diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-06-08 10:54:41 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-06-21 19:09:50 -0400 |
commit | dd69c7dbe68e8f8674994a54ea913f2dd2e52c32 (patch) | |
tree | 5fdc303354eb26a1d2cd206c81babdc73e8d51b9 /ipaserver/install/certs.py | |
parent | 3a36eced53e540fe8f2b23eadf7dffda080324de (diff) | |
download | freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.tar.gz freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.tar.xz freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.zip |
Make data type of certificates more obvious/predictable internally.
For the most part certificates will be treated as being in DER format.
When we load a certificate we will generally accept it in any format but
will convert it to DER before proceeding in normalize_certificate().
This also re-arranges a bit of code to pull some certificate-specific
functions out of ipalib/plugins/service.py into ipalib/x509.py.
This also tries to use variable names to indicate what format the certificate
is in at any given point:
dercert: DER
cert: PEM
nsscert: a python-nss Certificate object
rawcert: unknown format
ticket 32
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index da89370af..07dda2cc0 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -432,11 +432,22 @@ class CertDB(object): except RuntimeError: break - def get_cert_from_db(self, nickname): + def get_cert_from_db(self, nickname, pem=True): + """ + Retrieve a certificate from the current NSS database for nickname. + + pem controls whether the value returned PEM or DER-encoded. The + default is the data straight from certutil -a. + """ try: args = ["-L", "-n", nickname, "-a"] (cert, err, returncode) = self.run_certutil(args) - return cert + if pem: + return cert + else: + (cert, start) = find_cert_from_txt(cert, start=0) + dercert = base64.b64decode(cert) + return dercert except ipautil.CalledProcessError: return '' @@ -501,6 +512,8 @@ class CertDB(object): that will issue our cert. You can override the certificate Subject by specifying a subject. + + Returns a certificate in DER format. """ cdb = other_certdb if not cdb: |