diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-08-17 10:19:37 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-08-23 01:23:41 -0400 |
commit | 610faff6f3aad129979777cd7297129ef0a3bbc5 (patch) | |
tree | d8f09d2eea9ad9a0b063caaab67f36a8a3b26836 /ipalib | |
parent | 9b0fa8debfadfbf6da310638ee351788f7dd0322 (diff) | |
download | freeipa-610faff6f3aad129979777cd7297129ef0a3bbc5.tar.gz freeipa-610faff6f3aad129979777cd7297129ef0a3bbc5.tar.xz freeipa-610faff6f3aad129979777cd7297129ef0a3bbc5.zip |
Verify that the external CA certificate files are correct.
ticket 1572
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/x509.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py index 23f337edc..04e1b9479 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -34,6 +34,7 @@ import os import sys import base64 +import re import nss.nss as nss from nss.error import NSPRError from ipapython import ipautil @@ -45,6 +46,8 @@ from ipalib import errors PEM = 0 DER = 1 +PEM_REGEX = re.compile(r'(?<=-----BEGIN CERTIFICATE-----).*?(?=-----END CERTIFICATE-----)', re.DOTALL) + def valid_issuer(issuer, realm): return issuer in ('CN=%s Certificate Authority' % realm, 'CN=Certificate Authority,O=%s' % realm,) @@ -89,6 +92,21 @@ def load_certificate(data, datatype=PEM, dbdir=None): return nss.Certificate(buffer(data)) +def load_certificate_chain_from_file(filename, dbdir=None): + """ + Load a certificate chain from a PEM file. + + Returns a list of nss.Certificate objects. + """ + fd = open(filename, 'r') + data = fd.read() + fd.close() + + chain = PEM_REGEX.findall(data) + chain = [load_certificate(cert, PEM, dbdir) for cert in chain] + + return chain + def load_certificate_from_file(filename, dbdir=None): """ Load a certificate from a PEM file. @@ -99,7 +117,7 @@ def load_certificate_from_file(filename, dbdir=None): data = fd.read() fd.close() - return load_certificate(file, PEM, dbdir) + return load_certificate(data, PEM, dbdir) def get_subject(certificate, datatype=PEM, dbdir=None): """ |