From 3ea044fb59bf6ada2c0e9b507c1d6c4dfd8aaa23 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 3 May 2010 17:38:39 -0400 Subject: Handle CSRs whether they have NEW in the header or not Also consolidate some duplicate code --- ipalib/pkcs10.py | 4 +++- ipapython/certdb.py | 9 ++------- ipaserver/install/cainstance.py | 5 ++--- ipaserver/install/certs.py | 15 +++------------ 4 files changed, 10 insertions(+), 23 deletions(-) diff --git a/ipalib/pkcs10.py b/ipalib/pkcs10.py index f3f82c40d..9119d12e2 100644 --- a/ipalib/pkcs10.py +++ b/ipalib/pkcs10.py @@ -372,12 +372,14 @@ def strip_header(csr): """ Remove the header and footer from a CSR. """ + headerlen = 40 s = csr.find("-----BEGIN NEW CERTIFICATE REQUEST-----") if s == -1: + headerlen = 36 s = csr.find("-----BEGIN CERTIFICATE REQUEST-----") if s >= 0: e = csr.find("-----END") - csr = csr[s+40:e] + csr = csr[s+headerlen:e] return csr diff --git a/ipapython/certdb.py b/ipapython/certdb.py index 891b6c061..fb99e25ac 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -19,6 +19,7 @@ from ipapython import ipautil from ipapython import nsslib +from ipalib import pkcs10 import tempfile import sha import shutil @@ -99,13 +100,7 @@ class CertDB(object): f.close() csr = "".join(csr) - # We just want the CSR bits, make sure there is nothing else - s = csr.find("-----BEGIN NEW CERTIFICATE REQUEST-----") - e = csr.find("-----END NEW CERTIFICATE REQUEST-----") - if e > 0: - e = e + 37 - if s >= 0: - csr = csr[s:] + csr = pkcs10.strip_header(csr) return csr diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 9e55333db..375676ae7 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -36,6 +36,7 @@ import urllib import xml.dom.minidom import stat from ipapython import dogtag +from ipalib import pkcs10 import subprocess from nss.error import NSPRError @@ -911,9 +912,7 @@ class CAInstance(service.Service): finally: os.remove(noise_name) - csr = stdout.find("-----BEGIN NEW CERTIFICATE REQUEST-----") - if csr >= 0: - csr = stdout[csr:] + csr = pkcs10.strip_header(stdout) # Send the request to the CA conn = httplib.HTTPConnection(self.host_name, 9180) diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 05c9213bb..6fb012919 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -32,6 +32,7 @@ from ipapython import nsslib from ipapython import dogtag from ipapython import sysrestore from ipapython import ipautil +from ipalib import pkcs10 from ConfigParser import RawConfigParser from nss.error import NSPRError @@ -552,12 +553,7 @@ class CertDB(object): csr = "".join(csr) # We just want the CSR bits, make sure there is nothing else - s = csr.find("-----BEGIN NEW CERTIFICATE REQUEST-----") - e = csr.find("-----END NEW CERTIFICATE REQUEST-----") - if e > 0: - e = e + 37 - if s >= 0: - csr = csr[s:] + csr = pkcs10.strip_header(csr) params = {'profileId': 'caRAserverCert', 'cert_request_type': 'pkcs10', @@ -639,12 +635,7 @@ class CertDB(object): csr = "".join(csr) # We just want the CSR bits, make sure there is no thing else - s = csr.find("-----BEGIN NEW CERTIFICATE REQUEST-----") - e = csr.find("-----END NEW CERTIFICATE REQUEST-----") - if e > 0: - e = e + 37 - if s >= 0: - csr = csr[s:] + csr = pkcs10.strip_header(csr) params = {'profileId': 'caJarSigningCert', 'cert_request_type': 'pkcs10', -- cgit