Home       Trees       Indices       Help   
NERC DataGrid SAML 2.0
Package ndg :: Package saml :: Package utils :: Module m2crypto :: Class HostCheck
[hide private]

Class HostCheck

source code

Override SSL.Checker.Checker to enable alternate Common Name setting match for peer cert

Instance Methods [hide private]
 
__init__(self, peerCertDN=None, peerCertCN=None, acceptedDNs=None, caCertList=None, caCertFilePathList=None, **kw)
Override parent class __init__ to enable setting of myProxyServerDN setting		 source code
 
__call__(self, peerCert, host=None)
Carry out checks on server ID		 source code
 
__setCACertList(self, caCertList)
Set list of CA certs - peer cert must validate against at least one of these		 source code
 
__setCACertsFromFileList(self, caCertFilePathList)
Read CA certificates from file and add them to the X.509 stack		 source code

Inherited from M2Crypto.SSL.Checker.Checker (private): _match, _splitSubjectAltName

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables [hide private]

Inherited from M2Crypto.SSL.Checker.Checker: numericIpMatch

Properties [hide private]
  caCertList
list of CA certificates - the peer certificate must validate against one
  caCertFilePathList
list of CA certificate file paths - peer certificate must validate against one

Inherited from object: __class__

Method Details [hide private]

__init__(self, peerCertDN=None, peerCertCN=None, acceptedDNs=None, caCertList=None, caCertFilePathList=None, **kw)
(Constructor)

source code 

Override parent class __init__ to enable setting of myProxyServerDN setting

Parameters:
  • peerCertDN (string/list) - Set the expected Distinguished Name of the server to avoid errors matching hostnames. This is useful where the hostname is not fully qualified.

    *param acceptedDNs: a list of acceptable DNs. This enables validation where the expected DN is where against a limited list of certs.

  • peerCertCN (string) - enable alternate Common Name to peer hostname
  • caCertList (list type of M2Crypto.X509.X509 types) - CA X.509 certificates - if set the peer cert's CA signature is verified against one of these. At least one must verify
  • caCertFilePathList (list string types) - same as caCertList except input as list of CA cert file paths
Overrides: object.__init__

__call__(self, peerCert, host=None)
(Call operator)

source code 

Carry out checks on server ID

Parameters:
  • peerCert - MyProxy server host certificate as M2Crypto.X509.X509 instance
  • host - name of host to check
Overrides: M2Crypto.SSL.Checker.Checker.__call__

__setCACertsFromFileList(self, caCertFilePathList)

source code 

Read CA certificates from file and add them to the X.509 stack

Parameters:
  • caCertFilePathList (basestring, list or tuple) - list of file paths for CA certificates to be used to verify certificate used to sign message. If a single string item is input then this is converted into a tuple

Property Details [hide private]

caCertList

list of CA certificates - the peer certificate must validate against one

Set Method:
__setCACertList(self, caCertList) - Set list of CA certs - peer cert must validate against at least one of these

caCertFilePathList

list of CA certificate file paths - peer certificate must validate against one

Set Method:
__setCACertsFromFileList(self, caCertFilePathList) - Read CA certificates from file and add them to the X.509 stack

   Home       Trees       Indices       Help   
NERC DataGrid SAML 2.0
Generated by Epydoc 3.0.1 on Wed Apr 4 22:19:31 2012 http://epydoc.sourceforge.net