Accept an incoming certificate as either DER or base64 in the service plugin.

The plugin required a base64-encoded certificate and always decoded it before processing. This doesn't work with the UI because the json module decodes binary values already. Try to detect if the incoming value is base64-encoded and decode if necessary. Finally, try to pull the cert apart to validate it. This will tell us for sure that the data is a certificate, regardless of the format it came in as. ticket 348
2025-02-25 18:55:28 -06:00 · 2010-10-08 13:15:03 -04:00
parent dccb386d57
commit d2a9ccf407
4 changed files with 86 additions and 17 deletions
--- a/tests/test_xmlrpc/test_service_plugin.py
+++ b/tests/test_xmlrpc/test_service_plugin.py
@@ -24,6 +24,7 @@ Test the `ipalib/plugins/service.py` module.
 from ipalib import api, errors
 from tests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid
 from tests.test_xmlrpc import objectclasses
+import base64


 fqdn1 = u'testhost1.%s' % api.env.domain
@@ -34,6 +35,8 @@ service1dn = u'krbprincipalname=%s,cn=services,cn=accounts,%s' % (service1.lower
 host1dn = u'fqdn=%s,cn=computers,cn=accounts,%s' % (fqdn1, api.env.basedn)
 host2dn = u'fqdn=%s,cn=computers,cn=accounts,%s' % (fqdn2, api.env.basedn)

+servercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv'
+

 class test_host(Declarative):

@@ -53,7 +56,7 @@ class test_host(Declarative):

        dict(
            desc='Try to update non-existent %r' % service1,
-            command=('service_mod', [service1], dict(usercertificate='Nope')),
+            command=('service_mod', [service1], dict(usercertificate=servercert)),
            expected=errors.NotFound(reason='no such entry'),
        ),

@@ -223,12 +226,12 @@ class test_host(Declarative):

        dict(
            desc='Update %r' % service1,
-            command=('service_mod', [service1], dict(usercertificate='aGVsbG8=')),
+            command=('service_mod', [service1], dict(usercertificate=servercert)),
            expected=dict(
                value=service1,
                summary=u'Modified service "%s"' % service1,
                result=dict(
-                    usercertificate=['hello'],
+                    usercertificate=[base64.b64decode(servercert)],
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                ),
@@ -244,7 +247,7 @@ class test_host(Declarative):
                summary=None,
                result=dict(
                    dn=service1dn,
-                    usercertificate=['hello'],
+                    usercertificate=[base64.b64decode(servercert)],
                    krbprincipalname=[service1],
                    has_keytab=False,
                    managedby_host=[fqdn1],
@@ -273,7 +276,7 @@ class test_host(Declarative):

        dict(
            desc='Try to update non-existent %r' % service1,
-            command=('service_mod', [service1], dict(usercertificate='Nope')),
+            command=('service_mod', [service1], dict(usercertificate=servercert)),
            expected=errors.NotFound(reason='no such entry'),
        ),