diff options
| author | John Dennis <jdennis@redhat.com> | 2009-12-08 16:57:07 -0500 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-12-09 01:57:08 -0700 |
| commit | ee909d871c56e55584ace7850ee3c6276ad58d06 (patch) | |
| tree | 7df2f0be1a1d8af0b8f99576db8393056c581d50 /ipalib | |
| parent | 62d40286ac67faa6b009e121035f92afa1372cf3 (diff) | |
| download | freeipa-ee909d871c56e55584ace7850ee3c6276ad58d06.tar.gz freeipa-ee909d871c56e55584ace7850ee3c6276ad58d06.tar.xz freeipa-ee909d871c56e55584ace7850ee3c6276ad58d06.zip | |
rebase dogtag clean-up patch
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/cert.py | 36 | ||||
| -rw-r--r-- | ipalib/plugins/service.py | 5 | ||||
| -rw-r--r-- | ipalib/x509.py | 7 |
3 files changed, 27 insertions, 21 deletions
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index ba088dd96..5540e6ecf 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -1,6 +1,7 @@ # Authors: # Andrew Wnuk <awnuk@redhat.com> # Jason Gerard DeRose <jderose@redhat.com> +# John Dennis <jdennis@redhat.com> # # Copyright (C) 2009 Red Hat # see file 'COPYING' for use and warranty information @@ -38,10 +39,12 @@ from ipapython import dnsclient from pyasn1.error import PyAsn1Error import logging import traceback +from ipalib.request import ugettext as _ def get_serial(certificate): """ Given a certificate, return the serial number in that cert + as a Python long object. In theory there should be only one cert per object so even if we get passed in a list/tuple only return the first one. @@ -49,9 +52,9 @@ def get_serial(certificate): if type(certificate) in (list, tuple): certificate = certificate[0] try: - serial = str(x509.get_serial_number(certificate)) + serial = x509.get_serial_number(certificate) except PyAsn1Error: - raise errors.GenericError(format='Unable to decode certificate in entry') + raise errors.CertificateOperationError(error=_('Unable to decode certificate in entry')) return serial @@ -69,7 +72,7 @@ def get_csr_hostname(csr): # The ASN.1 decoding errors tend to be long and involved and the # last bit is generally not interesting. We need the whole traceback. logging.error('Unable to decode CSR\n%s', traceback.format_exc()) - raise errors.GenericError(format='Failure decoding Certificate Signing Request') + raise errors.CertificateOperationError(error=_('Failure decoding Certificate Signing Request')) return None @@ -83,7 +86,7 @@ def get_subjectaltname(csr): # The ASN.1 decoding errors tend to be long and involved and the # last bit is generally not interesting. We need the whole traceback. logging.error('Unable to decode CSR\n%s', traceback.format_exc()) - raise errors.GenericError(format='Failure decoding Certificate Signing Request') + raise errors.CertificateOperationError(error=_('Failure decoding Certificate Signing Request')) return request.get_subjectaltname() def validate_csr(ugettext, csr): @@ -100,9 +103,9 @@ def validate_csr(ugettext, csr): except TypeError, e: raise errors.Base64DecodeError(reason=str(e)) except PyAsn1Error: - raise errors.GenericError(format='Failure decoding Certificate Signing Request') + raise errors.CertificateOperationError(error=_('Failure decoding Certificate Signing Request')) except Exception, e: - raise errors.GenericError(format='Failure decoding Certificate Signing Request: %s' % str(e)) + raise errors.CertificateOperationError(error=_('Failure decoding Certificate Signing Request: %s') % str(e)) class cert_request(VirtualCommand): @@ -170,7 +173,7 @@ class cert_request(VirtualCommand): (dn, service) = api.Command['service_show'](principal, all=True, raw=True) if 'usercertificate' in service: # FIXME, what to do here? Do we revoke the old cert? - raise errors.GenericError(format='entry already has a certificate, serial number %s' % get_serial(base64.b64encode(service['usercertificate'][0]))) + raise errors.CertificateOperationError(error=_('entry already has a certificate, serial number %s') % get_serial(base64.b64encode(service['usercertificate'][0]))) except errors.NotFound, e: if not add: raise errors.NotFound(reason="The service principal for this request doesn't exist.") @@ -213,7 +216,7 @@ class cert_request(VirtualCommand): if isinstance(result, dict) and len(result) > 0: textui.print_entry(result, 0) else: - textui.print_plain('Failed to submit a certificate request.') + textui.print_plain(_('Failed to submit a certificate request.')) api.register(cert_request) @@ -235,7 +238,7 @@ class cert_status(VirtualCommand): if isinstance(result, dict) and len(result) > 0: textui.print_entry(result, 0) else: - textui.print_plain('Failed to retrieve a request status.') + textui.print_plain(_('Failed to retrieve a request status.')) api.register(cert_status) @@ -245,7 +248,8 @@ class cert_get(VirtualCommand): Retrieve an existing certificate. """ - takes_args = ('serial_number') + takes_args = (Str('serial_number', + doc='serial number in decimal or if prefixed with 0x in hexadecimal')) operation="retrieve certificate" def execute(self, serial_number): @@ -256,7 +260,7 @@ class cert_get(VirtualCommand): if isinstance(result, dict) and len(result) > 0: textui.print_entry(result, 0) else: - textui.print_plain('Failed to obtain a certificate.') + textui.print_plain(_('Failed to obtain a certificate.')) api.register(cert_get) @@ -266,7 +270,8 @@ class cert_revoke(VirtualCommand): Revoke a certificate. """ - takes_args = ('serial_number') + takes_args = (Str('serial_number', + doc='serial number in decimal or if prefixed with 0x in hexadecimal')) operation = "revoke certificate" # FIXME: The default is 0. Is this really an Int param? @@ -288,7 +293,7 @@ class cert_revoke(VirtualCommand): if isinstance(result, dict) and len(result) > 0: textui.print_entry(result, 0) else: - textui.print_plain('Failed to revoke a certificate.') + textui.print_plain(_('Failed to revoke a certificate.')) api.register(cert_revoke) @@ -298,7 +303,8 @@ class cert_remove_hold(VirtualCommand): Take a revoked certificate off hold. """ - takes_args = ('serial_number') + takes_args = (Str('serial_number', + doc='serial number in decimal or if prefixed with 0x in hexadecimal')) operation = "certificate remove hold" def execute(self, serial_number, **kw): @@ -309,6 +315,6 @@ class cert_remove_hold(VirtualCommand): if isinstance(result, dict) and len(result) > 0: textui.print_entry(result, 0) else: - textui.print_plain('Failed to take a revoked certificate off hold.') + textui.print_plain(_('Failed to take a revoked certificate off hold.')) api.register(cert_remove_hold) diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 93b9e2b70..5b0119151 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -32,12 +32,13 @@ from pyasn1.error import PyAsn1Error def get_serial(certificate): """ - Given a certificate, return the serial number in that cert. + Given a certificate, return the serial number in that + cert as a Python long object. """ if type(certificate) in (list, tuple): certificate = certificate[0] try: - serial = str(x509.get_serial_number(certificate, type=x509.DER)) + serial = x509.get_serial_number(certificate, type=x509.DER) except PyAsn1Error: raise errors.GenericError( format='Unable to decode certificate in entry' diff --git a/ipalib/x509.py b/ipalib/x509.py index 1db25d06f..b570d0758 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -188,8 +188,9 @@ class Certificate(univ.Sequence): return info.getComponentByName('subject') def get_serial_number(self): + 'return the serial number as a Python long object' info = self.getComponentByName('tbsCertificate') - return info.getComponentByName('serialNumber') + return long(info.getComponentByName('serialNumber')) # end of ASN.1 data structures @@ -230,9 +231,7 @@ def get_subject_components(certificate, type=PEM): def get_serial_number(certificate, type=PEM): """ - Return the serial number of a certificate. - - Returns an integer + Return the serial number of a certificate as a Python long object. """ x509cert = load_certificate(certificate, type) return x509cert.get_serial_number() |