diff options
-rw-r--r-- | ipalib/pkcs10.py | 45 | ||||
-rw-r--r-- | ipalib/plugins/cert.py | 8 | ||||
-rw-r--r-- | ipatests/test_pkcs10/test_pkcs10.py | 7 |
3 files changed, 31 insertions, 29 deletions
diff --git a/ipalib/pkcs10.py b/ipalib/pkcs10.py index 29f9b3520..12db78377 100644 --- a/ipalib/pkcs10.py +++ b/ipalib/pkcs10.py @@ -27,24 +27,32 @@ from ipalib import api PEM = 0 DER = 1 -def get_subjectaltname(request): +def get_subject(csr, datatype=PEM): """ - Given a CSR return the subjectaltname value, if any. + Given a CSR return the subject value. - The return value is a tuple of strings or None + This returns an nss.DN object. """ - for extension in request.extensions: - if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME: - return nss.x509_alt_name(extension.value) - return None + request = load_certificate_request(csr, datatype) + try: + return request.subject + finally: + del request -def get_subject(request): +def get_subjectaltname(csr, datatype=PEM): """ - Given a CSR return the subject value. + Given a CSR return the subjectaltname value, if any. - This returns an nss.DN object. + The return value is a tuple of strings or None """ - return request.subject + request = load_certificate_request(csr, datatype) + try: + for extension in request.extensions: + if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME: + return nss.x509_alt_name(extension.value) + finally: + del request + return None def strip_header(csr): """ @@ -61,21 +69,21 @@ def strip_header(csr): return csr -def load_certificate_request(csr): +def load_certificate_request(csr, datatype=PEM): """ Given a base64-encoded certificate request, with or without the header/footer, return a request object. """ - csr = strip_header(csr) - - substrate = base64.b64decode(csr) + if datatype == PEM: + csr = strip_header(csr) + csr = base64.b64decode(csr) # A fail-safe so we can always read a CSR. python-nss/NSS will segfault # otherwise if not nss.nss_is_initialized(): nss.nss_init_nodb() - return nss.CertificateRequest(substrate) + return nss.CertificateRequest(csr) if __name__ == '__main__': nss.nss_init_nodb() @@ -85,9 +93,6 @@ if __name__ == '__main__': csrlines = sys.stdin.readlines() csr = ''.join(csrlines) - csr = load_certificate_request(csr) - - print csr - + print load_certificate_request(csr) print get_subject(csr) print get_subjectaltname(csr) diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index 5fa9206d5..90d450504 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -138,9 +138,8 @@ def get_csr_hostname(csr): Return the value of CN in the subject of the request or None """ try: - request = pkcs10.load_certificate_request(csr) - subject = pkcs10.get_subject(request) - return subject.common_name + subject = pkcs10.get_subject(csr) + return subject.common_name #pylint: disable=E1101 except NSPRError, nsprerr: raise errors.CertificateOperationError( error=_('Failure decoding Certificate Signing Request: %s') % nsprerr) @@ -368,8 +367,7 @@ class cert_request(VirtualCommand): "to the 'userCertificate' attribute of entry '%s'.") % dn) # Validate the subject alt name, if any - request = pkcs10.load_certificate_request(csr) - subjectaltname = pkcs10.get_subjectaltname(request) + subjectaltname = pkcs10.get_subjectaltname(csr) if subjectaltname is not None: for name in subjectaltname: name = unicode(name) diff --git a/ipatests/test_pkcs10/test_pkcs10.py b/ipatests/test_pkcs10/test_pkcs10.py index 6b3534b33..c56c8d474 100644 --- a/ipatests/test_pkcs10/test_pkcs10.py +++ b/ipatests/test_pkcs10/test_pkcs10.py @@ -54,9 +54,8 @@ class test_update(object): Test simple CSR with no attributes """ csr = self.read_file("test0.csr") - request = pkcs10.load_certificate_request(csr) - subject = pkcs10.get_subject(request) + subject = pkcs10.get_subject(csr) assert(subject.common_name == 'test.example.com') assert(subject.state_name == 'California') @@ -69,7 +68,7 @@ class test_update(object): csr = self.read_file("test1.csr") request = pkcs10.load_certificate_request(csr) - subject = pkcs10.get_subject(request) + subject = request.subject assert(subject.common_name == 'test.example.com') assert(subject.state_name == 'California') @@ -86,7 +85,7 @@ class test_update(object): csr = self.read_file("test2.csr") request = pkcs10.load_certificate_request(csr) - subject = pkcs10.get_subject(request) + subject = request.subject assert(subject.common_name == 'test.example.com') assert(subject.state_name == 'California') |