Accept an incoming certificate as either DER or base64 in the service plugin.

The plugin required a base64-encoded certificate and always decoded it before processing. This doesn't work with the UI because the json module decodes binary values already. Try to detect if the incoming value is base64-encoded and decode if necessary. Finally, try to pull the cert apart to validate it. This will tell us for sure that the data is a certificate, regardless of the format it came in as. ticket 348
2025-02-25 18:55:28 -06:00 · 2010-10-08 13:15:03 -04:00
parent dccb386d57
commit d2a9ccf407
4 changed files with 86 additions and 17 deletions
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1204,7 +1204,7 @@ class CertificateError(ExecutionError):
    errno = 4300


-class CertificateOperationError(ExecutionError):
+class CertificateOperationError(CertificateError):
    """
    **4301** Raised when a certificate operation cannot be completed

@@ -1220,6 +1220,22 @@ class CertificateOperationError(ExecutionError):
    errno = 4301
    format = _('Certificate operation cannot be completed: %(error)s')

+class CertificateFormatError(CertificateError):
+    """
+    **4302** Raised when a certificate is badly formatted
+
+    For example:
+
+    >>> raise CertificateFormatError(error=u'improperly formated DER-encoded certificate')
+    Traceback (most recent call last):
+      ...
+    CertificateFormatError: improperly formated DER-encoded certificate
+
+    """
+
+    errno = 4302
+    format = _('Certificate format error: %(error)s')
+

 class MutuallyExclusiveError(ExecutionError):
    """