Home | Trees | Index | Help |
|
---|
Package AccessGrid :: Package Security :: Module CertificateRepository |
|
Certificate management module. The on-disk repository looks like this: <repo_root>/ metadata.db certificates/<subject_hash>/ <issuer_serial_hash>/cert.pem user_files/ <modulus_hash>.req.pem privatekeys/ <modulus_hash>
Classes | |
---|---|
Certificate |
|
CertificateDescriptor |
|
CertificateRepository |
|
CertificateRequestDescriptor |
Exceptions | |
---|---|
RepoAlreadyExists |
Thrown if repository already exists, and the CertificateRepository constructor was invoked with create=1. |
RepoBadPassphrase |
|
RepoDoesNotExist |
Thrown if repository does not exist, and the CertificateRepository constructor was invoked with create=0. |
RepoInvalidCertificate |
Thrown if an attempt was made to use an invalid certificate. |
Function Summary | |
---|---|
Prod at the certificate given to see what it is, and if we need to ask for a private key. | |
Construct a simple signing policy based on the subject name of cert. | |
Parse a signing policy from filehandle policyFH. | |
Convert a UTC time (as kept in the X509 notbefore/notafter fields) to seconds since the epoch. | |
utc2tuple(t)
|
Variable Summary | |
---|---|
str |
__revision__ = '$Id: CertificateRepository.py,v 1.22 200...
|
Logger |
log = <logging.Logger instance at 0x011B3508>
|
Function Details |
---|
ClassifyCertificate(path)Prod at the certificate given to see what it is, and if we need to ask for a private key. A PEM-formatted cert will have a "BEGIN CERTIFICATE" line; if it has a private key included it'll include "BEGIN RSA PRIVATE KEY". If it doesn't have those, we can try opening it up as a pkcs12 cert. If it's a pkcs12, but is encrypted, we'll get crypto.Error: [('PKCS12 routines', 'PKCS12_parse', 'mac verify failure')] If it's not a pkcs file, we'll get crypto.Error: [('asn1 encoding routines', 'd2i_PKCS12', 'expecting an asn1 sequence')] If it's unencrypted, we'll get the actual certificate, and can show the name. We return a tuple (certType, certObj, needPkey). CertType is a string "PEM", "PKCS12". certObj is the certificate itself; it'll be an X509 for a PEM certificate, a PKCS12 object for a pkcs12 obj. needPkey is true if a separate keyfile must be loaded. |
ConstructSigningPolicy(cert)Construct a simple signing policy based on the subject name of cert. It might not be right, but it might be. We make it match on all parts of the cert's subject except for CN. |
ParseSigningPolicy(policyFH)Parse a signing policy from filehandle policyFH. For now, we just return the CA name that it represents so we don't get bogged down in parsing minutiae. |
utc2time(t)Convert a UTC time (as kept in the X509 notbefore/notafter fields) to seconds since the epoch. We need to handle conversion out of our local timezone, because time.mktime() converts to the local timezone, but the tuple returned by utc2tuple is GMT. |
Variable Details |
---|
__revision__
|
log
|
Home | Trees | Index | Help |
|
---|
Generated by Epydoc 2.1 on Thu Apr 14 16:39:31 2005 | http://epydoc.sf.net |