summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2011-08-17 10:19:37 +0200
committerRob Crittenden <rcritten@redhat.com>2011-08-23 01:23:50 -0400
commitc4f04dd858a43ccdeb83216b442e44298af25090 (patch)
treed40cc3e3544bac76debb3340fcc959665ed0e874 /ipalib
parent028a87b0dae5f69099859b0e65fce9c5597d1730 (diff)
downloadfreeipa-c4f04dd858a43ccdeb83216b442e44298af25090.zip
freeipa-c4f04dd858a43ccdeb83216b442e44298af25090.tar.gz
freeipa-c4f04dd858a43ccdeb83216b442e44298af25090.tar.xz
Verify that the external CA certificate files are correct.
ticket 1572
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/x509.py20
1 files changed, 19 insertions, 1 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py
index 23f337e..04e1b94 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -34,6 +34,7 @@
import os
import sys
import base64
+import re
import nss.nss as nss
from nss.error import NSPRError
from ipapython import ipautil
@@ -45,6 +46,8 @@ from ipalib import errors
PEM = 0
DER = 1
+PEM_REGEX = re.compile(r'(?<=-----BEGIN CERTIFICATE-----).*?(?=-----END CERTIFICATE-----)', re.DOTALL)
+
def valid_issuer(issuer, realm):
return issuer in ('CN=%s Certificate Authority' % realm,
'CN=Certificate Authority,O=%s' % realm,)
@@ -89,6 +92,21 @@ def load_certificate(data, datatype=PEM, dbdir=None):
return nss.Certificate(buffer(data))
+def load_certificate_chain_from_file(filename, dbdir=None):
+ """
+ Load a certificate chain from a PEM file.
+
+ Returns a list of nss.Certificate objects.
+ """
+ fd = open(filename, 'r')
+ data = fd.read()
+ fd.close()
+
+ chain = PEM_REGEX.findall(data)
+ chain = [load_certificate(cert, PEM, dbdir) for cert in chain]
+
+ return chain
+
def load_certificate_from_file(filename, dbdir=None):
"""
Load a certificate from a PEM file.
@@ -99,7 +117,7 @@ def load_certificate_from_file(filename, dbdir=None):
data = fd.read()
fd.close()
- return load_certificate(file, PEM, dbdir)
+ return load_certificate(data, PEM, dbdir)
def get_subject(certificate, datatype=PEM, dbdir=None):
"""