summaryrefslogtreecommitdiffstats
path: root/ipaserver/plugins/selfsign.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/plugins/selfsign.py')
-rw-r--r--ipaserver/plugins/selfsign.py11
1 files changed, 5 insertions, 6 deletions
diff --git a/ipaserver/plugins/selfsign.py b/ipaserver/plugins/selfsign.py
index bbf8fa78a..09ed04f49 100644
--- a/ipaserver/plugins/selfsign.py
+++ b/ipaserver/plugins/selfsign.py
@@ -39,6 +39,7 @@ from ipalib import Backend
from ipalib import errors
from ipalib import x509
from ipalib import pkcs10
+from ipapython.dn import DN, EditableDN, RDN
from ipapython.certdb import get_ca_nickname
import subprocess
import os
@@ -86,16 +87,14 @@ class ra(rabase.rabase):
"""
try:
config = api.Command['config_show']()['result']
- subject_base = config.get('ipacertificatesubjectbase')[0]
+ subject_base = EditableDN(config.get('ipacertificatesubjectbase')[0])
hostname = get_csr_hostname(csr)
- base = re.split(',\s*(?=\w+=)', subject_base)
- base.insert(0,'CN=%s' % hostname)
- subject_base = ",".join(base)
+ subject_base.insert(0, RDN(('CN', hostname)))
request = pkcs10.load_certificate_request(csr)
# python-nss normalizes the request subject
- request_subject = str(pkcs10.get_subject(request))
+ request_subject = DN(pkcs10.get_subject(request))
- if str(subject_base).lower() != request_subject.lower():
+ if subject_base != request_subject:
raise errors.CertificateOperationError(error=_('Request subject "%(request_subject)s" does not match the form "%(subject_base)s"') % \
{'request_subject' : request_subject, 'subject_base' : subject_base})
except errors.CertificateOperationError, e:
generated by cgit (git 2.34.1) at 2024-06-11 20:31:29 +0000