summaryrefslogtreecommitdiffstats
path: root/ipaserver/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r--ipaserver/plugins/selfsign.py19
1 files changed, 14 insertions, 5 deletions
diff --git a/ipaserver/plugins/selfsign.py b/ipaserver/plugins/selfsign.py
index 0ba7a7c44..d4b2efcf7 100644
--- a/ipaserver/plugins/selfsign.py
+++ b/ipaserver/plugins/selfsign.py
@@ -36,12 +36,13 @@ if api.env.ra_plugin != 'selfsign':
raise SkipPluginModule(reason='selfsign is not selected as RA plugin, it is %s' % api.env.ra_plugin)
from ipalib import Backend
from ipalib import errors
+from ipalib import x509
import subprocess
import os
from ipaserver.plugins import rabase
from ipaserver.install import certs
import tempfile
-from OpenSSL import crypto
+from pyasn1 import error
class ra(rabase.rabase):
"""
@@ -56,6 +57,15 @@ class ra(rabase.rabase):
:param request_type: The request type (defaults to ``'pkcs10'``).
"""
(csr_fd, csr_name) = tempfile.mkstemp()
+
+ # certutil wants the CSR to have have a header and footer. Add one
+ # if it isn't there.
+ s = csr.find('-----BEGIN NEW CERTIFICATE REQUEST-----')
+ if s == -1:
+ s = csr.find('-----BEGIN CERTIFICATE REQUEST-----')
+ if s == -1:
+ csr = '-----BEGIN NEW CERTIFICATE REQUEST-----\n' + csr + \
+ '-----END NEW CERTIFICATE REQUEST-----\n'
os.write(csr_fd, csr)
os.close(csr_fd)
(cert_fd, cert_name) = tempfile.mkstemp()
@@ -101,16 +111,15 @@ class ra(rabase.rabase):
try:
# Grab the subject, reverse it, combine it and return it
- x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
- sub = x509.get_subject().get_components()
+ sub = list(x509.get_subject_components(cert))
sub.reverse()
subject = ""
for s in sub:
subject = subject + "%s=%s," % (s[0], s[1])
subject = subject[:-1]
- serial = x509.get_serial_number()
- except crypto.Error, e:
+ serial = x509.get_serial_number(cert)
+ except error.PyAsn1Error, e:
raise errors.GenericError(format='Unable to decode certificate in entry: %s' % str(e))
# To make it look like dogtag return just the base64 data.