summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorJohn Dennis <jdennis@redhat.com>2009-12-08 16:57:07 -0500
committerJason Gerard DeRose <jderose@redhat.com>2009-12-09 01:57:08 -0700
commitee909d871c56e55584ace7850ee3c6276ad58d06 (patch)
tree7df2f0be1a1d8af0b8f99576db8393056c581d50 /ipalib
parent62d40286ac67faa6b009e121035f92afa1372cf3 (diff)
downloadfreeipa-ee909d871c56e55584ace7850ee3c6276ad58d06.tar.gz
freeipa-ee909d871c56e55584ace7850ee3c6276ad58d06.tar.xz
freeipa-ee909d871c56e55584ace7850ee3c6276ad58d06.zip
rebase dogtag clean-up patch
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/plugins/cert.py36
-rw-r--r--ipalib/plugins/service.py5
-rw-r--r--ipalib/x509.py7
3 files changed, 27 insertions, 21 deletions
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index ba088dd96..5540e6ecf 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -1,6 +1,7 @@
# Authors:
# Andrew Wnuk <awnuk@redhat.com>
# Jason Gerard DeRose <jderose@redhat.com>
+# John Dennis <jdennis@redhat.com>
#
# Copyright (C) 2009 Red Hat
# see file 'COPYING' for use and warranty information
@@ -38,10 +39,12 @@ from ipapython import dnsclient
from pyasn1.error import PyAsn1Error
import logging
import traceback
+from ipalib.request import ugettext as _
def get_serial(certificate):
"""
Given a certificate, return the serial number in that cert
+ as a Python long object.
In theory there should be only one cert per object so even if we get
passed in a list/tuple only return the first one.
@@ -49,9 +52,9 @@ def get_serial(certificate):
if type(certificate) in (list, tuple):
certificate = certificate[0]
try:
- serial = str(x509.get_serial_number(certificate))
+ serial = x509.get_serial_number(certificate)
except PyAsn1Error:
- raise errors.GenericError(format='Unable to decode certificate in entry')
+ raise errors.CertificateOperationError(error=_('Unable to decode certificate in entry'))
return serial
@@ -69,7 +72,7 @@ def get_csr_hostname(csr):
# The ASN.1 decoding errors tend to be long and involved and the
# last bit is generally not interesting. We need the whole traceback.
logging.error('Unable to decode CSR\n%s', traceback.format_exc())
- raise errors.GenericError(format='Failure decoding Certificate Signing Request')
+ raise errors.CertificateOperationError(error=_('Failure decoding Certificate Signing Request'))
return None
@@ -83,7 +86,7 @@ def get_subjectaltname(csr):
# The ASN.1 decoding errors tend to be long and involved and the
# last bit is generally not interesting. We need the whole traceback.
logging.error('Unable to decode CSR\n%s', traceback.format_exc())
- raise errors.GenericError(format='Failure decoding Certificate Signing Request')
+ raise errors.CertificateOperationError(error=_('Failure decoding Certificate Signing Request'))
return request.get_subjectaltname()
def validate_csr(ugettext, csr):
@@ -100,9 +103,9 @@ def validate_csr(ugettext, csr):
except TypeError, e:
raise errors.Base64DecodeError(reason=str(e))
except PyAsn1Error:
- raise errors.GenericError(format='Failure decoding Certificate Signing Request')
+ raise errors.CertificateOperationError(error=_('Failure decoding Certificate Signing Request'))
except Exception, e:
- raise errors.GenericError(format='Failure decoding Certificate Signing Request: %s' % str(e))
+ raise errors.CertificateOperationError(error=_('Failure decoding Certificate Signing Request: %s') % str(e))
class cert_request(VirtualCommand):
@@ -170,7 +173,7 @@ class cert_request(VirtualCommand):
(dn, service) = api.Command['service_show'](principal, all=True, raw=True)
if 'usercertificate' in service:
# FIXME, what to do here? Do we revoke the old cert?
- raise errors.GenericError(format='entry already has a certificate, serial number %s' % get_serial(base64.b64encode(service['usercertificate'][0])))
+ raise errors.CertificateOperationError(error=_('entry already has a certificate, serial number %s') % get_serial(base64.b64encode(service['usercertificate'][0])))
except errors.NotFound, e:
if not add:
raise errors.NotFound(reason="The service principal for this request doesn't exist.")
@@ -213,7 +216,7 @@ class cert_request(VirtualCommand):
if isinstance(result, dict) and len(result) > 0:
textui.print_entry(result, 0)
else:
- textui.print_plain('Failed to submit a certificate request.')
+ textui.print_plain(_('Failed to submit a certificate request.'))
api.register(cert_request)
@@ -235,7 +238,7 @@ class cert_status(VirtualCommand):
if isinstance(result, dict) and len(result) > 0:
textui.print_entry(result, 0)
else:
- textui.print_plain('Failed to retrieve a request status.')
+ textui.print_plain(_('Failed to retrieve a request status.'))
api.register(cert_status)
@@ -245,7 +248,8 @@ class cert_get(VirtualCommand):
Retrieve an existing certificate.
"""
- takes_args = ('serial_number')
+ takes_args = (Str('serial_number',
+ doc='serial number in decimal or if prefixed with 0x in hexadecimal'))
operation="retrieve certificate"
def execute(self, serial_number):
@@ -256,7 +260,7 @@ class cert_get(VirtualCommand):
if isinstance(result, dict) and len(result) > 0:
textui.print_entry(result, 0)
else:
- textui.print_plain('Failed to obtain a certificate.')
+ textui.print_plain(_('Failed to obtain a certificate.'))
api.register(cert_get)
@@ -266,7 +270,8 @@ class cert_revoke(VirtualCommand):
Revoke a certificate.
"""
- takes_args = ('serial_number')
+ takes_args = (Str('serial_number',
+ doc='serial number in decimal or if prefixed with 0x in hexadecimal'))
operation = "revoke certificate"
# FIXME: The default is 0. Is this really an Int param?
@@ -288,7 +293,7 @@ class cert_revoke(VirtualCommand):
if isinstance(result, dict) and len(result) > 0:
textui.print_entry(result, 0)
else:
- textui.print_plain('Failed to revoke a certificate.')
+ textui.print_plain(_('Failed to revoke a certificate.'))
api.register(cert_revoke)
@@ -298,7 +303,8 @@ class cert_remove_hold(VirtualCommand):
Take a revoked certificate off hold.
"""
- takes_args = ('serial_number')
+ takes_args = (Str('serial_number',
+ doc='serial number in decimal or if prefixed with 0x in hexadecimal'))
operation = "certificate remove hold"
def execute(self, serial_number, **kw):
@@ -309,6 +315,6 @@ class cert_remove_hold(VirtualCommand):
if isinstance(result, dict) and len(result) > 0:
textui.print_entry(result, 0)
else:
- textui.print_plain('Failed to take a revoked certificate off hold.')
+ textui.print_plain(_('Failed to take a revoked certificate off hold.'))
api.register(cert_remove_hold)
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 93b9e2b70..5b0119151 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -32,12 +32,13 @@ from pyasn1.error import PyAsn1Error
def get_serial(certificate):
"""
- Given a certificate, return the serial number in that cert.
+ Given a certificate, return the serial number in that
+ cert as a Python long object.
"""
if type(certificate) in (list, tuple):
certificate = certificate[0]
try:
- serial = str(x509.get_serial_number(certificate, type=x509.DER))
+ serial = x509.get_serial_number(certificate, type=x509.DER)
except PyAsn1Error:
raise errors.GenericError(
format='Unable to decode certificate in entry'
diff --git a/ipalib/x509.py b/ipalib/x509.py
index 1db25d06f..b570d0758 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -188,8 +188,9 @@ class Certificate(univ.Sequence):
return info.getComponentByName('subject')
def get_serial_number(self):
+ 'return the serial number as a Python long object'
info = self.getComponentByName('tbsCertificate')
- return info.getComponentByName('serialNumber')
+ return long(info.getComponentByName('serialNumber'))
# end of ASN.1 data structures
@@ -230,9 +231,7 @@ def get_subject_components(certificate, type=PEM):
def get_serial_number(certificate, type=PEM):
"""
- Return the serial number of a certificate.
-
- Returns an integer
+ Return the serial number of a certificate as a Python long object.
"""
x509cert = load_certificate(certificate, type)
return x509cert.get_serial_number()