IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

certdb: accumulate extracted certs as list of PEMs

Browse Source 
certdb.NSSDatabase.import_files currently accumulates certificates
extracted from input files as a string, which is ugly.  Accumulate a
list of PEMs instead, and join() them just in time for PKCS #12
creation.

Part of: https://fedorahosted.org/freeipa/ticket/6178

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
This commit is contained in:
Fraser Tweedale 2016-11-18 10:04:24 +10:00 committed by Jan Cholasta
parent c7ea56c049
commit cc5b88e5d4
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ipapython/certdb.py
View File

@ -203,7 +203,7 @@ class NSSDatabase(object):
""" """
key_file = None key_file = None
extracted_key = None extracted_key = None
extracted_certs = '' extracted_certs = []
for filename in files: for filename in files:
try: try:
@ -234,7 +234,7 @@ class NSSDatabase(object):
filename, line, e) filename, line, e)
continue continue
else: else:
extracted_certs += body + '\n' extracted_certs.append(body)
loaded = True loaded = True
continue continue
@ -252,7 +252,7 @@ class NSSDatabase(object):
filename, line, e) filename, line, e)
continue continue
else: else:
extracted_certs += '\n'.join(certs) + '\n' extracted_certs.extend(certs)
loaded = True loaded = True
continue continue
@ -302,7 +302,7 @@ class NSSDatabase(object):
pass pass
else: else:
data = x509.make_pem(base64.b64encode(data)) data = x509.make_pem(base64.b64encode(data))
extracted_certs += data + '\n' extracted_certs.append(data)
continue continue
# Try to import the file as PKCS#12 file # Try to import the file as PKCS#12 file
@ -343,14 +343,15 @@ class NSSDatabase(object):
raise RuntimeError( raise RuntimeError(
"No server certificates found in %s" % (', '.join(files))) "No server certificates found in %s" % (', '.join(files)))
certs = x509.load_certificate_list(extracted_certs) for cert_pem in extracted_certs:
for cert in certs: cert = x509.load_certificate(cert_pem)
nickname = str(DN(cert.subject)) nickname = str(DN(cert.subject))
data = cert.public_bytes(serialization.Encoding.DER) data = cert.public_bytes(serialization.Encoding.DER)
self.add_cert(data, nickname, ',,') self.add_cert(data, nickname, ',,')
if extracted_key: if extracted_key:
in_file = ipautil.write_tmp_file(extracted_certs + extracted_key) in_file = ipautil.write_tmp_file(
'\n'.join(extracted_certs) + '\n' + extracted_key)
out_file = tempfile.NamedTemporaryFile() out_file = tempfile.NamedTemporaryFile()
out_password = ipautil.ipa_generate_password() out_password = ipautil.ipa_generate_password()
out_pwdfile = ipautil.write_tmp_file(out_password) out_pwdfile = ipautil.write_tmp_file(out_password)