def _check_ca_fingerprint(self, *args):
"""
Checks the CA cert fingerprint against the one provided in the
json definition
"""
leap_assert(self._provider_config, "Cannot check the ca cert "
"without a provider config!")
logger.debug("Checking ca fingerprint for %r and cert %r" %
(self._domain,
self._provider_config.get_ca_cert_path()))
if not self._should_proceed_cert():
return
parts = self._provider_config.get_ca_cert_fingerprint().split(":")
error_msg = "Wrong fingerprint format"
leap_check(len(parts) == 2, error_msg, WrongFingerprint)
method = parts[0].strip()
fingerprint = parts[1].strip()
cert_data = None
with open(self._provider_config.get_ca_cert_path()) as f:
cert_data = f.read()
leap_assert(len(cert_data) > 0, "Could not read certificate data")
digest = get_digest(cert_data, method)
error_msg = "Downloaded certificate has a different fingerprint!"
leap_check(digest == fingerprint, error_msg, WrongFingerprint)
def _check_ca_fingerprint(self, *args):
"""
Checks the CA cert fingerprint against the one provided in the
json definition
"""
leap_assert(self._provider_config, "Cannot check the ca cert "
"without a provider config!")
logger.debug("Checking ca fingerprint for %r and cert %r" %
(self._domain, self._provider_config.get_ca_cert_path()))
if not self._should_proceed_cert():
return
parts = self._provider_config.get_ca_cert_fingerprint().split(":")
error_msg = "Wrong fingerprint format"
leap_check(len(parts) == 2, error_msg, WrongFingerprint)
method = parts[0].strip()
fingerprint = parts[1].strip()
cert_data = None
with open(self._provider_config.get_ca_cert_path()) as f:
cert_data = f.read()
leap_assert(len(cert_data) > 0, "Could not read certificate data")
digest = get_digest(cert_data, method)
error_msg = "Downloaded certificate has a different fingerprint!"
leap_check(digest == fingerprint, error_msg, WrongFingerprint)
def validate_certificate(self, cert_data=None):
if cert_data is None:
cert_data = self._fetch_certificate()
parts = str(self.ca_cert_fingerprint).split(':')
method = parts[0].strip()
fingerprint = parts[1].strip()
digest = get_digest(cert_data, method)
if fingerprint.strip() != digest:
raise Exception('Certificate fingerprints don\'t match! Expected [%s] but got [%s]' % (fingerprint.strip(), digest))
def validate_certificate(self, cert_data=None):
if cert_data is None:
cert_data = self._fetch_certificate()
parts = str(self.ca_cert_fingerprint).split(':')
method = parts[0].strip()
fingerprint = parts[1].strip()
digest = get_digest(cert_data, method)
if fingerprint.strip() != digest:
raise Exception('Certificate fingerprints don\'t match')
