Update pkcs10 module functions to always load CSRs and allow selecting format.

This change makes the pkcs10 module more consistent with the x509 module.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Jan Cholasta 2013-10-16 07:39:51 +00:00 committed by Petr Viktorin
parent bab88eb1ed
commit d5e35f92a5
3 changed files with 33 additions and 31 deletions

View File

@ -27,24 +27,32 @@ from ipalib import api
PEM = 0
DER = 1
def get_subjectaltname(request):
"""
Given a CSR return the subjectaltname value, if any.
The return value is a tuple of strings or None
"""
for extension in request.extensions:
if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME:
return nss.x509_alt_name(extension.value)
return None
def get_subject(request):
def get_subject(csr, datatype=PEM):
"""
Given a CSR return the subject value.
This returns an nss.DN object.
"""
return request.subject
request = load_certificate_request(csr, datatype)
try:
return request.subject
finally:
del request
def get_subjectaltname(csr, datatype=PEM):
"""
Given a CSR return the subjectaltname value, if any.
The return value is a tuple of strings or None
"""
request = load_certificate_request(csr, datatype)
try:
for extension in request.extensions:
if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME:
return nss.x509_alt_name(extension.value)
finally:
del request
return None
def strip_header(csr):
"""
@ -61,21 +69,21 @@ def strip_header(csr):
return csr
def load_certificate_request(csr):
def load_certificate_request(csr, datatype=PEM):
"""
Given a base64-encoded certificate request, with or without the
header/footer, return a request object.
"""
csr = strip_header(csr)
substrate = base64.b64decode(csr)
if datatype == PEM:
csr = strip_header(csr)
csr = base64.b64decode(csr)
# A fail-safe so we can always read a CSR. python-nss/NSS will segfault
# otherwise
if not nss.nss_is_initialized():
nss.nss_init_nodb()
return nss.CertificateRequest(substrate)
return nss.CertificateRequest(csr)
if __name__ == '__main__':
nss.nss_init_nodb()
@ -85,9 +93,6 @@ if __name__ == '__main__':
csrlines = sys.stdin.readlines()
csr = ''.join(csrlines)
csr = load_certificate_request(csr)
print csr
print load_certificate_request(csr)
print get_subject(csr)
print get_subjectaltname(csr)

View File

@ -138,9 +138,8 @@ def get_csr_hostname(csr):
Return the value of CN in the subject of the request or None
"""
try:
request = pkcs10.load_certificate_request(csr)
subject = pkcs10.get_subject(request)
return subject.common_name
subject = pkcs10.get_subject(csr)
return subject.common_name #pylint: disable=E1101
except NSPRError, nsprerr:
raise errors.CertificateOperationError(
error=_('Failure decoding Certificate Signing Request: %s') % nsprerr)
@ -368,8 +367,7 @@ class cert_request(VirtualCommand):
"to the 'userCertificate' attribute of entry '%s'.") % dn)
# Validate the subject alt name, if any
request = pkcs10.load_certificate_request(csr)
subjectaltname = pkcs10.get_subjectaltname(request)
subjectaltname = pkcs10.get_subjectaltname(csr)
if subjectaltname is not None:
for name in subjectaltname:
name = unicode(name)

View File

@ -54,9 +54,8 @@ class test_update(object):
Test simple CSR with no attributes
"""
csr = self.read_file("test0.csr")
request = pkcs10.load_certificate_request(csr)
subject = pkcs10.get_subject(request)
subject = pkcs10.get_subject(csr)
assert(subject.common_name == 'test.example.com')
assert(subject.state_name == 'California')
@ -69,7 +68,7 @@ class test_update(object):
csr = self.read_file("test1.csr")
request = pkcs10.load_certificate_request(csr)
subject = pkcs10.get_subject(request)
subject = request.subject
assert(subject.common_name == 'test.example.com')
assert(subject.state_name == 'California')
@ -86,7 +85,7 @@ class test_update(object):
csr = self.read_file("test2.csr")
request = pkcs10.load_certificate_request(csr)
subject = pkcs10.get_subject(request)
subject = request.subject
assert(subject.common_name == 'test.example.com')
assert(subject.state_name == 'California')