Make data type of certificates more obvious/predictable internally.

For the most part certificates will be treated as being in DER format.
When we load a certificate we will generally accept it in any format but
will convert it to DER before proceeding in normalize_certificate().

This also re-arranges a bit of code to pull some certificate-specific
functions out of ipalib/plugins/service.py into ipalib/x509.py.

This also tries to use variable names to indicate what format the certificate
is in at any given point:

dercert: DER
cert: PEM
nsscert: a python-nss Certificate object
rawcert: unknown format

ticket 32

1 files changed, 18 insertions, 0 deletions

diff --git a/ipalib/util.py b/ipalib/util.py
index 78b954ee2..cc887c348 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -30,6 +30,7 @@ import re
 from types import NoneType
 
 from ipalib import errors
+from ipalib.text import _
 from ipapython import dnsclient
 
 
@@ -185,3 +186,20 @@ def validate_ipaddr(ipaddr):
         except socket.error:
             return False
     return True
+
+def check_writable_file(filename):
+    """
+    Determine if the file is writable. If the file doesn't exist then
+    open the file to test writability.
+    """
+    if filename is None:
+        raise errors.FileError(reason='Filename is empty')
+    try:
+        if os.path.exists(filename):
+            if not os.access(filename, os.W_OK):
+                raise errors.FileError(reason=_('Permission denied: %(file)s') % dict(file=filename))
+        else:
+            fp = open(filename, 'w')
+            fp.close()
+    except (IOError, OSError), e:
+        raise errors.FileError(reason=str(e))