mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
cert-request: avoid internal error when cert malformed
When executing cert-request, if Dogtag successfully issues a certificate but python-cryptography cannot parse the certificate, an unhandled exception occurs. Handle the exception by notifying about the malformed certificate in the response messages. Fixes: https://pagure.io/freeipa/issue/7390 Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
This commit is contained in:
parent
fa5394cc62
commit
01c534c229
@ -468,6 +468,10 @@ class BaseCertObject(Object):
|
||||
attribute when ``True`` in addition to the specialised
|
||||
attribute.
|
||||
|
||||
Raise ``ValueError`` if the certificate is malformed.
|
||||
(Note: only the main certificate structure and Subject Alt
|
||||
Name extension are examined.)
|
||||
|
||||
"""
|
||||
if 'certificate' in obj:
|
||||
cert = x509.load_der_x509_certificate(
|
||||
@ -876,7 +880,15 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
|
||||
raise e
|
||||
|
||||
if not raw:
|
||||
self.obj._parse(result, all)
|
||||
try:
|
||||
self.obj._parse(result, all)
|
||||
except ValueError as e:
|
||||
self.add_message(
|
||||
messages.CertificateInvalid(
|
||||
subject=principal,
|
||||
reason=e,
|
||||
)
|
||||
)
|
||||
result['request_id'] = int(result['request_id'])
|
||||
result['cacn'] = ca_obj['cn'][0]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user