mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Update pkcs10 module functions to always load CSRs and allow selecting format.
This change makes the pkcs10 module more consistent with the x509 module. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
parent
bab88eb1ed
commit
d5e35f92a5
@ -27,24 +27,32 @@ from ipalib import api
|
||||
PEM = 0
|
||||
DER = 1
|
||||
|
||||
def get_subjectaltname(request):
|
||||
"""
|
||||
Given a CSR return the subjectaltname value, if any.
|
||||
|
||||
The return value is a tuple of strings or None
|
||||
"""
|
||||
for extension in request.extensions:
|
||||
if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME:
|
||||
return nss.x509_alt_name(extension.value)
|
||||
return None
|
||||
|
||||
def get_subject(request):
|
||||
def get_subject(csr, datatype=PEM):
|
||||
"""
|
||||
Given a CSR return the subject value.
|
||||
|
||||
This returns an nss.DN object.
|
||||
"""
|
||||
return request.subject
|
||||
request = load_certificate_request(csr, datatype)
|
||||
try:
|
||||
return request.subject
|
||||
finally:
|
||||
del request
|
||||
|
||||
def get_subjectaltname(csr, datatype=PEM):
|
||||
"""
|
||||
Given a CSR return the subjectaltname value, if any.
|
||||
|
||||
The return value is a tuple of strings or None
|
||||
"""
|
||||
request = load_certificate_request(csr, datatype)
|
||||
try:
|
||||
for extension in request.extensions:
|
||||
if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME:
|
||||
return nss.x509_alt_name(extension.value)
|
||||
finally:
|
||||
del request
|
||||
return None
|
||||
|
||||
def strip_header(csr):
|
||||
"""
|
||||
@ -61,21 +69,21 @@ def strip_header(csr):
|
||||
|
||||
return csr
|
||||
|
||||
def load_certificate_request(csr):
|
||||
def load_certificate_request(csr, datatype=PEM):
|
||||
"""
|
||||
Given a base64-encoded certificate request, with or without the
|
||||
header/footer, return a request object.
|
||||
"""
|
||||
csr = strip_header(csr)
|
||||
|
||||
substrate = base64.b64decode(csr)
|
||||
if datatype == PEM:
|
||||
csr = strip_header(csr)
|
||||
csr = base64.b64decode(csr)
|
||||
|
||||
# A fail-safe so we can always read a CSR. python-nss/NSS will segfault
|
||||
# otherwise
|
||||
if not nss.nss_is_initialized():
|
||||
nss.nss_init_nodb()
|
||||
|
||||
return nss.CertificateRequest(substrate)
|
||||
return nss.CertificateRequest(csr)
|
||||
|
||||
if __name__ == '__main__':
|
||||
nss.nss_init_nodb()
|
||||
@ -85,9 +93,6 @@ if __name__ == '__main__':
|
||||
csrlines = sys.stdin.readlines()
|
||||
csr = ''.join(csrlines)
|
||||
|
||||
csr = load_certificate_request(csr)
|
||||
|
||||
print csr
|
||||
|
||||
print load_certificate_request(csr)
|
||||
print get_subject(csr)
|
||||
print get_subjectaltname(csr)
|
||||
|
@ -138,9 +138,8 @@ def get_csr_hostname(csr):
|
||||
Return the value of CN in the subject of the request or None
|
||||
"""
|
||||
try:
|
||||
request = pkcs10.load_certificate_request(csr)
|
||||
subject = pkcs10.get_subject(request)
|
||||
return subject.common_name
|
||||
subject = pkcs10.get_subject(csr)
|
||||
return subject.common_name #pylint: disable=E1101
|
||||
except NSPRError, nsprerr:
|
||||
raise errors.CertificateOperationError(
|
||||
error=_('Failure decoding Certificate Signing Request: %s') % nsprerr)
|
||||
@ -368,8 +367,7 @@ class cert_request(VirtualCommand):
|
||||
"to the 'userCertificate' attribute of entry '%s'.") % dn)
|
||||
|
||||
# Validate the subject alt name, if any
|
||||
request = pkcs10.load_certificate_request(csr)
|
||||
subjectaltname = pkcs10.get_subjectaltname(request)
|
||||
subjectaltname = pkcs10.get_subjectaltname(csr)
|
||||
if subjectaltname is not None:
|
||||
for name in subjectaltname:
|
||||
name = unicode(name)
|
||||
|
@ -54,9 +54,8 @@ class test_update(object):
|
||||
Test simple CSR with no attributes
|
||||
"""
|
||||
csr = self.read_file("test0.csr")
|
||||
request = pkcs10.load_certificate_request(csr)
|
||||
|
||||
subject = pkcs10.get_subject(request)
|
||||
subject = pkcs10.get_subject(csr)
|
||||
|
||||
assert(subject.common_name == 'test.example.com')
|
||||
assert(subject.state_name == 'California')
|
||||
@ -69,7 +68,7 @@ class test_update(object):
|
||||
csr = self.read_file("test1.csr")
|
||||
request = pkcs10.load_certificate_request(csr)
|
||||
|
||||
subject = pkcs10.get_subject(request)
|
||||
subject = request.subject
|
||||
|
||||
assert(subject.common_name == 'test.example.com')
|
||||
assert(subject.state_name == 'California')
|
||||
@ -86,7 +85,7 @@ class test_update(object):
|
||||
csr = self.read_file("test2.csr")
|
||||
request = pkcs10.load_certificate_request(csr)
|
||||
|
||||
subject = pkcs10.get_subject(request)
|
||||
subject = request.subject
|
||||
|
||||
assert(subject.common_name == 'test.example.com')
|
||||
assert(subject.state_name == 'California')
|
||||
|
Loading…
Reference in New Issue
Block a user