Add NotImplementedError type so CA plugins can return client-friendly errors

Ignore NotImplementedError when revoking a certificate as this isn't
implemented in the selfsign plugin.

Also use the new type argument in x509.load_certificate(). Certificates
are coming out of LDAP as binary instead of base64-encoding.
This commit is contained in:
Rob Crittenden 2009-12-01 17:17:15 -05:00 committed by Jason Gerard DeRose
parent cb4c0d6caf
commit 4348b5f8c4
2 changed files with 18 additions and 3 deletions

View File

@ -746,6 +746,14 @@ class PasswordMismatch(InvocationError):
errno = 3011
format = _('Passwords do not match')
class NotImplementedError(InvocationError):
"""
**3012** Raise when a function hasn't been implemented.
"""
errno = 3012
format = _('Command not implemented')
##############################################################################
# 4000 - 4999: Execution errors

View File

@ -27,15 +27,18 @@ from ipalib import api, errors
from ipalib import Str, Flag, Bytes
from ipalib.plugins.baseldap import *
from ipalib import x509
from pyasn1.error import PyAsn1Error
def get_serial(certificate):
"""
Given a certificate, return the serial number in that cert.
"""
if type(certificate) in (list, tuple):
certificate = certificate[0]
try:
serial = str(x509.get_serial_number(certificate))
except crypto.Error:
serial = str(x509.get_serial_number(certificate, type=x509.DER))
except PyAsn1Error:
raise errors.GenericError(
format='Unable to decode certificate in entry'
)
@ -186,7 +189,11 @@ class service_del(LDAPDelete):
cert = entry_attrs.get('usercertificate')
if cert:
serial = unicode(get_serial(cert))
try:
self.api.Command['cert_revoke'](serial, revocation_reason=5)
except errors.NotImplementedError:
# selfsign CA doesn't do revocation
pass
return dn
api.register(service_del)