more specific name for CRL revocation exception
This commit is contained in:
parent
c59f207227
commit
b80701e200
@ -1,7 +1,7 @@
|
|||||||
from atst.domain.exceptions import UnauthenticatedError, NotFoundError
|
from atst.domain.exceptions import UnauthenticatedError, NotFoundError
|
||||||
from atst.domain.users import Users
|
from atst.domain.users import Users
|
||||||
from .utils import parse_sdn, email_from_certificate
|
from .utils import parse_sdn, email_from_certificate
|
||||||
from .crl import crl_check, CRLException
|
from .crl import crl_check, CRLRevocationException
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationContext():
|
class AuthenticationContext():
|
||||||
@ -46,7 +46,7 @@ class AuthenticationContext():
|
|||||||
def _crl_check(self):
|
def _crl_check(self):
|
||||||
try:
|
try:
|
||||||
crl_check(self.crl_cache, self.cert)
|
crl_check(self.crl_cache, self.cert)
|
||||||
except CRLException as exc:
|
except CRLRevocationException as exc:
|
||||||
raise UnauthenticatedError("CRL check failed. " + str(exc))
|
raise UnauthenticatedError("CRL check failed. " + str(exc))
|
||||||
|
|
||||||
@property
|
@property
|
||||||
|
@ -5,7 +5,7 @@ import hashlib
|
|||||||
from OpenSSL import crypto, SSL
|
from OpenSSL import crypto, SSL
|
||||||
|
|
||||||
|
|
||||||
class CRLException(Exception):
|
class CRLRevocationException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
@ -26,7 +26,7 @@ def crl_check(cache, cert):
|
|||||||
return True
|
return True
|
||||||
|
|
||||||
except crypto.X509StoreContextError as err:
|
except crypto.X509StoreContextError as err:
|
||||||
raise CRLException(
|
raise CRLRevocationException(
|
||||||
"Certificate revoked or errored. Error: {}. Args: {}".format(
|
"Certificate revoked or errored. Error: {}. Args: {}".format(
|
||||||
type(err), err.args
|
type(err), err.args
|
||||||
)
|
)
|
||||||
|
@ -4,7 +4,7 @@ import re
|
|||||||
import os
|
import os
|
||||||
import shutil
|
import shutil
|
||||||
from OpenSSL import crypto, SSL
|
from OpenSSL import crypto, SSL
|
||||||
from atst.domain.authnid.crl import crl_check, CRLCache, CRLException
|
from atst.domain.authnid.crl import crl_check, CRLCache, CRLRevocationException
|
||||||
import atst.domain.authnid.crl.util as util
|
import atst.domain.authnid.crl.util as util
|
||||||
|
|
||||||
|
|
||||||
@ -41,7 +41,7 @@ def test_can_validate_certificate():
|
|||||||
good_cert = open('ssl/client-certs/atat.mil.crt', 'rb').read()
|
good_cert = open('ssl/client-certs/atat.mil.crt', 'rb').read()
|
||||||
bad_cert = open('ssl/client-certs/bad-atat.mil.crt', 'rb').read()
|
bad_cert = open('ssl/client-certs/bad-atat.mil.crt', 'rb').read()
|
||||||
assert crl_check(cache, good_cert)
|
assert crl_check(cache, good_cert)
|
||||||
with pytest.raises(CRLException):
|
with pytest.raises(CRLRevocationException):
|
||||||
crl_check(cache, bad_cert)
|
crl_check(cache, bad_cert)
|
||||||
|
|
||||||
def test_can_dynamically_update_crls(tmpdir):
|
def test_can_dynamically_update_crls(tmpdir):
|
||||||
@ -52,7 +52,7 @@ def test_can_dynamically_update_crls(tmpdir):
|
|||||||
assert crl_check(cache, cert)
|
assert crl_check(cache, cert)
|
||||||
# override the original CRL with one that revokes atat.mil.crt
|
# override the original CRL with one that revokes atat.mil.crt
|
||||||
shutil.copyfile('tests/fixtures/test.der.crl', crl_file)
|
shutil.copyfile('tests/fixtures/test.der.crl', crl_file)
|
||||||
with pytest.raises(CRLException):
|
with pytest.raises(CRLRevocationException):
|
||||||
assert crl_check(cache, cert)
|
assert crl_check(cache, cert)
|
||||||
|
|
||||||
def test_parse_disa_pki_list():
|
def test_parse_disa_pki_list():
|
||||||
|
Loading…
x
Reference in New Issue
Block a user