make crl_check a CRLCache method

2018-08-17 11:13:01 -04:00
parent f5cc9daee9
commit 7fb407a3b1
4 changed files with 41 additions and 44 deletions
--- a/atst/domain/authnid/init.py
+++ b/atst/domain/authnid/init.py
@@ -1,7 +1,7 @@
 from atst.domain.exceptions import UnauthenticatedError, NotFoundError
 from atst.domain.users import Users
 from .utils import parse_sdn, email_from_certificate
-from .crl import crl_check, CRLRevocationException
+from .crl import CRLRevocationException


 class AuthenticationContext():
@@ -45,7 +45,7 @@ class AuthenticationContext():

    def _crl_check(self):
        try:
-            crl_check(self.crl_cache, self.cert)
+            self.crl_cache.crl_check(self.cert)
        except CRLRevocationException as exc:
            raise UnauthenticatedError("CRL check failed. " + str(exc))

--- a/atst/domain/authnid/crl/init.py
+++ b/atst/domain/authnid/crl/init.py
@@ -9,22 +9,6 @@ class CRLRevocationException(Exception):
    pass


-def crl_check(cache, cert):
-    parsed = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
-    store = cache.get_store(parsed)
-    context = crypto.X509StoreContext(store, parsed)
-    try:
-        context.verify_certificate()
-        return True
-
-    except crypto.X509StoreContextError as err:
-        raise CRLRevocationException(
-            "Certificate revoked or errored. Error: {}. Args: {}".format(
-                type(err), err.args
-            )
-        )
-
-
 class CRLCache():

    _PEM_RE = re.compile(
@@ -38,7 +22,7 @@ class CRLCache():
        self._load_roots(root_location)
        self._build_crl_cache(crl_locations)

-    def get_store(self, cert):
+    def _get_store(self, cert):
        return self._build_store(cert.get_issuer().der())

    def _load_roots(self, root_location):
@@ -91,3 +75,18 @@ class CRLCache():

        else:
            return self._add_certificate_chain_to_store(store, ca.get_issuer())
+
+    def crl_check(self, cert):
+        parsed = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
+        store = self._get_store(parsed)
+        context = crypto.X509StoreContext(store, parsed)
+        try:
+            context.verify_certificate()
+            return True
+
+        except crypto.X509StoreContextError as err:
+            raise CRLRevocationException(
+                "Certificate revoked or errored. Error: {}. Args: {}".format(
+                    type(err), err.args
+                )
+            )