mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
installutils: remove hardcoded subject DN assumption
`installutils.load_external_cert` assumes that the IPA CA subject DN is `CN=Certificate Authority, {subject_base}`. In preparation for full customisability of IPA CA subject DN, push this assumption out of this function to call sites (which will be updated in a subsequent commit). Part of: https://fedorahosted.org/freeipa/ticket/2614 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
parent
324183cd63
commit
db6674096c
@ -109,7 +109,9 @@ def install_check(standalone, replica_config, options):
|
||||
"--external-ca.")
|
||||
|
||||
external_cert_file, external_ca_file = installutils.load_external_cert(
|
||||
options.external_cert_files, options.subject)
|
||||
options.external_cert_files,
|
||||
DN(('CN', 'Certificate Authority'), options.subject)
|
||||
)
|
||||
elif options.external_ca:
|
||||
if cainstance.is_step_one_done():
|
||||
raise ScriptError(
|
||||
|
@ -1095,7 +1095,8 @@ def check_entropy():
|
||||
except ValueError as e:
|
||||
root_logger.debug("Invalid value in %s %s", paths.ENTROPY_AVAIL, e)
|
||||
|
||||
def load_external_cert(files, subject_base):
|
||||
|
||||
def load_external_cert(files, ca_subject):
|
||||
"""
|
||||
Load and verify external CA certificate chain from multiple files.
|
||||
|
||||
@ -1103,7 +1104,7 @@ def load_external_cert(files, subject_base):
|
||||
chain formats.
|
||||
|
||||
:param files: Names of files to import
|
||||
:param subject_base: Subject name base for IPA certificates
|
||||
:param ca_subject: IPA CA subject DN
|
||||
:returns: Temporary file with the IPA CA certificate and temporary file
|
||||
with the external CA certificate chain
|
||||
"""
|
||||
@ -1117,7 +1118,7 @@ def load_external_cert(files, subject_base):
|
||||
except RuntimeError as e:
|
||||
raise ScriptError(str(e))
|
||||
|
||||
ca_subject = DN(('CN', 'Certificate Authority'), subject_base)
|
||||
ca_subject = DN(ca_subject)
|
||||
ca_nickname = None
|
||||
cache = {}
|
||||
for nickname, _trust_flags in nssdb.list_certs():
|
||||
|
@ -192,8 +192,6 @@ class CACertManage(admintool.AdminTool):
|
||||
|
||||
options = self.options
|
||||
conn = api.Backend.ldap2
|
||||
cert_file, ca_file = installutils.load_external_cert(
|
||||
options.external_cert_files, x509.subject_base())
|
||||
|
||||
old_cert_obj = x509.load_certificate(old_cert_der, x509.DER)
|
||||
old_der_subject = x509.get_der_subject(old_cert_der, x509.DER)
|
||||
@ -202,6 +200,11 @@ class CACertManage(admintool.AdminTool):
|
||||
serialization.PublicFormat.SubjectPublicKeyInfo
|
||||
)
|
||||
|
||||
cert_file, ca_file = installutils.load_external_cert(
|
||||
options.external_cert_files,
|
||||
DN(('CN', 'Certificate Authority'), x509.subject_base())
|
||||
)
|
||||
|
||||
with open(cert_file.name) as f:
|
||||
new_cert_data = f.read()
|
||||
new_cert_der = x509.normalize_certificate(new_cert_data)
|
||||
|
Loading…
Reference in New Issue
Block a user