Move the HTTP/S request code to a common library

This moves code that does HTTP and HTTPS requests into a common library that can be used by both the installer and the dogtag plugin. These functions are not generic HTTP/S clients, they are designed specifically to talk to dogtag, so use accordingly.
author: Rob Crittenden <rcritten@redhat.com> 2010-02-02 22:52:11 -0500
committer: Jason Gerard DeRose <jderose@redhat.com> 2010-02-09 03:26:01 -0700
commit: 8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea (patch)
tree: bff991e4cff3f896489a72dcf235d3ae089d7a09 /ipaserver/install/certs.py
parent: b7f557e3cf6783a27471fa71cf444bc7425eda57 (diff)
download: freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.tar.gz
freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.tar.xz
freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.zip
1 files changed, 16 insertions, 31 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 080fe0092..e01795db3 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -29,6 +29,7 @@ import fcntl
 import base64
 
 from ipapython import nsslib
+from ipapython import dogtag
 from ipapython import sysrestore
 from ipapython import ipautil
 from ConfigParser import RawConfigParser
@@ -553,31 +554,25 @@ class CertDB(object):
             if s >= 0:
                 csr = csr[s:]
 
-            params = urllib.urlencode({'profileId': 'caRAserverCert',
+            params = {'profileId': 'caRAserverCert',
                     'cert_request_type': 'pkcs10',
                     'requestor_name': 'IPA Installer',
                     'cert_request': csr,
-                    'xmlOutput': 'true'})
-            headers = {"Content-type": "application/x-www-form-urlencoded",
-                       "Accept": "text/plain"}
+                    'xmlOutput': 'true'}
 
             # Send the request to the CA
             f = open(self.passwd_fname, "r")
             password = f.readline()
             f.close()
-            conn = nsslib.NSSConnection(self.host_name, api.env.ca_agent_port, dbdir=self.secdir)
-            conn.sslsock.set_client_auth_data_callback(client_auth_data_callback, "ipaCert", password, nss.get_default_certdb())
-            conn.set_debuglevel(0)
-
-            conn.request("POST", "/ca/agent/ca/profileSubmitSSLClient", params, headers)
-            res = conn.getresponse()
-            data = res.read()
-            conn.close()
-            if res.status != 200:
-                raise RuntimeError("Unable to submit cert request")
+            http_status, http_reason_phrase, http_headers, http_body = \
+                dogtag.https_request(self.host_name, api.env.ca_agent_port, "/ca/agent/ca/profileSubmitSSLClient", self.secdir, password, "ipaCert", **params)
+
+            if http_status != 200:
+                raise CertificateOperationError(error=_('Unable to communicate with CMS (%s)') % \
+                      http_reason_phrase)
 
             # The result is an XML blob. Pull the certificate out of that
-            doc = xml.dom.minidom.parseString(data)
+            doc = xml.dom.minidom.parseString(http_body)
             item_node = doc.getElementsByTagName("b64")
             try:
                 try:
@@ -586,7 +581,6 @@ class CertDB(object):
                     raise RuntimeError("Certificate issuance failed")
             finally:
                 doc.unlink()
-                conn.close()
 
             # base64-decode the result for uniformity
             cert = base64.b64decode(cert)
@@ -647,35 +641,26 @@ class CertDB(object):
             if s >= 0:
                 csr = csr[s:]
 
-            params = urllib.urlencode({'profileId': 'caJarSigningCert',
+            params = {'profileId': 'caJarSigningCert',
                     'cert_request_type': 'pkcs10',
                     'requestor_name': 'IPA Installer',
                     'cert_request': csr,
-                    'xmlOutput': 'true'})
-            headers = {"Content-type": "application/x-www-form-urlencoded",
-                       "Accept": "text/plain"}
+                    'xmlOutput': 'true'}
 
             # Send the request to the CA
             f = open(self.passwd_fname, "r")
             password = f.readline()
             f.close()
-            conn = nsslib.NSSConnection(self.host_name, api.env.ca_agent_port, dbdir=self.secdir)
-            conn.sslsock.set_client_auth_data_callback(client_auth_data_callback, "ipaCert", password, nss.get_default_certdb())
-            conn.set_debuglevel(0)
-
-            conn.request("POST", "/ca/agent/ca/profileSubmitSSLClient", params, headers)
-            res = conn.getresponse()
-            data = res.read()
-            conn.close()
-            if res.status != 200:
+            http_status, http_reason_phrase, http_headers, http_body = \
+                dogtag.https_request(self.host_name, api.env.ca_agent_port, "/ca/agent/ca/profileSubmitSSLClient", self.secdir, password, "ipaCert", **params)
+            if http_status != 200:
                 raise RuntimeError("Unable to submit cert request")
 
             # The result is an XML blob. Pull the certificate out of that
-            doc = xml.dom.minidom.parseString(data)
+            doc = xml.dom.minidom.parseString(http_body)
             item_node = doc.getElementsByTagName("b64")
             cert = item_node[0].childNodes[0].data
             doc.unlink()
-            conn.close()
 
             # base64-decode the cert for uniformity
             cert = base64.b64decode(cert)
author	Rob Crittenden <rcritten@redhat.com>	2010-02-02 22:52:11 -0500
committer	Jason Gerard DeRose <jderose@redhat.com>	2010-02-09 03:26:01 -0700
commit	8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea (patch)
tree	bff991e4cff3f896489a72dcf235d3ae089d7a09 /ipaserver/install/certs.py
parent	b7f557e3cf6783a27471fa71cf444bc7425eda57 (diff)
download	freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.tar.gz freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.tar.xz freeipa-8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea.zip