From ee96533aab8481c1b18ccf895c8a8f8c604e8841 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 12 Mar 2014 11:41:02 +0100
Subject: Add function for checking if certificate is self-signed to
 ipalib.x509.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 ipalib/x509.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ipalib/x509.py')

diff --git a/ipalib/x509.py b/ipalib/x509.py
index 790f425cb..2d38261f6 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -165,6 +165,12 @@ def get_serial_number(certificate, datatype=PEM, dbdir=None):
     del(nsscert)
     return serial_number
 
+def is_self_signed(certificate, datatype=PEM, dbdir=None):
+    nsscert = load_certificate(certificate, datatype, dbdir)
+    self_signed = (nsscert.issuer == nsscert.subject)
+    del nsscert
+    return self_signed
+
 def make_pem(data):
     """
     Convert a raw base64-encoded blob into something that looks like a PE
-- 
cgit