mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
certmonger: finish refactoring for request script
The recent certificate refactoring assures that ipaldap operations are able to work with IPACertificate values when communication with the LDAP server. Use these capabilities and prevent possible bugs. https://pagure.io/freeipa/issue/4985 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
parent
32be3ef622
commit
0412625a2b
@ -281,8 +281,7 @@ def store_cert(**kwargs):
|
|||||||
cert = os.environ.get('CERTMONGER_CERTIFICATE')
|
cert = os.environ.get('CERTMONGER_CERTIFICATE')
|
||||||
if not cert:
|
if not cert:
|
||||||
return (REJECTED, "New certificate requests not supported")
|
return (REJECTED, "New certificate requests not supported")
|
||||||
cert = x509.load_pem_x509_certificate(fix_pem(cert))
|
cert = x509.load_pem_x509_certificate(fix_pem(cert.encode('ascii')))
|
||||||
dercert = cert.public_bytes(x509.Encoding.DER)
|
|
||||||
|
|
||||||
dn = DN(('cn', nickname), ('cn', 'ca_renewal'),
|
dn = DN(('cn', nickname), ('cn', 'ca_renewal'),
|
||||||
('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
||||||
@ -290,14 +289,14 @@ def store_cert(**kwargs):
|
|||||||
with ldap_connect() as conn:
|
with ldap_connect() as conn:
|
||||||
try:
|
try:
|
||||||
entry = conn.get_entry(dn, ['usercertificate'])
|
entry = conn.get_entry(dn, ['usercertificate'])
|
||||||
entry['usercertificate'] = [dercert]
|
entry['usercertificate'] = [cert]
|
||||||
conn.update_entry(entry)
|
conn.update_entry(entry)
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
entry = conn.make_entry(
|
entry = conn.make_entry(
|
||||||
dn,
|
dn,
|
||||||
objectclass=['top', 'pkiuser', 'nscontainer'],
|
objectclass=['top', 'pkiuser', 'nscontainer'],
|
||||||
cn=[nickname],
|
cn=[nickname],
|
||||||
usercertificate=[dercert])
|
usercertificate=[cert])
|
||||||
conn.add_entry(entry)
|
conn.add_entry(entry)
|
||||||
except errors.EmptyModlist:
|
except errors.EmptyModlist:
|
||||||
pass
|
pass
|
||||||
@ -394,8 +393,7 @@ def retrieve_or_reuse_cert(**kwargs):
|
|||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
cert = x509.load_der_x509_certificate(
|
cert = entry.single_value['usercertificate']
|
||||||
entry.single_value['usercertificate'])
|
|
||||||
|
|
||||||
return (ISSUED, cert.public_bytes(x509.Encoding.PEM))
|
return (ISSUED, cert.public_bytes(x509.Encoding.PEM))
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user