def init_dist_point(self, url, verification=None):
'''
Initializes CDP - downloads and parses CRL.
Returns number of certificates added to revoked
certificates list.
'''
dpoint = self.find_dpoint(url)
if dpoint is not None:
self.changed = True
if dpoint.lastUpdated is None:
logger.debug("Initializing dpoint %s", url)
downloaded = self.__download_crl(url)
if downloaded is None:
return False, 0
crl = self.__decode_crl(downloaded)
if (verification is not None):
verified = crl_verifier.verify_crl(crl, verification)
if not verified:
logger.warning('CRL verification failed')
return True, 0
else:
logger.info("CRL verified")
return True, dpoint.update_revoked_list(crl)
else:
logger.warning("CDP %s is already initialized. Try to refresh it" % url)
return True, 0
else:
logger.error("Distpoint %s not found. Has it already been added?"%url)
return True, 0
def refresh_dist_point(self, url, verification=None, force_download=False):
'''
Refreshes CRL of distribution point specified by url.
If the time of thisUpdate of downloaded CRL is the same
as time in lastUpdate of current version, does not do anything.
Returns boolean value telling the result of download attempt and number of added certificates
'''
dpoint = self.find_dpoint(url)
if dpoint is not None:
last_updated = dpoint.lastUpdated
logger.debug("Refreshing dpoint %s", url)
# check time of next update - if it is in the future, return True,0
# download only in case when nextUpdate time passed
if force_download:
logger.debug("Force download parameter set, ignoring nextUpdate parameter of CRL")
else:
# if force download was not set, check the nextUpdate parameter
if dpoint.nextUpdate:
next_time = timeutil.to_time(dpoint.nextUpdate)
current_time = timeutil.now()
if current_time >= next_time:
logger.info("Next update time passed, downloading CRL")
else:
logger.info("Next update scheduled on %s, not downloading anything" % dpoint.nextUpdate)
return True, 0
else:
logger.info("No previous download recorded, downloading CRL")
# download CRL
downloaded = self.__download_crl(url)
if downloaded is None:
return False, 0
# decode it and get the update time
crl = self.__decode_crl(downloaded)
if (verification is not None):
verified = crl_verifier.verify_crl(crl, verification)
if not verified:
logger.warning('CRL verification failed')
return True, 0
else:
logger.info("CRL verified")
else:
logger.info("CRL verification not performed, no certificate provided")
downloaded_update_time = str(crl.getComponentByName("tbsCertList").getComponentByName("thisUpdate"))
# if there was new crl issued, commit changes to local copy
if dpoint.lastUpdated != downloaded_update_time:
logger.info("New CRL detected, current version: %s, new version: %s",\
dpoint.lastUpdated, downloaded_update_time)
added_certs = dpoint.update_revoked_list(crl)
logger.info("Added %d new revoked certificate serial numbers" % added_certs)
if added_certs:
self.changed = True
return True, added_certs
else:
logger.info("Downloaded CRL is the same as current, no changes in list of revoked certificates")
return True, 0
