mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Add NotImplementedError type so CA plugins can return client-friendly errors
Ignore NotImplementedError when revoking a certificate as this isn't implemented in the selfsign plugin. Also use the new type argument in x509.load_certificate(). Certificates are coming out of LDAP as binary instead of base64-encoding.
This commit is contained in:
parent
cb4c0d6caf
commit
4348b5f8c4
@ -746,6 +746,14 @@ class PasswordMismatch(InvocationError):
|
||||
errno = 3011
|
||||
format = _('Passwords do not match')
|
||||
|
||||
class NotImplementedError(InvocationError):
|
||||
"""
|
||||
**3012** Raise when a function hasn't been implemented.
|
||||
"""
|
||||
|
||||
errno = 3012
|
||||
format = _('Command not implemented')
|
||||
|
||||
|
||||
##############################################################################
|
||||
# 4000 - 4999: Execution errors
|
||||
|
@ -27,15 +27,18 @@ from ipalib import api, errors
|
||||
from ipalib import Str, Flag, Bytes
|
||||
from ipalib.plugins.baseldap import *
|
||||
from ipalib import x509
|
||||
from pyasn1.error import PyAsn1Error
|
||||
|
||||
|
||||
def get_serial(certificate):
|
||||
"""
|
||||
Given a certificate, return the serial number in that cert.
|
||||
"""
|
||||
if type(certificate) in (list, tuple):
|
||||
certificate = certificate[0]
|
||||
try:
|
||||
serial = str(x509.get_serial_number(certificate))
|
||||
except crypto.Error:
|
||||
serial = str(x509.get_serial_number(certificate, type=x509.DER))
|
||||
except PyAsn1Error:
|
||||
raise errors.GenericError(
|
||||
format='Unable to decode certificate in entry'
|
||||
)
|
||||
@ -186,7 +189,11 @@ class service_del(LDAPDelete):
|
||||
cert = entry_attrs.get('usercertificate')
|
||||
if cert:
|
||||
serial = unicode(get_serial(cert))
|
||||
try:
|
||||
self.api.Command['cert_revoke'](serial, revocation_reason=5)
|
||||
except errors.NotImplementedError:
|
||||
# selfsign CA doesn't do revocation
|
||||
pass
|
||||
return dn
|
||||
|
||||
api.register(service_del)
|
||||
|
Loading…
Reference in New Issue
Block a user