pass logger in to CRL validator

atst/app.py

@@ -142,8 +142,6 @@ def make_crl_validator(app):
     for filename in pathlib.Path(app.config["CRL_DIRECTORY"]).glob("*"):
         crl_locations.append(filename.absolute())
     app.crl_validator = Validator(
-        roots=[app.config["CA_CHAIN"]], crl_locations=crl_locations
+        roots=[app.config["CA_CHAIN"]], crl_locations=crl_locations, logger=app.logger
     )
-    for e in app.crl_validator.errors:
-        app.logger.error(e)
 

atst/domain/authnid/crl/validator.py

@@ -20,11 +20,11 @@ class Validator:
         re.DOTALL,
     )
 
-    def __init__(self, crl_locations=[], roots=[], base_store=crypto.X509Store):
-        self.errors = []
+    def __init__(self, crl_locations=[], roots=[], base_store=crypto.X509Store, logger=None):
         self.crl_locations = crl_locations
         self.roots = roots
         self.base_store = base_store
+        self.logger = logger
         self._reset()
 
     def _reset(self):
@@ -34,12 +34,16 @@ class Validator:
         self._add_roots(self.roots)
         self.store.set_flags(crypto.X509StoreFlags.CRL_CHECK)
 
+    def log(self, message):
+        if self.logger:
+            self.logger.error(message)
+
     def _add_crls(self, locations):
         for filename in locations:
             try:
                 self._add_crl(filename)
             except crypto.Error as err:
-                self.errors.append(
+                self.log(
                     "CRL could not be parsed. Filename: {}, Error: {}, args: {}".format(
                         filename, type(err), err.args
                     )
@@ -116,7 +120,7 @@ class Validator:
             return True
 
         except crypto.X509StoreContextError as err:
-            self.errors.append(
+            self.log(
                 "Certificate revoked or errored. Error: {}. Args: {}".format(
                     type(err), err.args
                 )

atst/routes/__init__.py

@@ -59,8 +59,6 @@ def _is_valid_certificate(request):
     cert = request.environ.get('HTTP_X_SSL_CLIENT_CERT')
     if cert:
         result = app.crl_validator.validate(cert.encode())
-        if not result:
-            app.logger.info(app.crl_validator.errors[-1])
         return result
     else:
         return False