Python extractSignedCert Examples

Programming Language: Python

Namespace/Package Name: pisces.spkilib.spki

Method/Function: extractSignedCert

Examples at hotexamples.com: 2

Python extractSignedCert - 2 examples found. These are the top rated real world Python examples of pisces.spkilib.spki.extractSignedCert extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: config.py Project: danieljohnlewis/pisces

def resolveName(name):
    """Convert a name in the local namespace to a key

    The return value is an object with a getPrincipal method.
    """
    opts = getOptions()
    namecerts = opts.keys.lookupName(name)
    if not namecerts:
        raise ValueError, "unbound SPKI name: %s" % name
    cert = spki.extractSignedCert(namecerts[0])
    return cert.getSubject()

Example #2

Show file

File: verify.py Project: danieljohnlewis/pisces

    def verify(self, prin, perm, delegate=0):
	"""Find a valid certificate chain from ACL to prin for reqPerm.

	prin is the principal making the request.  perm is the
	permission request.

        If verify finds a valid certificate chain from the principal
        making the request to the ACL, it will return a list
        containing the certificates in the chain.  The first element
        in the list will be the ACL entry.  Each subsequent element
        will be a certificate delegating some permissions from the
        previous element to the next element.  The last element will
        delegate permissions to the principal.

        There is a delegate argument because there can't be more than
        one certificate between a valid delegate-able certificate and
        the principal requesting permission.  That one certificate is
        the one that grants permissions to the principal, but doesn't
        allow the principal to delegate further.  The delegate flag
        should always be true when called recursively.
	"""
        if self.VERBOSE:
            print "verify", prin, perm

        if not perm:
            if self.VERBOSE:
                print "cert", "permissions did not delegate"
            return None

        # A valid chain is always created here and modified as
        # recursive calls to verify return and add the current
        # certificate to the list.
        entry = self.checkACL(prin, perm)
        if entry:
            return [entry]

        certs = self.keys.lookupCertBySubject(prin)
        if self.VERBOSE:
            print "%d certs authorize %s" % (len(certs), prin)
        for certobj in certs:
            cert = spki.extractSignedCert(certobj)
            if self.VERBOSE:
                print sexp.pprint(cert.cert.sexp())

            # next method call with recurse
            if cert.kind == 'name-cert':
                chain = self.verifyNameCert(cert, perm, delegate)
            else:
                chain = self.verifyCert(cert, perm, delegate)
                
            # defer signature verification until we actually have a
            # potential chain from ACL to requested permissions
	    if not chain:
		continue
            if not cert.verifySignature(self.keys):
		if self.VERBOSE:
		    print "invalid signature on", cert.cert
                continue
            # Everythin looks good, so add the current certificate to
            # the chain and return
            chain.append(cert)
            return chain
        return None