Exemple #1
0
    def add_chain_from_file(self, path):
        """
        Passes the chain to the add_cert_chain method
        a very useful method ...
        """
        from imzaci.cert.cert_tools import load_chain_file

        chain_obj = load_chain_file(path)
        if not chain_obj:
            return False

        if not self.add_cert_chain(chain_obj, os.path.split(path)[1]):
            return False
        return True
Exemple #2
0
    def search_and_get_chain(self, search_criteria):
        """
        Searches and gets the chain from the db the search_criteria
        is the same as aboves
        """
        from imzaci.cert.cert_tools import load_chain_file

        chain_list = []
        chain_files = self.search_chain(search_criteria)
        if not chain_files:
            return chain_list

        # we have now the chain list files so can get em
        for chain_file in chain_files:
            tmp_chain = load_chain_file(chain_file)
            if not tmp_chain:
                continue
            else:
                chain_list.append(tmp_chain)

        return chain_list
Exemple #3
0
    def search_and_get_cert(self, search_criteria):
        """
        That one returns back the instances to be compared
        """
        certs = []
        search_result = self.search_cert(search_criteria)
        if not search_result:
            return None

        from M2Crypto import X509 as x
        from imzaci.cert.cert import X509Cert
        from imzaci.cert.cert_tools import load_chain_file

        for cert_hash, cert_detail in search_result.iteritems():
            if not os.path.exists(cert_detail["cert_file"]):
                print "The db is probably corrupted ,try running recreate_internal_db"
                return None
            if not cert_detail["is_chain"]:
                # if it is not a chain file you just go and get
                # the whole file so no problem here
                cert = x.load_cert(cert_detail["cert_file"])
                certs.append(X509Cert(cert))
            else:
                # the cert you are looking for is a member of a chain
                # so get it,load the chain and then look for hash match
                chain = load_chain_file(cert_detail["cert_file"])
                if not chain:
                    continue
                # is it what we look for ?
                for c in chain:
                    if c.cert_hash() == self.__get_real_hash(cert_hash):
                        certs.append(c)
                    else:
                        continue
        # get those certs
        return certs
Exemple #4
0
    def check_for_errors(self):
        """
        Check if there are some corrupted or expired and report them
        That is a simple test which controls if the indexdb matches
        the files system and also checks for expired things into db
        thats all no magic here :)
        """
        from imzaci.cert.cert_tools import load_chain_file

        # some initial
        self.__initialize_db_ifnot()
        is_error = False
        # we may not have any certs here
        if not self.__cert_store:
            return False

        # check for indexdb-filedb match
        checked_chain_files = set()
        for cert_hash, cert_pack in self.__cert_store.iteritems():
            cert_obj = self.search_and_get_cert(cert_hash)
            if not cert_obj:
                # here will be also logging
                print "There is an entry for %s:%s cert in index db but you dont have it on fs" % (
                    cert_hash,
                    cert_pack["cert_file"],
                )
                is_error = True
            else:
                cert_obj = cert_obj[0]
                if not cert_hash == cert_obj.cert_hash():
                    print "There is an entry for %s:%s cert in index db but you dont have it on fs (hash mismatch)" % (
                        cert_hash,
                        os.path.split(cert_pack["cert_file"])[1],
                    )
                    is_error = True
                if not cert_obj.is_valid():
                    print "The cert with subject:%s is invalid(expired) " % (cert_obj.person_info())
                    is_error = True
                if not cert_pack["cert_subject"] == cert_obj.person_info():
                    print "There is an entry for %s:%s cert in index db but you dont have it on fs (subject mismatch)" % (
                        cert_hash,
                        os.path.split(cert_pack["cert_file"])[1],
                    )
                    is_error = True

                # check for cert chains if we didnt break sth
                if cert_pack["is_chain"]:
                    print cert_pack["cert_file"]
                    if not cert_pack["cert_file"] in checked_chain_files:
                        checked_chain_files.add(cert_pack["cert_file"])
                        result = load_chain_file(cert_pack["cert_file"])
                        # print result
                        if not result:
                            print "Error when loading chain file %s probably you have broken sth" % (
                                os.path.split(cert_pack["cert_file"])(1)
                            )
                            is_error = True
        if is_error:
            print "Try re running the recreate_internal_db method and clean_expired methods"
            return True
        # means there is no errors

        # print "All stuff is ok"
        return False