mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
c925b44f43
In Python 3, cryptography requires certificate data to be binary. Even PEM encoded files are treated as binary content. certmap-match and cert-find were loading certificates as text files. A new BinaryFile type loads files as binary content. Fixes: https://pagure.io/freeipa/issue/7520 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
50 lines
1.6 KiB
Python
50 lines
1.6 KiB
Python
#
|
|
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
from ipaclient.frontend import MethodOverride
|
|
from ipalib import errors, x509
|
|
from ipalib.parameters import BinaryFile
|
|
from ipalib.plugable import Registry
|
|
from ipalib.text import _
|
|
|
|
register = Registry()
|
|
|
|
|
|
@register(override=True, no_fail=True)
|
|
class certmap_match(MethodOverride):
|
|
takes_args = (
|
|
BinaryFile(
|
|
'file?',
|
|
label=_("Input file"),
|
|
doc=_("File to load the certificate from"),
|
|
include='cli',
|
|
),
|
|
)
|
|
|
|
def get_args(self):
|
|
for arg in super(certmap_match, self).get_args():
|
|
if arg.name != 'certificate' or self.api.env.context != 'cli':
|
|
yield arg
|
|
|
|
def get_options(self):
|
|
for arg in super(certmap_match, self).get_args():
|
|
if arg.name == 'certificate' and self.api.env.context == 'cli':
|
|
yield arg.clone(required=False)
|
|
for option in super(certmap_match, self).get_options():
|
|
yield option
|
|
|
|
def forward(self, *args, **options):
|
|
if self.api.env.context == 'cli':
|
|
if args and 'certificate' in options:
|
|
raise errors.MutuallyExclusiveError(
|
|
reason=_("cannot specify both raw certificate and file"))
|
|
if args:
|
|
args = [x509.load_unknown_x509_certificate(args[0])]
|
|
elif 'certificate' in options:
|
|
args = [options.pop('certificate')]
|
|
else:
|
|
args = []
|
|
|
|
return super(certmap_match, self).forward(*args, **options)
|