Commit 1e38bcb3 authored by Łukasz Nowak's avatar Łukasz Nowak

app: Fix behaviour with more than on CA certificate

By inserting other CA certificate as first one in the list, the problem is
reproduced in the test.
parent 4b187130
...@@ -303,10 +303,12 @@ class Kedifa(object): ...@@ -303,10 +303,12 @@ class Kedifa(object):
content-type: text/plain content-type: text/plain
""" """
def loadCertificate(self, ca_certificate, crl): def loadCertificate(self, ca_certificate, crl):
self.ca_certificate = caucase.utils.load_ca_certificate( self.ca_certificate_list = [
ca_certificate.read()) caucase.utils.load_ca_certificate(x)
for x in caucase.utils.getCertList(ca_certificate.name)]
self.crl = caucase.utils.load_crl( self.crl = caucase.utils.load_crl(
crl.read(), [self.ca_certificate]).public_bytes(encoding=Encoding.PEM) crl.read(), self.ca_certificate_list).public_bytes(encoding=Encoding.PEM)
def __init__(self, pocket, ca_certificate, crl): def __init__(self, pocket, ca_certificate, crl):
self.pocket_db = SQLite3Storage(pocket) self.pocket_db = SQLite3Storage(pocket)
...@@ -345,10 +347,10 @@ class Kedifa(object): ...@@ -345,10 +347,10 @@ class Kedifa(object):
try: try:
caucase.utils.load_certificate( caucase.utils.load_certificate(
environ.get('SSL_CLIENT_CERT', b''), environ.get('SSL_CLIENT_CERT', b''),
trusted_cert_list=[self.ca_certificate], trusted_cert_list=self.ca_certificate_list,
crl=caucase.utils.load_crl( crl=caucase.utils.load_crl(
self.crl, self.crl,
[self.ca_certificate], self.ca_certificate_list,
), ),
) )
except (caucase.exceptions.CertificateVerificationError, ValueError): except (caucase.exceptions.CertificateVerificationError, ValueError):
......
...@@ -209,6 +209,31 @@ class KedifaMixinCaucase(KedifaMixin): ...@@ -209,6 +209,31 @@ class KedifaMixinCaucase(KedifaMixin):
'--get-crt', csr_id, kedifa_key_pem '--get-crt', csr_id, kedifa_key_pem
]) ])
# inject other root CA
other_root_CA = """-----BEGIN CERTIFICATE-----
MIIDCTCCAfGgAwIBAgIUN7GPhb+YU5u+1f+OZWEuSwrgv/owDQYJKoZIhvcNAQEL
BQAwEzERMA8GA1UEAwwIUm91Z2UgQ0EwIBcNMjEwMTI3MTIwNDIzWhgPMjEyMTAx
MDMxMjA0MjNaMBMxETAPBgNVBAMMCFJvdWdlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsztfeLyiAx/jnAzSsr89vKZB1e+zhSMv+QSOGaIDo1W3
ucSHw9Krz5MgJJF5ZL85UeV/eSAu9dn1CvcGSjiv7+3uUdk+uJ0IsJ9d7q2x8Alh
AylWP+ShXdu8fVN9TSBPNdiDk8+kcwCOs89MNkoMgW7U4o0F+TbP9xzDEAT4b2KT
rxNTptI2W46w5UZQuAS6E7fTn3EM3Y4M+3re39SNQjj3U8tSjtWPvPQoDWL47z39
GOdq7tcsT5jZX/OiMEFPIHqvwFq2G4HkZedHfR6WSAjqu4Z2Ci1QEzAUH/ajOhbz
uExuHxiKe7F4edjiksROVRQQyv3jSR2mDO1wSPkckQIDAQABo1MwUTAdBgNVHQ4E
FgQU0yc0olTa5mt5Y3/Wko8ODOe7z0QwHwYDVR0jBBgwFoAU0yc0olTa5mt5Y3/W
ko8ODOe7z0QwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAe80b
kROYreF41GCaSLZrd9As/HjBJPHBT1fgOFuFIlEk/T2Xp5XvIZr4nU+dalPUZwA6
WiOD6+POPxZmNsSeSpJwUfTmK5qjkskfOPunwqyXjLkcJs+tKXnmpMiKdxwhwPmL
N0Iil+OCl0gc1gfXHBrZnXb+1AKHwvVmyFDrv1it7jr7/7Ou/OKNpnpLpKCXO7U5
Ba/KebT9rPJhwFF9nPiF6cP4+rOKAVPy4PJpQd5kfVlLXO1wnf053XWlCrE2cVPV
5+CMzKNm9zDGlYcyokK32Itv2LNrqatRlAetExXU+5ydkP+5pVKcLpSWI8qOJN9k
ez+ONyvetfvjD8cxyQ==
-----END CERTIFICATE-----"""
with open(self.ca_crt_pem, 'r') as fh:
ca_crt_pem = fh.read()
ca_crt_pem = other_root_CA + '\n' + ca_crt_pem
with open(self.ca_crt_pem, 'w') as fh:
fh.write(ca_crt_pem)
return kedifa_key_pem return kedifa_key_pem
def setUpKedifaKey(self, common_name): def setUpKedifaKey(self, common_name):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment