IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Do not decode HTTP reason phrase from Dogtag

Browse Source 
The HTTP reason phrase sent by Dogtag is assumed to be encoded in
UTF-8, but the encoding used by Tomcat is dependent on system
locale, causing decode errors in some locales.

The reason phrase is optional and will not be sent in a future
version of Tomcat[1], so do not bother decoding and returning it.

[1] 707ab1c77f

Fixes: https://fedorahosted.org/freeipa/ticket/5578
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Fraser Tweedale 2016-01-06 14:50:42 +11:00 committed by Jan Cholasta
parent 6b2b173a4d
commit fe94222873
3 changed files with 36 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ipapython/dogtag.py
View File

@ -118,14 +118,14 @@ def ca_status(ca_host=None, use_proxy=True):
ca_port = 443
else:
ca_port = 8443
status, reason, headers, body = unauthenticated_https_request(
status, headers, body = unauthenticated_https_request(
ca_host, ca_port, '/ca/admin/ca/getStatus')
if status == 503:
# Service temporarily unavailable
return reason
return status
elif status != 200:
raise errors.RemoteRetrieveError(
reason=_("Retrieving CA status failed: %s") % reason)
reason=_("Retrieving CA status failed with status %d") % status)
return _parse_ca_status(body)
@ -136,8 +136,8 @@ def https_request(host, port, url, secdir, password, nickname,
:param url: The path (not complete URL!) to post to.
:param body: The request body (encodes kw if None)
:param kw: Keyword arguments to encode into POST body.
:return: (http_status, http_reason_phrase, http_headers, http_body)
as (integer, unicode, dict, str)
:return: (http_status, http_headers, http_body)
as (integer, dict, str)
Perform a client authenticated HTTPS request
"""
@ -165,8 +165,8 @@ def http_request(host, port, url, **kw):
"""
:param url: The path (not complete URL!) to post to.
:param kw: Keyword arguments to encode into POST body.
:return: (http_status, http_reason_phrase, http_headers, http_body)
as (integer, unicode, dict, str)
:return: (http_status, http_headers, http_body)
as (integer, dict, str)
Perform an HTTP request.
"""
@ -179,8 +179,8 @@ def unauthenticated_https_request(host, port, url, **kw):
"""
:param url: The path (not complete URL!) to post to.
:param kw: Keyword arguments to encode into POST body.
:return: (http_status, http_reason_phrase, http_headers, http_body)
as (integer, unicode, dict, str)
:return: (http_status, http_headers, http_body)
as (integer, dict, str)
Perform an unauthenticated HTTPS request.
"""
@ -219,15 +219,14 @@ def _httplib_request(
res = conn.getresponse()
http_status = res.status
http_reason_phrase = unicode(res.reason, 'utf-8')
http_headers = res.msg.dict
http_body = res.read()
conn.close()
except Exception as e:
raise NetworkError(uri=uri, error=str(e))
root_logger.debug('response status %d %s', http_status, http_reason_phrase)
root_logger.debug('response status %d', http_status)
root_logger.debug('response headers %s', http_headers)
root_logger.debug('response body %r', http_body)
return http_status, http_reason_phrase, http_headers, http_body
return http_status, http_headers, http_body

7
ipaserver/install/certs.py
View File

@ -403,12 +403,11 @@ class CertDB(object):
result = dogtag.https_request(
self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
self.secdir, password, "ipaCert", **params)
http_status, http_reason_phrase, http_headers, http_body = result
http_status, http_headers, http_body = result
if http_status != 200:
raise CertificateOperationError(
error=_('Unable to communicate with CMS (%s)') %
http_reason_phrase)
error=_('Unable to communicate with CMS (status %d)') % http_status)
# The result is an XML blob. Pull the certificate out of that
doc = xml.dom.minidom.parseString(http_body)
@ -457,7 +456,7 @@ class CertDB(object):
result = dogtag.https_request(
self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
self.secdir, password, "ipaCert", **params)
http_status, http_reason_phrase, http_headers, http_body = result
http_status, http_headers, http_body = result
if http_status != 200:
raise RuntimeError("Unable to submit cert request")

44
ipaserver/plugins/dogtag.py
View File

@ -1351,8 +1351,8 @@ class ra(rabase.rabase):
"""
:param url: The URL to post to.
:param kw: Keyword arguments to encode into POST body.
:return: (http_status, http_reason_phrase, http_headers, http_body)
as (integer, unicode, dict, str)
:return: (http_status, http_headers, http_body)
as (integer, dict, str)
Perform an HTTP request.
"""
@ -1362,8 +1362,8 @@ class ra(rabase.rabase):
"""
:param url: The URL to post to.
:param kw: Keyword arguments to encode into POST body.
:return: (http_status, http_reason_phrase, http_headers, http_body)
as (integer, unicode, dict, str)
:return: (http_status, http_headers, http_body)
as (integer, dict, str)
Perform an HTTPS request
"""
@ -1423,7 +1423,7 @@ class ra(rabase.rabase):
self.debug('%s.check_request_status()', self.fullname)
# Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
http_status, http_headers, http_body = \
self._request('/ca/ee/ca/checkRequest',
self.env.ca_port,
requestId=request_id,
@ -1432,7 +1432,7 @@ class ra(rabase.rabase):
# Parse and handle errors
if http_status != 200:
self.raise_certificate_operation_error('check_request_status',
detail=http_reason_phrase)
detail=http_status)
parse_result = self.get_parse_result_xml(http_body, parse_check_request_result_xml)
request_status = parse_result['request_status']
@ -1508,7 +1508,7 @@ class ra(rabase.rabase):
serial_number = int(serial_number, 0)
# Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
http_status, http_headers, http_body = \
self._sslget('/ca/agent/ca/displayBySerial',
self.env.ca_agent_port,
serialNumber=str(serial_number),
@ -1518,7 +1518,7 @@ class ra(rabase.rabase):
# Parse and handle errors
if http_status != 200:
self.raise_certificate_operation_error('get_certificate',
detail=http_reason_phrase)
detail=http_status)
parse_result = self.get_parse_result_xml(http_body, parse_display_cert_xml)
request_status = parse_result['request_status']
@ -1576,7 +1576,7 @@ class ra(rabase.rabase):
self.debug('%s.request_certificate()', self.fullname)
# Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
http_status, http_headers, http_body = \
self._sslget('/ca/eeca/ca/profileSubmitSSLClient',
self.env.ca_ee_port,
profileId=profile_id,
@ -1586,7 +1586,7 @@ class ra(rabase.rabase):
# Parse and handle errors
if http_status != 200:
self.raise_certificate_operation_error('request_certificate',
detail=http_reason_phrase)
detail=http_status)
parse_result = self.get_parse_result_xml(http_body, parse_profile_submit_result_xml)
# Note different status return, it's not request_status, it's error_code
@ -1655,7 +1655,7 @@ class ra(rabase.rabase):
serial_number = int(serial_number, 0)
# Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
http_status, http_headers, http_body = \
self._sslget('/ca/agent/ca/doRevoke',
self.env.ca_agent_port,
op='revoke',
@ -1667,7 +1667,7 @@ class ra(rabase.rabase):
# Parse and handle errors
if http_status != 200:
self.raise_certificate_operation_error('revoke_certificate',
detail=http_reason_phrase)
detail=http_status)
parse_result = self.get_parse_result_xml(http_body, parse_revoke_cert_xml)
request_status = parse_result['request_status']
@ -1718,7 +1718,7 @@ class ra(rabase.rabase):
serial_number = int(serial_number, 0)
# Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
http_status, http_headers, http_body = \
self._sslget('/ca/agent/ca/doUnrevoke',
self.env.ca_agent_port,
serialNumber=str(serial_number),
@ -1727,7 +1727,7 @@ class ra(rabase.rabase):
# Parse and handle errors
if http_status != 200:
self.raise_certificate_operation_error('take_certificate_off_hold',
detail=http_reason_phrase)
detail=http_status)
parse_result = self.get_parse_result_xml(http_body, parse_unrevoke_cert_xml)
@ -2030,7 +2030,7 @@ class RestClient(Backend):
"""Log into the REST API"""
if self.cookie is not None:
return
status, status_text, resp_headers, resp_body = dogtag.https_request(
status, resp_headers, resp_body = dogtag.https_request(
self.ca_host, self.override_port or self.env.ca_agent_port,
'/ca/rest/account/login',
self.sec_dir, self.password, self.ipa_certificate_nickname,
@ -2056,8 +2056,8 @@ class RestClient(Backend):
"""
:param url: The URL to post to.
:param kw: Keyword arguments to encode into POST body.
:return: (http_status, http_reason_phrase, http_headers, http_body)
as (integer, unicode, dict, str)
:return: (http_status, http_headers, http_body)
as (integer, dict, str)
Perform an HTTPS request
"""
@ -2071,7 +2071,7 @@ class RestClient(Backend):
resource = os.path.join('/ca/rest', self.path, path)
# perform main request
status, status_text, resp_headers, resp_body = dogtag.https_request(
status, resp_headers, resp_body = dogtag.https_request(
self.ca_host, self.override_port or self.env.ca_agent_port,
resource,
self.sec_dir, self.password, self.ipa_certificate_nickname,
@ -2080,10 +2080,10 @@ class RestClient(Backend):
if status < 200 or status >= 300:
explanation = self._parse_dogtag_error(resp_body) or ''
raise errors.RemoteRetrieveError(
reason=_('Non-2xx response from CA REST API: %(status)d %(status_text)s. %(explanation)s')
% {'status': status, 'status_text': status_text, 'explanation': explanation}
reason=_('Non-2xx response from CA REST API: %(status)d. %(explanation)s')
% {'status': status, 'explanation': explanation}
)
return (status, status_text, resp_headers, resp_body)
return (status, resp_headers, resp_body)
class ra_certprofile(RestClient):
@ -2108,7 +2108,7 @@ class ra_certprofile(RestClient):
"""
Read the profile configuration from Dogtag
"""
status, status_text, resp_headers, resp_body = self._ssldo(
status, resp_headers, resp_body = self._ssldo(
'GET', profile_id + '/raw')
return resp_body