Make data type of certificates more obvious/predictable internally.

For the most part certificates will be treated as being in DER format. When we load a certificate we will generally accept it in any format but will convert it to DER before proceeding in normalize_certificate(). This also re-arranges a bit of code to pull some certificate-specific functions out of ipalib/plugins/service.py into ipalib/x509.py. This also tries to use variable names to indicate what format the certificate is in at any given point: dercert: DER cert: PEM nsscert: a python-nss Certificate object rawcert: unknown format ticket 32
author: Rob Crittenden <rcritten@redhat.com> 2011-06-08 10:54:41 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2011-06-21 19:09:50 -0400
commit: dd69c7dbe68e8f8674994a54ea913f2dd2e52c32 (patch)
tree: 5fdc303354eb26a1d2cd206c81babdc73e8d51b9 /ipalib/plugins/entitle.py
parent: 3a36eced53e540fe8f2b23eadf7dffda080324de (diff)
download: freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.tar.gz
freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.tar.xz
freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.zip
1 files changed, 9 insertions, 18 deletions
diff --git a/ipalib/plugins/entitle.py b/ipalib/plugins/entitle.py
index ad4c2c6df..ab7dd456f 100644
--- a/ipalib/plugins/entitle.py
+++ b/ipalib/plugins/entitle.py
@@ -78,7 +78,8 @@ import base64
 from OpenSSL import crypto
 from ipapython.ipautil import run
 from ipalib.request import context
-from ipalib.plugins.service import validate_certificate, normalize_certificate
+from ipalib.plugins.service import validate_certificate
+from ipalib import x509
 
 import locale
 
@@ -101,16 +102,6 @@ def read_pkcs12_pin():
     fp.close()
     return pwd
 
-def make_pem(data):
-    """
-    The M2Crypto/openSSL modules are very picky about PEM format and
-    require lines split to 64 characters with proper headers.
-    """
-    cert = '\n'.join([data[x:x+64] for x in range(0, len(data), 64)])
-    return '-----BEGIN CERTIFICATE-----\n' + \
-    cert + \
-    '\n-----END CERTIFICATE-----'
-
 def get_pool(ldap):
     """
     Get our entitlement pool. Assume there is only one pool.
@@ -256,7 +247,7 @@ class entitle_status(VirtualCommand):
             if u'usercertificate' in registrations:
                 certs = registrations['usercertificate']
                 for cert in certs:
-                    cert = make_pem(base64.b64encode(cert))
+                    cert = x509.make_pem(base64.b64encode(cert))
                     try:
                         pc = EntitlementCertificate(cert)
                         o = pc.getOrder()
@@ -358,7 +349,7 @@ class entitle_consume(LDAPUpdate):
             results = cp.getCertificates(uuid)
             usercertificate = []
             for cert in results:
-                usercertificate.append(normalize_certificate(cert['cert']))
+                usercertificate.append(x509.normalize_certificate(cert['cert']))
             entry_attrs['usercertificate'] = usercertificate
             entry_attrs['ipaentitlementid'] = uuid
         finally:
@@ -427,7 +418,7 @@ class entitle_get(VirtualCommand):
             if u'usercertificate' in registrations:
                 # make it look like a UEP cert
                 for cert in registrations['usercertificate']:
-                    certs.append(dict(cert = make_pem(base64.b64encode(cert))))
+                    certs.append(dict(cert = x509.make_pem(base64.b64encode(cert))))
         else:
             try:
                 cp = UEPConnection(handler='/candlepin', cert_file=certfile, key_file=keyfile)
@@ -626,8 +617,8 @@ class entitle_import(LDAPUpdate):
 
         try:
             entry_attrs['ipaentitlementid'] = unicode('IMPORTED')
-            newcert = normalize_certificate(keys[-1][0])
-            cert = make_pem(base64.b64encode(newcert))
+            newcert = x509.normalize_certificate(keys[-1][0])
+            cert = x509.make_pem(base64.b64encode(newcert))
             try:
                 pc = EntitlementCertificate(cert)
                 o = pc.getOrder()
@@ -645,7 +636,7 @@ class entitle_import(LDAPUpdate):
             # First import, create the entry
             entry_attrs['ipaentitlementid'] = unicode('IMPORTED')
             entry_attrs['objectclass'] = self.obj.object_class
-            entry_attrs['usercertificate'] = normalize_certificate(keys[-1][0])
+            entry_attrs['usercertificate'] = x509.normalize_certificate(keys[-1][0])
             ldap.add_entry(dn, entry_attrs)
             setattr(context, 'entitle_import', True)
 
@@ -717,7 +708,7 @@ class entitle_sync(LDAPUpdate):
             results = cp.getCertificates(uuid)
             usercertificate = []
             for cert in results:
-                usercertificate.append(normalize_certificate(cert['cert']))
+                usercertificate.append(x509.normalize_certificate(cert['cert']))
             entry_attrs['usercertificate'] = usercertificate
             entry_attrs['ipaentitlementid'] = uuid
         finally:
author	Rob Crittenden <rcritten@redhat.com>	2011-06-08 10:54:41 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2011-06-21 19:09:50 -0400
commit	dd69c7dbe68e8f8674994a54ea913f2dd2e52c32 (patch)
tree	5fdc303354eb26a1d2cd206c81babdc73e8d51b9 /ipalib/plugins/entitle.py
parent	3a36eced53e540fe8f2b23eadf7dffda080324de (diff)
download	freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.tar.gz freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.tar.xz freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.zip