pass logger in to CRL validator
This commit is contained in:
dandds
parent
c25fa2f5d8
commit
3a41d9f81c
@ -142,8 +142,6 @@ def make_crl_validator(app):
|
|||||||
for filename in pathlib.Path(app.config["CRL_DIRECTORY"]).glob("*"):
|
for filename in pathlib.Path(app.config["CRL_DIRECTORY"]).glob("*"):
|
||||||
crl_locations.append(filename.absolute())
|
crl_locations.append(filename.absolute())
|
||||||
app.crl_validator = Validator(
|
app.crl_validator = Validator(
|
||||||
roots=[app.config["CA_CHAIN"]], crl_locations=crl_locations
|
roots=[app.config["CA_CHAIN"]], crl_locations=crl_locations, logger=app.logger
|
||||||
)
|
)
|
||||||
for e in app.crl_validator.errors:
|
|
||||||
app.logger.error(e)
|
|
||||||
|
|
||||||
|
|||||||
@ -20,11 +20,11 @@ class Validator:
|
|||||||
re.DOTALL,
|
re.DOTALL,
|
||||||
)
|
)
|
||||||
|
|
||||||
def __init__(self, crl_locations=[], roots=[], base_store=crypto.X509Store):
|
def __init__(self, crl_locations=[], roots=[], base_store=crypto.X509Store, logger=None):
|
||||||
self.errors = []
|
|
||||||
self.crl_locations = crl_locations
|
self.crl_locations = crl_locations
|
||||||
self.roots = roots
|
self.roots = roots
|
||||||
self.base_store = base_store
|
self.base_store = base_store
|
||||||
|
self.logger = logger
|
||||||
self._reset()
|
self._reset()
|
||||||
|
|
||||||
def _reset(self):
|
def _reset(self):
|
||||||
@ -34,12 +34,16 @@ class Validator:
|
|||||||
self._add_roots(self.roots)
|
self._add_roots(self.roots)
|
||||||
self.store.set_flags(crypto.X509StoreFlags.CRL_CHECK)
|
self.store.set_flags(crypto.X509StoreFlags.CRL_CHECK)
|
||||||
|
|
||||||
|
def log(self, message):
|
||||||
|
if self.logger:
|
||||||
|
self.logger.error(message)
|
||||||
|
|
||||||
def _add_crls(self, locations):
|
def _add_crls(self, locations):
|
||||||
for filename in locations:
|
for filename in locations:
|
||||||
try:
|
try:
|
||||||
self._add_crl(filename)
|
self._add_crl(filename)
|
||||||
except crypto.Error as err:
|
except crypto.Error as err:
|
||||||
self.errors.append(
|
self.log(
|
||||||
"CRL could not be parsed. Filename: {}, Error: {}, args: {}".format(
|
"CRL could not be parsed. Filename: {}, Error: {}, args: {}".format(
|
||||||
filename, type(err), err.args
|
filename, type(err), err.args
|
||||||
)
|
)
|
||||||
@ -116,7 +120,7 @@ class Validator:
|
|||||||
return True
|
return True
|
||||||
|
|
||||||
except crypto.X509StoreContextError as err:
|
except crypto.X509StoreContextError as err:
|
||||||
self.errors.append(
|
self.log(
|
||||||
"Certificate revoked or errored. Error: {}. Args: {}".format(
|
"Certificate revoked or errored. Error: {}. Args: {}".format(
|
||||||
type(err), err.args
|
type(err), err.args
|
||||||
)
|
)
|
||||||
|
|||||||
@ -59,8 +59,6 @@ def _is_valid_certificate(request):
|
|||||||
cert = request.environ.get('HTTP_X_SSL_CLIENT_CERT')
|
cert = request.environ.get('HTTP_X_SSL_CLIENT_CERT')
|
||||||
if cert:
|
if cert:
|
||||||
result = app.crl_validator.validate(cert.encode())
|
result = app.crl_validator.validate(cert.encode())
|
||||||
if not result:
|
|
||||||
app.logger.info(app.crl_validator.errors[-1])
|
|
||||||
return result
|
return result
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user