diff --git a/atst/app.py b/atst/app.py index d095a8bf..bdaadcb7 100644 --- a/atst/app.py +++ b/atst/app.py @@ -142,8 +142,6 @@ def make_crl_validator(app): for filename in pathlib.Path(app.config["CRL_DIRECTORY"]).glob("*"): crl_locations.append(filename.absolute()) app.crl_validator = Validator( - roots=[app.config["CA_CHAIN"]], crl_locations=crl_locations + roots=[app.config["CA_CHAIN"]], crl_locations=crl_locations, logger=app.logger ) - for e in app.crl_validator.errors: - app.logger.error(e) diff --git a/atst/domain/authnid/crl/validator.py b/atst/domain/authnid/crl/validator.py index 409a8bf7..0beb9830 100644 --- a/atst/domain/authnid/crl/validator.py +++ b/atst/domain/authnid/crl/validator.py @@ -20,11 +20,11 @@ class Validator: re.DOTALL, ) - def __init__(self, crl_locations=[], roots=[], base_store=crypto.X509Store): - self.errors = [] + def __init__(self, crl_locations=[], roots=[], base_store=crypto.X509Store, logger=None): self.crl_locations = crl_locations self.roots = roots self.base_store = base_store + self.logger = logger self._reset() def _reset(self): @@ -34,12 +34,16 @@ class Validator: self._add_roots(self.roots) self.store.set_flags(crypto.X509StoreFlags.CRL_CHECK) + def log(self, message): + if self.logger: + self.logger.error(message) + def _add_crls(self, locations): for filename in locations: try: self._add_crl(filename) except crypto.Error as err: - self.errors.append( + self.log( "CRL could not be parsed. Filename: {}, Error: {}, args: {}".format( filename, type(err), err.args ) @@ -116,7 +120,7 @@ class Validator: return True except crypto.X509StoreContextError as err: - self.errors.append( + self.log( "Certificate revoked or errored. Error: {}. Args: {}".format( type(err), err.args ) diff --git a/atst/routes/__init__.py b/atst/routes/__init__.py index 4d767d05..dde0299c 100644 --- a/atst/routes/__init__.py +++ b/atst/routes/__init__.py @@ -59,8 +59,6 @@ def _is_valid_certificate(request): cert = request.environ.get('HTTP_X_SSL_CLIENT_CERT') if cert: result = app.crl_validator.validate(cert.encode()) - if not result: - app.logger.info(app.crl_validator.errors[-1]) return result else: return False