From 4e5e3eebb223b7f2760e21f22e42775982104b0d Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Tue, 14 Mar 2017 13:57:43 +0100
Subject: [PATCH] Re-use trust domain retrieval code in certmap validators

https://pagure.io/freeipa/issue/6372

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/plugins/certmap.py | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/ipaserver/plugins/certmap.py b/ipaserver/plugins/certmap.py
index e28b397c0..917463fc6 100644
--- a/ipaserver/plugins/certmap.py
+++ b/ipaserver/plugins/certmap.py
@@ -100,16 +100,11 @@ def check_associateddomain_is_trusted(api_inst, options):
     """
     domains = options.get('associateddomain')
     if domains:
-        trust_suffix_namespace = set()
+        trusted_domains = api_inst.Object.config.gather_trusted_domains()
+        trust_suffix_namespace = {dom_name.lower() for dom_name in
+                                  trusted_domains}
         trust_suffix_namespace.add(api_inst.env.domain.lower())
 
-        trust_objects = api_inst.Command.trust_find(sizelimit=0)['result']
-        for obj in trust_objects:
-            trustdomains = api_inst.Command.trustdomain_find(
-                obj['cn'][0], sizelimit=0)['result']
-            for domain in trustdomains:
-                trust_suffix_namespace.add(domain['cn'][0].lower())
-
         for dom in domains:
             if not str(dom).lower() in trust_suffix_namespace:
                 raise errors.ValidationError(