mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Raise an exception if the certificate chain is not returned from the CA
This commit is contained in:
parent
eec367b0c8
commit
13696ae18b
@ -965,6 +965,22 @@ class Base64DecodeError(ExecutionError):
|
||||
errno = 4015
|
||||
format = _('Base64 decoding failed: %(reason)s')
|
||||
|
||||
class RemoteRetrieveError(ExecutionError):
|
||||
"""
|
||||
**4016** Raised when retrieving data from a remote server fails
|
||||
|
||||
For example:
|
||||
|
||||
>>> raise RemoteRetrieveError(reason="Error: Failed to get certificate chain.")
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
RemoteRetrieveError: Error: Failed to get certificate chain.
|
||||
|
||||
"""
|
||||
|
||||
errno = 4016
|
||||
format = _('%(reason)s')
|
||||
|
||||
class BuiltinError(ExecutionError):
|
||||
"""
|
||||
**4100** Base class for builtin execution errors (*4100 - 4199*).
|
||||
|
@ -17,7 +17,7 @@
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
from ipalib import api
|
||||
from ipalib import api, errors
|
||||
import httplib
|
||||
import xml.dom.minidom
|
||||
|
||||
@ -31,11 +31,20 @@ def get_ca_certchain():
|
||||
res = conn.getresponse()
|
||||
if res.status == 200:
|
||||
data = res.read()
|
||||
|
||||
conn.close()
|
||||
try:
|
||||
doc = xml.dom.minidom.parseString(data)
|
||||
try:
|
||||
item_node = doc.getElementsByTagName("ChainBase64")
|
||||
chain = item_node[0].childNodes[0].data
|
||||
except IndexError:
|
||||
try:
|
||||
item_node = doc.getElementsByTagName("Error")
|
||||
reason = item_node[0].childNodes[0].data
|
||||
raise errors.RemoteRetrieveError(reason=reason)
|
||||
except:
|
||||
raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed")
|
||||
finally:
|
||||
doc.unlink()
|
||||
conn.close()
|
||||
|
||||
return chain
|
||||
|
Loading…
Reference in New Issue
Block a user