consolidate logic

This commit is contained in:
Andrew Morgan 2019-04-01 14:59:45 +01:00
parent da23aa26c5
commit 2325928149

View file

@ -88,36 +88,31 @@ class TlsConfig(Config):
for domain in federation_certificate_verification_whitelist: for domain in federation_certificate_verification_whitelist:
self.federation_certificate_verification_whitelist[domain] = True self.federation_certificate_verification_whitelist[domain] = True
# List of custom certificate authorities for TLS verification # List of custom certificate authorities for federation traffic validation
self.federation_custom_ca_list = config.get( self.federation_custom_ca_list = config.get(
"federation_custom_ca_list", [], "federation_custom_ca_list", [],
) )
# Read in the CA certificates # Read in and parse custom CA certificates
cert_contents = [] certs = []
try:
for ca_file in self.federation_custom_ca_list: for ca_file in self.federation_custom_ca_list:
logger.debug("Reading custom CA certificate file: %s", ca_file) logger.debug("Reading custom CA certificate file: %s", ca_file)
try:
with open(ca_file, 'rb') as f: with open(ca_file, 'rb') as f:
cert_contents.append(f.read()) content = f.read()
except Exception: except Exception:
logger.exception("Failed to read custom CA certificate off disk!") logger.exception("Failed to read custom CA certificate off disk!")
raise raise
# Parse the CA certificates # Parse the CA certificates
certs = []
try: try:
for content in cert_contents: cert_base = Certificate.loadPEM(content)
logger.debug("Parsing custom CA certificate file: %s", ca_file)
cert_base = Certificate.loadPEM(cert_contents)
certs.append(cert_base) certs.append(cert_base)
trust_root = trustRootFromCertificates(certs)
except Exception: except Exception:
logger.exception("Failed to parse custom CA certificate off disk!") logger.exception("Failed to parse custom CA certificate off disk!")
raise raise
self.federation_custom_ca_list = trust_root self.federation_custom_ca_list = trustRootFromCertificates(certs)
# This config option applies to non-federation HTTP clients # This config option applies to non-federation HTTP clients
# (e.g. for talking to recaptcha, identity servers, and such) # (e.g. for talking to recaptcha, identity servers, and such)