diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2011-02-16 13:07:13 +0100 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-02-16 22:04:44 -0500 |
| commit | 36070555d1bd49aa1b25180db982a31dbac694a1 (patch) | |
| tree | ade3b61a36e61ff84b72fad2a4dadb181bca8dc6 | |
| parent | 669c9d118027e890b4f6ed130815757fc4977e7a (diff) | |
| download | freeipa-36070555d1bd49aa1b25180db982a31dbac694a1.tar.gz freeipa-36070555d1bd49aa1b25180db982a31dbac694a1.tar.xz freeipa-36070555d1bd49aa1b25180db982a31dbac694a1.zip | |
Validate and convert certificate SN
The cert plugin only worked OK with decimal certificate serial numbers.
This patch allows specifying the serial number in hexadecimal, too. The
conversion now works such that:
* with no explicit radix, a best-effort conversion is done using int(str,
0) in python. If the format is ambiguous, decimal takes precedence.
* a hexadecimal radix can be specified explicitly with the traditional
0x prefix
https://fedorahosted.org/freeipa/ticket/958
https://fedorahosted.org/freeipa/ticket/953
| -rw-r--r-- | API.txt | 6 | ||||
| -rw-r--r-- | ipalib/plugins/cert.py | 28 |
2 files changed, 31 insertions, 3 deletions
@@ -303,7 +303,7 @@ output: Output('count', <type 'int'>, Gettext('', domain='ipa', localedir=None)) output: Output('results', <type 'list'>, Gettext('', domain='ipa', localedir=None)) command: cert_remove_hold args: 1,0,1 -arg: Str('serial_number', label=Gettext('Serial number', domain='ipa', localedir=None)) +arg: Str('serial_number', validate_serial_number, label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number) output: Output('result', None, None) command: cert_request args: 1,3,1 @@ -314,12 +314,12 @@ option: Flag('add', autofill=True, default=False,lag('add', autofill=True, defau output: Output('result', <type 'dict'>, Gettext('Dictionary mapping variable name to value', domain='ipa', localedir=None)) command: cert_revoke args: 1,1,1 -arg: Str('serial_number', label=Gettext('Serial number', domain='ipa', localedir=None)) +arg: Str('serial_number', validate_serial_number, label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number) option: Int('revocation_reason?', default=0, label=Gettext('Reason', domain='ipa', localedir=None), maxvalue=10, minvalue=0) output: Output('result', None, None) command: cert_show args: 1,1,1 -arg: Str('serial_number', label=Gettext('Serial number', domain='ipa', localedir=None)) +arg: Str('serial_number', validate_serial_number, label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number) option: Str('out?', exclude='webui', label=Gettext('Output filename', domain='ipa', localedir=None)) output: Output('result', None, None) command: cert_status diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index f5ffd158d..19e0780d5 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -141,6 +141,32 @@ def normalize_csr(csr): return csr +def _convert_serial_number(num): + """ + Convert a SN given in decimal or hexadecimal. + Returns the number or None if conversion fails. + """ + # plain decimal or hexa with radix prefix + try: + num = int(num, 0) + except ValueError: + try: + # hexa without prefix + num = int(num, 16) + except ValueError: + num = None + + return num + +def validate_serial_number(ugettext, num): + if _convert_serial_number(num) == None: + return u"Decimal or hexadecimal number is required for serial number" + return None + +def normalize_serial_number(num): + # It's been already validated + return unicode(_convert_serial_number(num)) + def get_host_from_principal(principal): """ Given a principal with or without a realm return the @@ -378,8 +404,10 @@ api.register(cert_status) _serial_number = Str('serial_number', + validate_serial_number, label=_('Serial number'), doc=_('Serial number in decimal or if prefixed with 0x in hexadecimal'), + normalizer=normalize_serial_number, ) class cert_show(VirtualCommand): |