diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-05-21 17:34:00 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-05-21 17:34:00 -0400 |
commit | 13696ae18ba64beec92e0cee2c0f837fd19384e3 (patch) | |
tree | 22fce7ce36d80df1bb486fcda73be99d14d9524d | |
parent | eec367b0c84ccb483388dc1b8c3c29202bd5236c (diff) | |
download | freeipa-13696ae18ba64beec92e0cee2c0f837fd19384e3.tar.gz freeipa-13696ae18ba64beec92e0cee2c0f837fd19384e3.tar.xz freeipa-13696ae18ba64beec92e0cee2c0f837fd19384e3.zip |
Raise an exception if the certificate chain is not returned from the CA
-rw-r--r-- | ipalib/errors.py | 16 | ||||
-rw-r--r-- | ipapython/dogtag.py | 21 |
2 files changed, 31 insertions, 6 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index 71bbedb2c..f7e01f7da 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -965,6 +965,22 @@ class Base64DecodeError(ExecutionError): errno = 4015 format = _('Base64 decoding failed: %(reason)s') +class RemoteRetrieveError(ExecutionError): + """ + **4016** Raised when retrieving data from a remote server fails + + For example: + + >>> raise RemoteRetrieveError(reason="Error: Failed to get certificate chain.") + Traceback (most recent call last): + ... + RemoteRetrieveError: Error: Failed to get certificate chain. + + """ + + errno = 4016 + format = _('%(reason)s') + class BuiltinError(ExecutionError): """ **4100** Base class for builtin execution errors (*4100 - 4199*). diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index d0afbb122..684754f44 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -17,7 +17,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -from ipalib import api +from ipalib import api, errors import httplib import xml.dom.minidom @@ -31,11 +31,20 @@ def get_ca_certchain(): res = conn.getresponse() if res.status == 200: data = res.read() - - doc = xml.dom.minidom.parseString(data) - item_node = doc.getElementsByTagName("ChainBase64") - chain = item_node[0].childNodes[0].data - doc.unlink() conn.close() + try: + doc = xml.dom.minidom.parseString(data) + try: + item_node = doc.getElementsByTagName("ChainBase64") + chain = item_node[0].childNodes[0].data + except IndexError: + try: + item_node = doc.getElementsByTagName("Error") + reason = item_node[0].childNodes[0].data + raise errors.RemoteRetrieveError(reason=reason) + except: + raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed") + finally: + doc.unlink() return chain |