1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-22 13:33:52 +03:00

M #-: Better error messages for x509 driver

This commit is contained in:
Ruben S. Montero 2022-10-07 13:46:14 +02:00
parent 6feb2a09c3
commit 6e14f51ab9
No known key found for this signature in database
GPG Key ID: A0CEA6FA880A1D87
2 changed files with 15 additions and 17 deletions

View File

@ -82,12 +82,12 @@ begin
rc = x509_auth.authenticate(user, pass, token)
rescue => e
OpenNebula.error_message e.message
exit -1
exit(-1)
end
if rc == true
exit 0
else
OpenNebula.error_message rc
exit -1
exit(-1)
end

View File

@ -29,9 +29,9 @@ class OpenNebula::X509Auth
#Constants with paths to relevant files and defaults
###########################################################################
if !ENV["ONE_LOCATION"]
ETC_LOCATION = "/etc/one"
ETC_LOCATION = "/etc/one"
else
ETC_LOCATION = ENV["ONE_LOCATION"] + "/etc"
ETC_LOCATION = ENV["ONE_LOCATION"] + "/etc"
end
X509_AUTH_CONF_PATH = ETC_LOCATION + "/auth/x509_auth.conf"
@ -173,8 +173,7 @@ private
# Check start time and end time of certificates
@cert_chain.each do |cert|
if cert.not_before > now || cert.not_after < now
raise failed + "Certificate not valid. Current time is " +
now.localtime.to_s + "."
raise "Certificate not valid. Current time is #{now.localtime}"
end
end
@ -187,16 +186,16 @@ private
@cert_chain[1..-1].each do |cert|
if !((signee.issuer.to_s == cert.subject.to_s) &&
(signee.verify(cert.public_key)))
raise failed + signee.subject.to_s + " with issuer " +
signee.issuer.to_s + " was not verified by " +
cert.subject.to_s + "."
raise "#{signee.subject} with issuer #{signee.issuer} " \
"was not verified by #{cert.subject}"
end
signee = cert
end
# Validate the End Entity certificate
if !@options[:ca_dir]
raise failed + "No certifcate authority directory was specified."
raise "No certifcate authority directory was specified."
end
begin
@ -207,9 +206,8 @@ private
if !((signee.issuer.to_s == ca_cert.subject.to_s) &&
(signee.verify(ca_cert.public_key)))
raise failed + signee.subject.to_s + " with issuer " +
signee.issuer.to_s + " was not verified by " +
ca_cert.subject.to_s + "."
raise "#{signee.subject} with issuer #{signee.issuer} " \
"was not verified by #{ca_cert.subject}"
end
signee = ca_cert
@ -229,7 +227,7 @@ private
if !File.exist?(crl_path)
if @options[:check_crl]
raise failed + "CRL file #{crl_path} does not exist"
raise "#{failed} CRL file #{crl_path} does not exist"
else
return
end
@ -240,7 +238,7 @@ private
# First verify the CRL itself with its signer
unless crl_cert.verify( ca_cert.public_key ) then
raise failed + "CRL is not verified by its Signer"
raise "#{failed} CRL is not verified by its Signer"
end
# Extract the list of revoked certificates from the CRL
@ -250,8 +248,8 @@ private
# certificate
rc_array.each do |e|
if e.serial.eql?(signee.serial) then
raise failed + "#{signee.subject.to_s} is found in the "<<
"CRL, i.e. it is revoked"
raise "#{failed} #{signee.subject} is found in the " \
"CRL, i.e. it is revoked"
end
end
end