2
0
mirror of https://github.com/xcat2/confluent.git synced 2025-10-26 00:45:43 +00:00

Provide full certificate to client on error

When a certificate error happens, provide full certificate data to the
caller so that they may implement whatever strategy they feel appropriate.
This commit is contained in:
Jarrod Johnson
2015-11-30 12:32:14 -05:00
parent f6ce9f2c1e
commit e2b79a063d
2 changed files with 8 additions and 3 deletions

View File

@@ -15,6 +15,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import base64
import json
@@ -76,10 +77,13 @@ class PubkeyInvalid(ConfluentException):
apierrorcode = 502
apierrorstr = '502 - Invalid certificate or key on target'
def __init__(self, text, fingerprint, attribname):
def __init__(self, text, certificate, fingerprint, attribname):
super(PubkeyInvalid, self).__init__(self, text)
self.fingerprint = fingerprint
self.errorbody = json.dumps({attribname: fingerprint})
bodydata = {'fingerprint': fingerprint,
'fingerprintfield': attribname,
'certificate': base64.b64encode(certificate)}
self.errorbody = json.dumps(bodydata)
def get_error_body(self):
return self.errorbody

View File

@@ -93,4 +93,5 @@ class TLSCertVerifier(object):
elif storedprint[self.node][self.fieldname]['value'] == fingerprint:
return True
raise cexc.PubKeyInvalid(
'Mismatched certificate detected', fingerprint, self.fieldname)
'Mismatched certificate detected', certificate, fingerprint,
self.fieldname)