diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2011-08-17 10:19:37 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-08-23 01:23:50 -0400 |
| commit | c4f04dd858a43ccdeb83216b442e44298af25090 (patch) | |
| tree | d40cc3e3544bac76debb3340fcc959665ed0e874 /ipalib | |
| parent | 028a87b0dae5f69099859b0e65fce9c5597d1730 (diff) | |
| download | freeipa-c4f04dd858a43ccdeb83216b442e44298af25090.tar.gz freeipa-c4f04dd858a43ccdeb83216b442e44298af25090.tar.xz freeipa-c4f04dd858a43ccdeb83216b442e44298af25090.zip | |
Verify that the external CA certificate files are correct.
ticket 1572
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/x509.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py index 23f337edc..04e1b9479 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -34,6 +34,7 @@ import os import sys import base64 +import re import nss.nss as nss from nss.error import NSPRError from ipapython import ipautil @@ -45,6 +46,8 @@ from ipalib import errors PEM = 0 DER = 1 +PEM_REGEX = re.compile(r'(?<=-----BEGIN CERTIFICATE-----).*?(?=-----END CERTIFICATE-----)', re.DOTALL) + def valid_issuer(issuer, realm): return issuer in ('CN=%s Certificate Authority' % realm, 'CN=Certificate Authority,O=%s' % realm,) @@ -89,6 +92,21 @@ def load_certificate(data, datatype=PEM, dbdir=None): return nss.Certificate(buffer(data)) +def load_certificate_chain_from_file(filename, dbdir=None): + """ + Load a certificate chain from a PEM file. + + Returns a list of nss.Certificate objects. + """ + fd = open(filename, 'r') + data = fd.read() + fd.close() + + chain = PEM_REGEX.findall(data) + chain = [load_certificate(cert, PEM, dbdir) for cert in chain] + + return chain + def load_certificate_from_file(filename, dbdir=None): """ Load a certificate from a PEM file. @@ -99,7 +117,7 @@ def load_certificate_from_file(filename, dbdir=None): data = fd.read() fd.close() - return load_certificate(file, PEM, dbdir) + return load_certificate(data, PEM, dbdir) def get_subject(certificate, datatype=PEM, dbdir=None): """ |