pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more specific name for CRL revocation exception

Browse Source
This commit is contained in:
dandds 2018-08-17 10:48:49 -04:00 committed by luis cielak
parent c59f207227
commit b80701e200
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
atst/domain/authnid/__init__.py
View File

@ -1,7 +1,7 @@
from atst.domain.exceptions import UnauthenticatedError, NotFoundError from atst.domain.exceptions import UnauthenticatedError, NotFoundError
from atst.domain.users import Users from atst.domain.users import Users
from .utils import parse_sdn, email_from_certificate from .utils import parse_sdn, email_from_certificate
from .crl import crl_check, CRLException from .crl import crl_check, CRLRevocationException
class AuthenticationContext(): class AuthenticationContext():
@ -46,7 +46,7 @@ class AuthenticationContext():
def _crl_check(self): def _crl_check(self):
try: try:
crl_check(self.crl_cache, self.cert) crl_check(self.crl_cache, self.cert)
except CRLException as exc: except CRLRevocationException as exc:
raise UnauthenticatedError("CRL check failed. " + str(exc)) raise UnauthenticatedError("CRL check failed. " + str(exc))
@property @property

4
atst/domain/authnid/crl/__init__.py
View File

@ -5,7 +5,7 @@ import hashlib
from OpenSSL import crypto, SSL from OpenSSL import crypto, SSL
class CRLException(Exception): class CRLRevocationException(Exception):
pass pass
@ -26,7 +26,7 @@ def crl_check(cache, cert):
return True return True
except crypto.X509StoreContextError as err: except crypto.X509StoreContextError as err:
raise CRLException( raise CRLRevocationException(
"Certificate revoked or errored. Error: {}. Args: {}".format( "Certificate revoked or errored. Error: {}. Args: {}".format(
type(err), err.args type(err), err.args
) )

6
tests/domain/authnid/test_crl.py
View File

@ -4,7 +4,7 @@ import re
import os import os
import shutil import shutil
from OpenSSL import crypto, SSL from OpenSSL import crypto, SSL
from atst.domain.authnid.crl import crl_check, CRLCache, CRLException from atst.domain.authnid.crl import crl_check, CRLCache, CRLRevocationException
import atst.domain.authnid.crl.util as util import atst.domain.authnid.crl.util as util
@ -41,7 +41,7 @@ def test_can_validate_certificate():
good_cert = open('ssl/client-certs/atat.mil.crt', 'rb').read() good_cert = open('ssl/client-certs/atat.mil.crt', 'rb').read()
bad_cert = open('ssl/client-certs/bad-atat.mil.crt', 'rb').read() bad_cert = open('ssl/client-certs/bad-atat.mil.crt', 'rb').read()
assert crl_check(cache, good_cert) assert crl_check(cache, good_cert)
with pytest.raises(CRLException): with pytest.raises(CRLRevocationException):
crl_check(cache, bad_cert) crl_check(cache, bad_cert)
def test_can_dynamically_update_crls(tmpdir): def test_can_dynamically_update_crls(tmpdir):
@ -52,7 +52,7 @@ def test_can_dynamically_update_crls(tmpdir):
assert crl_check(cache, cert) assert crl_check(cache, cert)
# override the original CRL with one that revokes atat.mil.crt # override the original CRL with one that revokes atat.mil.crt
shutil.copyfile('tests/fixtures/test.der.crl', crl_file) shutil.copyfile('tests/fixtures/test.der.crl', crl_file)
with pytest.raises(CRLException): with pytest.raises(CRLRevocationException):
assert crl_check(cache, cert) assert crl_check(cache, cert)
def test_parse_disa_pki_list(): def test_parse_disa_pki_list():