示例#1
0
文件: crl_store.py 项目: shuxin/dslib
 def init_dist_point(self, url, verification=None):
     '''
     Initializes CDP - downloads and parses CRL.
     Returns number of certificates added to revoked
     certificates list.
     '''
     dpoint = self.find_dpoint(url)
     if dpoint is not None:
         self.changed = True
         if dpoint.lastUpdated is None:
             logger.debug("Initializing dpoint %s", url)
             downloaded = self.__download_crl(url)
             if downloaded is None:
               return False, 0
             crl = self.__decode_crl(downloaded)
             if (verification is not None):                    
                 verified = crl_verifier.verify_crl(crl, verification)
                 if not verified:
                     logger.warning('CRL verification failed')
                     return True, 0
                 else:
                     logger.info("CRL verified")
             return True, dpoint.update_revoked_list(crl)
         else:
           logger.warning("CDP %s is already initialized. Try to refresh it" % url)
           return True, 0
     else:
         logger.error("Distpoint %s not found. Has it already been added?"%url)
         return True, 0
示例#2
0
文件: crl_store.py 项目: shuxin/dslib
 def refresh_dist_point(self, url, verification=None, force_download=False):
     '''
     Refreshes CRL of distribution point specified by url.
     If the time of thisUpdate of downloaded CRL is the same 
     as time in lastUpdate of current version, does not do anything.
     Returns boolean value telling the result of download attempt and number of added certificates
     '''
     dpoint = self.find_dpoint(url)
     if dpoint is not None:
         last_updated = dpoint.lastUpdated
         logger.debug("Refreshing dpoint %s", url)
         # check time of next update - if it is in the future, return True,0
         # download only in case when nextUpdate time passed               
         if force_download:
           logger.debug("Force download parameter set, ignoring nextUpdate parameter of CRL")             
         else:
           # if force download was not set, check the nextUpdate parameter
           if dpoint.nextUpdate:
             next_time = timeutil.to_time(dpoint.nextUpdate)         
             current_time = timeutil.now()
             if current_time >= next_time:
               logger.info("Next update time passed, downloading CRL")
             else:
               logger.info("Next update scheduled on %s, not downloading anything" % dpoint.nextUpdate)
               return True, 0
           else:
             logger.info("No previous download recorded, downloading CRL")
         # download CRL
         downloaded = self.__download_crl(url)
         if downloaded is None:
           return False, 0
         # decode it and get the update time
         crl = self.__decode_crl(downloaded)
         if (verification is not None):                    
             verified = crl_verifier.verify_crl(crl, verification)
             if not verified:
                 logger.warning('CRL verification failed')
                 return True, 0
             else:
                 logger.info("CRL verified")
         else:
           logger.info("CRL verification not performed, no certificate provided")
         downloaded_update_time = str(crl.getComponentByName("tbsCertList").getComponentByName("thisUpdate"))
         # if there was new crl issued, commit changes to local copy
         if dpoint.lastUpdated != downloaded_update_time:
             logger.info("New CRL detected, current version: %s, new version: %s",\
                          dpoint.lastUpdated, downloaded_update_time)
             added_certs = dpoint.update_revoked_list(crl)
             logger.info("Added %d new revoked certificate serial numbers" % added_certs)
             if added_certs:
                 self.changed = True
             return True, added_certs
         else:
             logger.info("Downloaded CRL is the same as current, no changes in list of revoked certificates")
             return True, 0