diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-02-02 22:52:11 -0500 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2010-02-09 03:26:01 -0700 |
commit | 8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea (patch) | |
tree | bff991e4cff3f896489a72dcf235d3ae089d7a09 /ipaserver/install/certs.py | |
parent | b7f557e3cf6783a27471fa71cf444bc7425eda57 (diff) | |
download | freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.tar.gz freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.tar.xz freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.zip |
Move the HTTP/S request code to a common library
This moves code that does HTTP and HTTPS requests into a common library
that can be used by both the installer and the dogtag plugin.
These functions are not generic HTTP/S clients, they are designed
specifically to talk to dogtag, so use accordingly.
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 47 |
1 files changed, 16 insertions, 31 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 080fe0092..e01795db3 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -29,6 +29,7 @@ import fcntl import base64 from ipapython import nsslib +from ipapython import dogtag from ipapython import sysrestore from ipapython import ipautil from ConfigParser import RawConfigParser @@ -553,31 +554,25 @@ class CertDB(object): if s >= 0: csr = csr[s:] - params = urllib.urlencode({'profileId': 'caRAserverCert', + params = {'profileId': 'caRAserverCert', 'cert_request_type': 'pkcs10', 'requestor_name': 'IPA Installer', 'cert_request': csr, - 'xmlOutput': 'true'}) - headers = {"Content-type": "application/x-www-form-urlencoded", - "Accept": "text/plain"} + 'xmlOutput': 'true'} # Send the request to the CA f = open(self.passwd_fname, "r") password = f.readline() f.close() - conn = nsslib.NSSConnection(self.host_name, api.env.ca_agent_port, dbdir=self.secdir) - conn.sslsock.set_client_auth_data_callback(client_auth_data_callback, "ipaCert", password, nss.get_default_certdb()) - conn.set_debuglevel(0) - - conn.request("POST", "/ca/agent/ca/profileSubmitSSLClient", params, headers) - res = conn.getresponse() - data = res.read() - conn.close() - if res.status != 200: - raise RuntimeError("Unable to submit cert request") + http_status, http_reason_phrase, http_headers, http_body = \ + dogtag.https_request(self.host_name, api.env.ca_agent_port, "/ca/agent/ca/profileSubmitSSLClient", self.secdir, password, "ipaCert", **params) + + if http_status != 200: + raise CertificateOperationError(error=_('Unable to communicate with CMS (%s)') % \ + http_reason_phrase) # The result is an XML blob. Pull the certificate out of that - doc = xml.dom.minidom.parseString(data) + doc = xml.dom.minidom.parseString(http_body) item_node = doc.getElementsByTagName("b64") try: try: @@ -586,7 +581,6 @@ class CertDB(object): raise RuntimeError("Certificate issuance failed") finally: doc.unlink() - conn.close() # base64-decode the result for uniformity cert = base64.b64decode(cert) @@ -647,35 +641,26 @@ class CertDB(object): if s >= 0: csr = csr[s:] - params = urllib.urlencode({'profileId': 'caJarSigningCert', + params = {'profileId': 'caJarSigningCert', 'cert_request_type': 'pkcs10', 'requestor_name': 'IPA Installer', 'cert_request': csr, - 'xmlOutput': 'true'}) - headers = {"Content-type": "application/x-www-form-urlencoded", - "Accept": "text/plain"} + 'xmlOutput': 'true'} # Send the request to the CA f = open(self.passwd_fname, "r") password = f.readline() f.close() - conn = nsslib.NSSConnection(self.host_name, api.env.ca_agent_port, dbdir=self.secdir) - conn.sslsock.set_client_auth_data_callback(client_auth_data_callback, "ipaCert", password, nss.get_default_certdb()) - conn.set_debuglevel(0) - - conn.request("POST", "/ca/agent/ca/profileSubmitSSLClient", params, headers) - res = conn.getresponse() - data = res.read() - conn.close() - if res.status != 200: + http_status, http_reason_phrase, http_headers, http_body = \ + dogtag.https_request(self.host_name, api.env.ca_agent_port, "/ca/agent/ca/profileSubmitSSLClient", self.secdir, password, "ipaCert", **params) + if http_status != 200: raise RuntimeError("Unable to submit cert request") # The result is an XML blob. Pull the certificate out of that - doc = xml.dom.minidom.parseString(data) + doc = xml.dom.minidom.parseString(http_body) item_node = doc.getElementsByTagName("b64") cert = item_node[0].childNodes[0].data doc.unlink() - conn.close() # base64-decode the cert for uniformity cert = base64.b64decode(cert) |