mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
Validate and convert certificate SN
The cert plugin only worked OK with decimal certificate serial numbers. This patch allows specifying the serial number in hexadecimal, too. The conversion now works such that: * with no explicit radix, a best-effort conversion is done using int(str, 0) in python. If the format is ambiguous, decimal takes precedence. * a hexadecimal radix can be specified explicitly with the traditional 0x prefix https://fedorahosted.org/freeipa/ticket/958 https://fedorahosted.org/freeipa/ticket/953
This commit is contained in:
parent
669c9d1180
commit
36070555d1
6
API.txt
6
API.txt
@ -303,7 +303,7 @@ output: Output('count', <type 'int'>, Gettext('', domain='ipa', localedir=None))
|
||||
output: Output('results', <type 'list'>, Gettext('', domain='ipa', localedir=None))
|
||||
command: cert_remove_hold
|
||||
args: 1,0,1
|
||||
arg: Str('serial_number', label=Gettext('Serial number', domain='ipa', localedir=None))
|
||||
arg: Str('serial_number', validate_serial_number, label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number)
|
||||
output: Output('result', None, None)
|
||||
command: cert_request
|
||||
args: 1,3,1
|
||||
@ -314,12 +314,12 @@ option: Flag('add', autofill=True, default=False,lag('add', autofill=True, defau
|
||||
output: Output('result', <type 'dict'>, Gettext('Dictionary mapping variable name to value', domain='ipa', localedir=None))
|
||||
command: cert_revoke
|
||||
args: 1,1,1
|
||||
arg: Str('serial_number', label=Gettext('Serial number', domain='ipa', localedir=None))
|
||||
arg: Str('serial_number', validate_serial_number, label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number)
|
||||
option: Int('revocation_reason?', default=0, label=Gettext('Reason', domain='ipa', localedir=None), maxvalue=10, minvalue=0)
|
||||
output: Output('result', None, None)
|
||||
command: cert_show
|
||||
args: 1,1,1
|
||||
arg: Str('serial_number', label=Gettext('Serial number', domain='ipa', localedir=None))
|
||||
arg: Str('serial_number', validate_serial_number, label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number)
|
||||
option: Str('out?', exclude='webui', label=Gettext('Output filename', domain='ipa', localedir=None))
|
||||
output: Output('result', None, None)
|
||||
command: cert_status
|
||||
|
@ -141,6 +141,32 @@ def normalize_csr(csr):
|
||||
|
||||
return csr
|
||||
|
||||
def _convert_serial_number(num):
|
||||
"""
|
||||
Convert a SN given in decimal or hexadecimal.
|
||||
Returns the number or None if conversion fails.
|
||||
"""
|
||||
# plain decimal or hexa with radix prefix
|
||||
try:
|
||||
num = int(num, 0)
|
||||
except ValueError:
|
||||
try:
|
||||
# hexa without prefix
|
||||
num = int(num, 16)
|
||||
except ValueError:
|
||||
num = None
|
||||
|
||||
return num
|
||||
|
||||
def validate_serial_number(ugettext, num):
|
||||
if _convert_serial_number(num) == None:
|
||||
return u"Decimal or hexadecimal number is required for serial number"
|
||||
return None
|
||||
|
||||
def normalize_serial_number(num):
|
||||
# It's been already validated
|
||||
return unicode(_convert_serial_number(num))
|
||||
|
||||
def get_host_from_principal(principal):
|
||||
"""
|
||||
Given a principal with or without a realm return the
|
||||
@ -378,8 +404,10 @@ api.register(cert_status)
|
||||
|
||||
|
||||
_serial_number = Str('serial_number',
|
||||
validate_serial_number,
|
||||
label=_('Serial number'),
|
||||
doc=_('Serial number in decimal or if prefixed with 0x in hexadecimal'),
|
||||
normalizer=normalize_serial_number,
|
||||
)
|
||||
|
||||
class cert_show(VirtualCommand):
|
||||
|
Loading…
Reference in New Issue
Block a user