def __init__(self, certificate_tuples, enforce_valid_dates=True,
enforce_signing_extensions=True,
enforce_path_length=True):
self._signing_certificates = []
for certificate_tuple in certificate_tuples:
certificate_uuid, certificate = certificate_tuple
if not isinstance(certificate, x509.Certificate):
LOG.error(
"A signing certificate must be an x509.Certificate object."
)
continue
if enforce_valid_dates:
if not is_within_valid_dates(certificate):
LOG.warning(
"Certificate '%s' is outside its valid date range and "
"cannot be used as a signing certificate.",
certificate_uuid)
continue
if enforce_signing_extensions:
if not can_sign_certificates(certificate, certificate_uuid):
LOG.warning(
"Certificate '%s' is not configured to act as a "
"signing certificate. It will not be used as a "
"signing certificate.",
certificate_uuid)
continue
self._signing_certificates.append(certificate_tuple)
self._signed_certificate = None
self._enforce_valid_dates = enforce_valid_dates
self._enforce_path_length = enforce_path_length
评论列表
文章目录
