def init_validation_context_kwargs(*, trust, trust_replace, other_certs,
retroactive_revinfo=False,
time_tolerance=None):
if not isinstance(time_tolerance, timedelta):
if time_tolerance is None:
time_tolerance = timedelta(seconds=DEFAULT_TIME_TOLERANCE)
elif isinstance(time_tolerance, int):
time_tolerance = timedelta(seconds=time_tolerance)
else:
raise ConfigurationError(
"time-tolerance parameter must be specified in seconds"
)
vc_kwargs = {'time_tolerance': time_tolerance}
if retroactive_revinfo:
vc_kwargs['retroactive_revinfo'] = True
if trust:
if isinstance(trust, str):
trust = (trust,)
# add trust roots to the validation context, or replace them
trust_certs = list(load_certs_from_pemder(trust))
if trust_replace:
vc_kwargs['trust_roots'] = trust_certs
else:
vc_kwargs['extra_trust_roots'] = trust_certs
if other_certs:
if isinstance(other_certs, str):
other_certs = (other_certs,)
vc_kwargs['other_certs'] = list(load_certs_from_pemder(other_certs))
return vc_kwargs
def process_entries(cls, config_dict):
super().process_entries(config_dict)
other_certs = config_dict.get('other_certs', ())
if isinstance(other_certs, str):
other_certs = (other_certs, )
config_dict['other_certs'] = list(load_certs_from_pemder(other_certs))
if 'token_label' not in config_dict and 'slot_no' not in config_dict:
raise ConfigurationError(
"Either 'slot_no' or 'token_label' must be provided in "
"PKCS#11 setup")
cert_file = config_dict.get('signing_certificate', None)
if cert_file is not None:
config_dict['signing_certificate'] \
= load_cert_from_pemder(cert_file)
if 'key_id' in config_dict:
config_dict['key_id'] \
= _process_pkcs11_id_value(config_dict['key_id'])
elif 'key_label' not in config_dict and 'cert_label' not in config_dict:
raise ConfigurationError(
"Either 'key_id', 'key_label' or 'cert_label' must be provided "
"in PKCS#11 setup")
if 'cert_id' in config_dict:
config_dict['cert_id'] \
= _process_pkcs11_id_value(config_dict['cert_id'])
elif 'cert_label' not in config_dict \
and 'signing_certificate' not in config_dict:
raise ConfigurationError(
"Either 'cert_id', 'cert_label' or 'signing_certificate' "
"must be provided in PKCS#11 setup")
def process_entries(cls, config_dict):
super().process_entries(config_dict)
other_certs = config_dict.get('other_certs', ())
if isinstance(other_certs, str):
other_certs = (other_certs,)
config_dict['other_certs'] = list(load_certs_from_pemder(other_certs))
try:
passphrase = config_dict['key_passphrase']
if passphrase is not None:
config_dict['key_passphrase'] = passphrase.encode('utf8')
except KeyError:
pass
def init_validation_context_kwargs(trust,
trust_replace,
other_certs,
time_tolerance=None):
vc_kwargs = {
'time_tolerance':
timedelta(seconds=DEFAULT_TIME_TOLERANCE)
if time_tolerance is None else time_tolerance
}
if trust:
if isinstance(trust, str):
trust = (trust, )
# add trust roots to the validation context, or replace them
trust_certs = list(load_certs_from_pemder(trust))
if trust_replace:
vc_kwargs['trust_roots'] = trust_certs
else:
vc_kwargs['extra_trust_roots'] = trust_certs
if other_certs:
if isinstance(other_certs, str):
other_certs = (other_certs, )
vc_kwargs['other_certs'] = list(load_certs_from_pemder(other_certs))
return vc_kwargs
