Make data type of certificates more obvious/predictable internally.

For the most part certificates will be treated as being in DER format.
When we load a certificate we will generally accept it in any format but
will convert it to DER before proceeding in normalize_certificate().

This also re-arranges a bit of code to pull some certificate-specific
functions out of ipalib/plugins/service.py into ipalib/x509.py.

This also tries to use variable names to indicate what format the certificate
is in at any given point:

dercert: DER
cert: PEM
nsscert: a python-nss Certificate object
rawcert: unknown format

ticket 32

1 files changed, 2 insertions, 2 deletions

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 845e1e253..574a5afd8 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -379,7 +379,7 @@ class DsInstance(service.Service):
             logging.debug("completed creating ds instance")
         except ipautil.CalledProcessError, e:
             logging.critical("failed to restart ds instance %s" % e)
-        
+
         # check for open port 389 from now on
         self.open_ports.append(389)
 
@@ -517,7 +517,7 @@ class DsInstance(service.Service):
 
             # We only handle one server cert
             nickname = server_certs[0][0]
-            self.dercert = dsdb.get_cert_from_db(nickname)
+            self.dercert = dsdb.get_cert_from_db(nickname, pem=False)
             dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname)
         else:
             nickname = "Server-Cert"