def add_chain_from_file(self, path):
"""
Passes the chain to the add_cert_chain method
a very useful method ...
"""
from imzaci.cert.cert_tools import load_chain_file
chain_obj = load_chain_file(path)
if not chain_obj:
return False
if not self.add_cert_chain(chain_obj, os.path.split(path)[1]):
return False
return True
def search_and_get_chain(self, search_criteria):
"""
Searches and gets the chain from the db the search_criteria
is the same as aboves
"""
from imzaci.cert.cert_tools import load_chain_file
chain_list = []
chain_files = self.search_chain(search_criteria)
if not chain_files:
return chain_list
# we have now the chain list files so can get em
for chain_file in chain_files:
tmp_chain = load_chain_file(chain_file)
if not tmp_chain:
continue
else:
chain_list.append(tmp_chain)
return chain_list
def search_and_get_cert(self, search_criteria):
"""
That one returns back the instances to be compared
"""
certs = []
search_result = self.search_cert(search_criteria)
if not search_result:
return None
from M2Crypto import X509 as x
from imzaci.cert.cert import X509Cert
from imzaci.cert.cert_tools import load_chain_file
for cert_hash, cert_detail in search_result.iteritems():
if not os.path.exists(cert_detail["cert_file"]):
print "The db is probably corrupted ,try running recreate_internal_db"
return None
if not cert_detail["is_chain"]:
# if it is not a chain file you just go and get
# the whole file so no problem here
cert = x.load_cert(cert_detail["cert_file"])
certs.append(X509Cert(cert))
else:
# the cert you are looking for is a member of a chain
# so get it,load the chain and then look for hash match
chain = load_chain_file(cert_detail["cert_file"])
if not chain:
continue
# is it what we look for ?
for c in chain:
if c.cert_hash() == self.__get_real_hash(cert_hash):
certs.append(c)
else:
continue
# get those certs
return certs
def check_for_errors(self):
"""
Check if there are some corrupted or expired and report them
That is a simple test which controls if the indexdb matches
the files system and also checks for expired things into db
thats all no magic here :)
"""
from imzaci.cert.cert_tools import load_chain_file
# some initial
self.__initialize_db_ifnot()
is_error = False
# we may not have any certs here
if not self.__cert_store:
return False
# check for indexdb-filedb match
checked_chain_files = set()
for cert_hash, cert_pack in self.__cert_store.iteritems():
cert_obj = self.search_and_get_cert(cert_hash)
if not cert_obj:
# here will be also logging
print "There is an entry for %s:%s cert in index db but you dont have it on fs" % (
cert_hash,
cert_pack["cert_file"],
)
is_error = True
else:
cert_obj = cert_obj[0]
if not cert_hash == cert_obj.cert_hash():
print "There is an entry for %s:%s cert in index db but you dont have it on fs (hash mismatch)" % (
cert_hash,
os.path.split(cert_pack["cert_file"])[1],
)
is_error = True
if not cert_obj.is_valid():
print "The cert with subject:%s is invalid(expired) " % (cert_obj.person_info())
is_error = True
if not cert_pack["cert_subject"] == cert_obj.person_info():
print "There is an entry for %s:%s cert in index db but you dont have it on fs (subject mismatch)" % (
cert_hash,
os.path.split(cert_pack["cert_file"])[1],
)
is_error = True
# check for cert chains if we didnt break sth
if cert_pack["is_chain"]:
print cert_pack["cert_file"]
if not cert_pack["cert_file"] in checked_chain_files:
checked_chain_files.add(cert_pack["cert_file"])
result = load_chain_file(cert_pack["cert_file"])
# print result
if not result:
print "Error when loading chain file %s probably you have broken sth" % (
os.path.split(cert_pack["cert_file"])(1)
)
is_error = True
if is_error:
print "Try re running the recreate_internal_db method and clean_expired methods"
return True
# means there is no errors
# print "All stuff is ok"
return False
