Handle CSRs whether they have NEW in the header or not

Also consolidate some duplicate code
2025-01-11 00:31:56 -06:00 · 2010-05-03 17:38:39 -04:00 · 2010-05-03 17:38:39 -04:00 · 3ea044fb59
commit 3ea044fb59
parent 3698dca8e3
4 changed files with 10 additions and 23 deletions
--- a/ipalib/pkcs10.py
+++ b/ipalib/pkcs10.py
@ -372,12 +372,14 @@ def strip_header(csr):
    """
    Remove the header and footer from a CSR.
    """
+    headerlen = 40
    s = csr.find("-----BEGIN NEW CERTIFICATE REQUEST-----")
    if s == -1:
+        headerlen = 36
        s = csr.find("-----BEGIN CERTIFICATE REQUEST-----")
    if s >= 0:
        e = csr.find("-----END")
-        csr = csr[s+40:e]
+        csr = csr[s+headerlen:e]

    return csr

--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@ -19,6 +19,7 @@

 from ipapython import ipautil
 from ipapython import nsslib
+from ipalib import pkcs10
 import tempfile
 import sha
 import shutil
@ -99,13 +100,7 @@ class CertDB(object):
        f.close()
        csr = "".join(csr)

-        # We just want the CSR bits, make sure there is nothing else
-        s = csr.find("-----BEGIN NEW CERTIFICATE REQUEST-----")
-        e = csr.find("-----END NEW CERTIFICATE REQUEST-----")
-        if e > 0:
-            e = e + 37
-        if s >= 0:
-            csr = csr[s:]
+        csr = pkcs10.strip_header(csr)

        return csr

--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@ -36,6 +36,7 @@ import urllib
 import xml.dom.minidom
 import stat
 from ipapython import dogtag
+from ipalib import pkcs10
 import subprocess

 from nss.error import NSPRError
@ -911,9 +912,7 @@ class CAInstance(service.Service):
        finally:
            os.remove(noise_name)

-        csr = stdout.find("-----BEGIN NEW CERTIFICATE REQUEST-----")
-        if csr >= 0:
-            csr = stdout[csr:]
+        csr = pkcs10.strip_header(stdout)

        # Send the request to the CA
        conn = httplib.HTTPConnection(self.host_name, 9180)
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@ -32,6 +32,7 @@ from ipapython import nsslib
 from ipapython import dogtag
 from ipapython import sysrestore
 from ipapython import ipautil
+from ipalib import pkcs10
 from ConfigParser import RawConfigParser

 from nss.error import NSPRError
@ -552,12 +553,7 @@ class CertDB(object):
            csr = "".join(csr)

            # We just want the CSR bits, make sure there is nothing else
-            s = csr.find("-----BEGIN NEW CERTIFICATE REQUEST-----")
-            e = csr.find("-----END NEW CERTIFICATE REQUEST-----")
-            if e > 0:
-                e = e + 37
-            if s >= 0:
-                csr = csr[s:]
+            csr = pkcs10.strip_header(csr)

            params = {'profileId': 'caRAserverCert',
                    'cert_request_type': 'pkcs10',
@ -639,12 +635,7 @@ class CertDB(object):
            csr = "".join(csr)

            # We just want the CSR bits, make sure there is no thing else
-            s = csr.find("-----BEGIN NEW CERTIFICATE REQUEST-----")
-            e = csr.find("-----END NEW CERTIFICATE REQUEST-----")
-            if e > 0:
-                e = e + 37
-            if s >= 0:
-                csr = csr[s:]
+            csr = pkcs10.strip_header(csr)

            params = {'profileId': 'caJarSigningCert',
                    'cert_request_type': 'pkcs10',