def _check_ca_fingerprint(self, *args): """ Checks the CA cert fingerprint against the one provided in the json definition """ leap_assert(self._provider_config, "Cannot check the ca cert " "without a provider config!") logger.debug("Checking ca fingerprint for %r and cert %r" % (self._domain, self._provider_config.get_ca_cert_path())) if not self._should_proceed_cert(): return parts = self._provider_config.get_ca_cert_fingerprint().split(":") error_msg = "Wrong fingerprint format" leap_check(len(parts) == 2, error_msg, WrongFingerprint) method = parts[0].strip() fingerprint = parts[1].strip() cert_data = None with open(self._provider_config.get_ca_cert_path()) as f: cert_data = f.read() leap_assert(len(cert_data) > 0, "Could not read certificate data") digest = get_digest(cert_data, method) error_msg = "Downloaded certificate has a different fingerprint!" leap_check(digest == fingerprint, error_msg, WrongFingerprint)
def validate_certificate(self, cert_data=None): if cert_data is None: cert_data = self._fetch_certificate() parts = str(self.ca_cert_fingerprint).split(':') method = parts[0].strip() fingerprint = parts[1].strip() digest = get_digest(cert_data, method) if fingerprint.strip() != digest: raise Exception('Certificate fingerprints don\'t match! Expected [%s] but got [%s]' % (fingerprint.strip(), digest))
def validate_certificate(self, cert_data=None): if cert_data is None: cert_data = self._fetch_certificate() parts = str(self.ca_cert_fingerprint).split(':') method = parts[0].strip() fingerprint = parts[1].strip() digest = get_digest(cert_data, method) if fingerprint.strip() != digest: raise Exception('Certificate fingerprints don\'t match')