diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-06-12 13:26:34 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 6870eb909ec5a92dad79da62b4101d3f7f6a2abb (patch) | |
tree | 8eca2d9c374a9b4ef74684db67f173855ba3670a /ipalib | |
parent | fd400588d78c50c79f64e7bc83e1cd367374a9f9 (diff) | |
download | freeipa-6870eb909ec5a92dad79da62b4101d3f7f6a2abb.tar.gz freeipa-6870eb909ec5a92dad79da62b4101d3f7f6a2abb.tar.xz freeipa-6870eb909ec5a92dad79da62b4101d3f7f6a2abb.zip |
Add function for writing list of certificates to a PEM file to ipalib.x509.
Also rename load_certificate_chain_from_file to
load_certificate_list_from_file.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/x509.py | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py index ebb6a81d5..1081c9ff7 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -118,32 +118,34 @@ def load_certificate(data, datatype=PEM, dbdir=None): return nss.Certificate(buffer(data)) -def load_certificate_chain_from_file(filename, dbdir=None): +def load_certificate_from_file(filename, dbdir=None): """ - Load a certificate chain from a PEM file. + Load a certificate from a PEM file. - Returns a list of nss.Certificate objects. + Returns a nss.Certificate type """ fd = open(filename, 'r') data = fd.read() fd.close() - chain = PEM_REGEX.findall(data) - chain = [load_certificate(cert, PEM, dbdir) for cert in chain] + return load_certificate(data, PEM, dbdir) - return chain +def load_certificate_list(data, dbdir=None): + certs = PEM_REGEX.findall(data) + certs = [load_certificate(cert, PEM, dbdir) for cert in certs] + return certs -def load_certificate_from_file(filename, dbdir=None): +def load_certificate_list_from_file(filename, dbdir=None): """ - Load a certificate from a PEM file. + Load a certificate list from a PEM file. - Returns a nss.Certificate type + Returns a list of nss.Certificate objects. """ fd = open(filename, 'r') data = fd.read() fd.close() - return load_certificate(data, PEM, dbdir) + return load_certificate_list(data, dbdir) def get_subject(certificate, datatype=PEM, dbdir=None): """ @@ -310,6 +312,24 @@ def write_certificate(rawcert, filename): except (IOError, OSError), e: raise errors.FileError(reason=str(e)) +def write_certificate_list(rawcerts, filename): + """ + Write a list of certificates to a file in PEM format. + + The cert values can be either DER or PEM-encoded, they will be normalized + to DER regardless, then back out to PEM. + """ + dercerts = [normalize_certificate(rawcert) for rawcert in rawcerts] + + try: + with open(filename, 'w') as f: + for cert in dercerts: + cert = base64.b64encode(cert) + cert = make_pem(cert) + f.write(cert + '\n') + except (IOError, OSError), e: + raise errors.FileError(reason=str(e)) + def verify_cert_subject(ldap, hostname, dercert): """ Verify that the certificate issuer we're adding matches the issuer |