diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-05-11 19:33:51 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-05-25 00:21:54 +0200 |
commit | 4950f167d628b04c3859baf512328bff8538bd2d (patch) | |
tree | 6cdb0cd9947c48a19b5752ffc82d2c599bf11f97 /base/common/python | |
parent | 4bf6c1abb6159c795493991c31f7f3ef24d7c5a6 (diff) | |
download | pki-4950f167d628b04c3859baf512328bff8538bd2d.tar.gz pki-4950f167d628b04c3859baf512328bff8538bd2d.tar.xz pki-4950f167d628b04c3859baf512328bff8538bd2d.zip |
Fixed support for generic CSR extensions.
The deployment tool has been modified to support adding Subordinate
CA extension into the CSR for Microsoft CA, and also adding generic
extensions to any system certificate.
https://fedorahosted.org/pki/ticket/2312
Diffstat (limited to 'base/common/python')
-rw-r--r-- | base/common/python/pki/nssdb.py | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 7908461b1..2504a9579 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -171,7 +171,8 @@ class NSSDatabase(object): key_type=None, key_size=None, curve=None, hash_alg=None, basic_constraints_ext=None, - key_usage_ext=None): + key_usage_ext=None, + generic_exts=None): tmpdir = tempfile.mkdtemp() @@ -251,6 +252,30 @@ class NSSDatabase(object): keystroke += '\n' + if generic_exts: + + cmd.extend(['--extGeneric']) + + counter = 0 + exts = [] + + for generic_ext in generic_exts: + + data_file = os.path.join(tmpdir, 'csr-ext-%d' % counter) + with open(data_file, 'w') as f: + f.write(generic_ext['data']) + + critical = 'critical' if generic_ext['critical'] else 'not-critical' + + ext = generic_ext['oid'] + ext += ':' + critical + ext += ':' + data_file + + exts.append(ext) + counter += 1 + + cmd.append(','.join(exts)) + # generate binary request p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) |