diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-07-11 17:39:30 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-07-17 22:14:24 -0400 |
| commit | 2f650b60a4ce9c9b19a64b21ebe3051668efb4af (patch) | |
| tree | d6280d7277eae4ab726a4c1a201130f9ea4f3a4d /ipalib/x509.py | |
| parent | 038089a0c9160221d17796b8d6fd6e4f1fb67850 (diff) | |
| download | freeipa-2f650b60a4ce9c9b19a64b21ebe3051668efb4af.tar.gz freeipa-2f650b60a4ce9c9b19a64b21ebe3051668efb4af.tar.xz freeipa-2f650b60a4ce9c9b19a64b21ebe3051668efb4af.zip | |
Use information from the certificate subject when setting the NSS nickname.
There were a few places in the code where certs were loaded from a
PKCS#7 file or a chain in a PEM file. The certificates got very
generic nicknames.
We can instead pull the subject from the certificate and use that as
the nickname.
https://fedorahosted.org/freeipa/ticket/1141
Diffstat (limited to 'ipalib/x509.py')
| -rw-r--r-- | ipalib/x509.py | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py index 77d6aabf4..e757e1d1f 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -71,27 +71,45 @@ def load_certificate(data, datatype=PEM, dbdir=None): data = base64.b64decode(data) if dbdir is None: - if api.env.in_tree: - dbdir = api.env.dot_ipa + os.sep + 'alias' + if 'in_tree' in api.env: + if api.env.in_tree: + dbdir = api.env.dot_ipa + os.sep + 'alias' + else: + dbdir = "/etc/httpd/alias" + nss.nss_init(dbdir) else: - dbdir = "/etc/httpd/alias" + nss.nss_init_nodb() + else: + nss.nss_init(dbdir) + - nss.nss_init(dbdir) return nss.Certificate(buffer(data)) -def get_subject(certificate, datatype=PEM): +def load_certificate_from_file(filename, dbdir=None): + """ + Load a certificate from a PEM file. + + Returns a nss.Certificate type + """ + fd = open(filename, 'r') + data = fd.read() + fd.close() + + return load_certificate(file, PEM, dbdir) + +def get_subject(certificate, datatype=PEM, dbdir=None): """ Load an X509.3 certificate and get the subject. """ - nsscert = load_certificate(certificate, datatype) + nsscert = load_certificate(certificate, datatype, dbdir) return nsscert.subject -def get_serial_number(certificate, datatype=PEM): +def get_serial_number(certificate, datatype=PEM, dbdir=None): """ Return the decimal value of the serial number. """ - nsscert = load_certificate(certificate, datatype) + nsscert = load_certificate(certificate, datatype, dbdir) return nsscert.serial_number def make_pem(data): |