Merge pull request #229 from HaToHo/master

In case pycrypto is not able to read the certificate file openssl is …
This commit is contained in:
Roland Hedberg
2015-06-08 21:31:47 +02:00

View File

@@ -5,8 +5,10 @@
""" Functions connected to signing and verifying.
Based on the use of xmlsec1 binaries and not the python xmlsec module.
"""
from OpenSSL import crypto
import base64
from base64 import b64decode
import hashlib
import logging
import os
@@ -382,20 +384,25 @@ def active_cert(key):
:param key: The Key
:return: True if the key is active else False
"""
cert_str = pem_format(key)
certificate = importKey(cert_str)
try:
not_before = to_time(str(certificate.get_not_before()))
not_after = to_time(str(certificate.get_not_after()))
assert not_before < utc_now()
assert not_after > utc_now()
return True
cert_str = pem_format(key)
try:
certificate = importKey(cert_str)
not_before = to_time(str(certificate.get_not_before()))
not_after = to_time(str(certificate.get_not_after()))
assert not_before < utc_now()
assert not_after > utc_now()
return True
except:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_str)
assert cert.has_expired() == 0
assert not OpenSSLWrapper().certificate_not_valid_yet(cert)
return True
except AssertionError:
return False
except AttributeError:
return False
def cert_from_key_info(key_info, ignore_age=False):
""" Get all X509 certs from a KeyInfo instance. Care is taken to make sure
that the certs are continues sequences of bytes.