Ignore:
Timestamp:
11/02/10 17:09:02 (10 years ago)
Author:
pjkersha
Message:

Fix for ApacheSSLAuthnMiddleware - use comma separated list for accepted DNs. This enables DNs with fields containing spaces to be correctly parsed.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/X509.py

    r6440 r6557  
    422422    def Read(cls, filePath, warningStackLevel=4, **isValidTimeKw): 
    423423        """Create a new X509 certificate read in from a file""" 
    424      
    425         x509Cert = cls(filePath=filePath) 
    426          
     424        x509Cert = cls(filePath=filePath)   
    427425        x509Cert.read(warningStackLevel=warningStackLevel, **isValidTimeKw) 
    428426         
     
    432430    def Parse(cls, x509CertTxt, warningStackLevel=4, **isValidTimeKw): 
    433431        """Create a new X509 certificate from string of file content""" 
    434      
    435         x509Cert = cls() 
    436          
     432        x509Cert = cls()       
    437433        x509Cert.parse(x509CertTxt,  
    438434                       warningStackLevel=warningStackLevel, 
     
    471467    """Error from X509Stack type""" 
    472468 
     469 
    473470class X509StackEmptyError(X509CertError): 
    474471    """Expecting non-zero length X509Stack""" 
     472 
    475473 
    476474class X509CertIssuerNotFound(X509CertError): 
     
    478476    input""" 
    479477 
     478 
    480479class SelfSignedCert(X509CertError): 
    481480    """Raise from verifyCertChain if cert. is self-signed and  
    482481    rejectSelfSignedCert=True""" 
    483482 
     483 
    484484class X509CertInvalidSignature(X509CertError): 
    485485    """X.509 Certificate has an invalid signature""" 
     486        
    486487        
    487488class X509Stack(object): 
     
    545546        return X509Cert(m2CryptoX509=self.__m2X509Stack.pop()) 
    546547 
    547  
    548548    def asDER(self): 
    549549        """Return the stack as a DER encoded string 
     
    551551        @rtype: string""" 
    552552        return self.__m2X509Stack.as_der() 
    553  
    554553 
    555554    def verifyCertChain(self,  
     
    585584 
    586585            x509Cert2Verify = self[-1] 
    587               
    588                  
     586               
    589587        # Exit loop if all certs have been validated or if find a self  
    590588        # signed cert. 
     
    622620        if issuerX509Cert:             
    623621            # Check for self-signed certificate 
    624             if nValidated == 1 and rejectSelfSignedCert and \ 
    625                issuerX509Cert.dn == issuerX509Cert.issuer: 
     622            if (nValidated == 1 and rejectSelfSignedCert and  
     623                issuerX509Cert.dn == issuerX509Cert.issuer): 
    626624 
    627625                # If only one iteration occurred then it must be a self 
     
    634632                          
    635633        elif not caX509Stack: 
    636             raise X509CertIssuerNotFound('No issuer cert. found for cert. ' 
    637                                          '"%s"' % x509Cert2Verify.dn) 
     634            raise X509CertIssuerNotFound('No issuer certificate found for ' 
     635                                         'certificate "%s"' %  
     636                                         x509Cert2Verify.dn) 
    638637             
    639638        for caCert in caX509Stack: 
     
    645644        if issuerX509Cert:    
    646645            if not x509Cert2Verify.verify(issuerX509Cert.pubKey): 
    647                 X509CertInvalidSignature('Signature is invalid for cert. "%s"'% 
     646                X509CertInvalidSignature('Signature is invalid for cert. "%s"' % 
    648647                                         x509Cert2Verify.dn) 
    649648             
Note: See TracChangeset for help on using the changeset viewer.