示例#1
0
 def verify_entry(self, entry, metadata, data):
     try:
         result = self.exc.run(self.cmd, inputdata=data)
         if not result.success:
             raise CfgVerificationError(result.error)
     except OSError:
         raise CfgVerificationError(sys.exc_info()[1])
 def verify_entry(self, entry, metadata, data):
     try:
         proc = Popen(self.cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE)
         err = proc.communicate(input=data)[1]
         rv = proc.wait()
         if rv != 0:
             raise CfgVerificationError(err)
     except:
         err = sys.exc_info()[1]
         raise CfgVerificationError("Error running external command "
                                    "verifier: %s" % err)
示例#3
0
 def _get_modulus(self, fname, ftype="x509"):
     """ get the modulus from the given file """
     cmd = ["openssl", ftype, "-noout", "-modulus", "-in", fname]
     self.debug_log("Cfg: Getting modulus of %s for verification: %s" %
                    (fname, " ".join(cmd)))
     result = self.cmd.run(cmd)
     if not result.success:
         raise CfgVerificationError("Failed to get modulus of %s: %s" %
                                    (fname, result.error))
     return result.stdout.strip()
示例#4
0
 def verify_cert_against_key(self, filename, keyfile):
     """ check that a certificate validates against its private
     key. """
     cert = self._get_modulus(filename)
     key = self._get_modulus(keyfile, ftype="rsa")
     if cert == key:
         self.debug_log("Cfg: %s verified successfully against key %s" %
                        (filename, keyfile))
     else:
         raise CfgVerificationError("%s failed verification against key %s"
                                    % (filename, keyfile))
示例#5
0
 def verify_cert_against_ca(self, filename, entry, metadata):
     """
     check that a certificate validates against the ca cert,
     and that it has not expired.
     """
     cert = self.XMLMatch(metadata).find("Cert")
     ca = self.get_ca(cert.get("ca", "default"))
     chaincert = ca.get('chaincert')
     cmd = ["openssl", "verify"]
     is_root = ca.get('root_ca', "false").lower() == 'true'
     if is_root:
         cmd.append("-CAfile")
     else:
         # verifying based on an intermediate cert
         cmd.extend(["-purpose", "sslserver", "-untrusted"])
     cmd.extend([chaincert, filename])
     self.debug_log("Cfg: Verifying %s against CA" % entry.get("name"))
     result = self.cmd.run(cmd)
     if result.stdout == cert + ": OK\n":
         self.debug_log("Cfg: %s verified successfully against CA" %
                        entry.get("name"))
     else:
         raise CfgVerificationError("%s failed verification against CA: %s"
                                    % (entry.get("name"), result.error))
 def verify_entry(self, entry, metadata, data):
     proc = Popen(self.cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE)
     err = proc.communicate(input=data)[1]
     rv = proc.wait()
     if rv != 0:
         raise CfgVerificationError(err)