diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-02-01 14:00:28 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-02-02 14:02:46 -0500 |
| commit | dc55240fe8ce2f27aaca05a5287089080c902c85 (patch) | |
| tree | 684f7a6d20927fc519dea6652536922d1f08bed2 /ipaserver | |
| parent | 8ca97cdf3541adefe11ca0fc4ac49f01e8fb6984 (diff) | |
| download | freeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.tar.gz freeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.tar.xz freeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.zip | |
Be more careful when base64-decoding certificates
Only decode certs that have a BEGIN/END block, otherwise assume it
is in DER format.
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/certs.py | 13 | ||||
| -rw-r--r-- | ipaserver/install/service.py | 2 | ||||
| -rw-r--r-- | ipaserver/plugins/selfsign.py | 1 |
3 files changed, 6 insertions, 10 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 4fb794c82..080fe0092 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -476,11 +476,6 @@ class CertDB(object): os.unlink(self.certreq_fname) os.unlink(self.certder_fname) - # On the off-chance the certificate is base64-encoded - try: - dercert = base64.b64decode(dercert) - except: - pass return dercert def create_signing_cert(self, nickname, hostname, other_certdb=None, subject=None): @@ -593,11 +588,11 @@ class CertDB(object): doc.unlink() conn.close() - # base64-decode the result + # base64-decode the result for uniformity cert = base64.b64decode(cert) # Write the certificate to a file. It will be imported in a later - # step. + # step. This file will be read later to be imported. f = open(cert_fname, "w") f.write(cert) f.close() @@ -682,9 +677,11 @@ class CertDB(object): doc.unlink() conn.close() - # base64-decode the cert + # base64-decode the cert for uniformity cert = base64.b64decode(cert) + # Write the certificate to a file. It will be imported in a later + # step. This file will be read later to be imported. f = open(cert_fname, "w") f.write(cert) f.close() diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 5aee093ec..d9db9ba45 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -169,7 +169,7 @@ class Service: e = self.dercert.find('-----END CERTIFICATE-----') s = s + 27 self.dercert = self.dercert[s:e] - self.dercert = base64.b64decode(self.dercert) + self.dercert = base64.b64decode(self.dercert) except Exception: pass dn = "krbprincipalname=%s,cn=services,cn=accounts,%s" % (self.principal, self.suffix) diff --git a/ipaserver/plugins/selfsign.py b/ipaserver/plugins/selfsign.py index af832a610..aaa869105 100644 --- a/ipaserver/plugins/selfsign.py +++ b/ipaserver/plugins/selfsign.py @@ -48,7 +48,6 @@ import tempfile from pyasn1 import error from ipalib.request import ugettext as _ from pyasn1.codec.der import encoder -import base64 from ipalib.plugins.cert import get_csr_hostname class ra(rabase.rabase): |