raise X509CertError, 'Can\'t find issuer cert "%s" for cert "%s"' % \ 
    556                           (x509Cert2Verify.issuer, x509Cert2Verify.dn)   
     555        raise X509CertIssuerNotFound('Can\'t find issuer cert "%s" for ' 
     556                                     'certificate "%s"' % 
     557                                     (x509Cert2Verify.issuer,  
     558                                      x509Cert2Verify.dn)) 
    557559 
    558560 
Note: See TracChangeset for help on using the changeset viewer.