Mercurial Mercurial > upstream > oracle > pkg-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/modules/misc.py
changeset 3321 52e8eec3014c
parent 3318 864be9e4db61
child 3325 18a3d7b0d618 
--- a/src/modules/misc.py	Tue Mar 08 11:12:06 2016 -0800
+++ b/src/modules/misc.py	Wed Mar 09 11:27:23 2016 -0800
@@ -2964,3 +2964,23 @@
         # 'path' as relative to 'root', that is, 'root' will be prepended to
         # 'path', so we need to call os.path.relpath here.
         return os.fdopen(ar_open(root, os.path.relpath(path, root), flag, mode))
+
+
+def check_ca(cert):
+        """Check if 'cert' is a proper CA. For this the BasicConstraints need to
+        identify it as a CA cert and it needs to have the CertSign
+        (key_cert_sign in Cryptography) KeyUsage flag. Based loosely on
+        OpenSSL's check_ca()"""
+
+        from cryptography import x509
+
+        bconst_ca = None
+        kuse_sign = None
+
+        for e in cert.extensions:
+                if isinstance(e.value, x509.BasicConstraints):
+                        bconst_ca = e.value.ca
+                elif isinstance(e.value, x509.KeyUsage):
+                        kuse_sign = e.value.key_cert_sign
+
+        return kuse_sign is not False and bconst_ca
upstream/oracle/pkg-gate