Refactored SystemCertClient.get_transport_cert().

To simplify the usage, the SystemCertClient.get_transport_cert()
has been modified to parse and decode the PEM certificate in
CertData object, store the DER certificate back into the object,
and return the CertData object to the client. This way the client
will have access to the certificate attributes and both PEM and
DER certificates.

The PKIService.sendConditionalGetResponse() has been fixed to use
the requested format. This is needed to display the transport
certificate properly in the browser.

Ticket #1062

5 files changed, 13 insertions, 7 deletions

diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py
index f0f429a90..3e4ba058b 100644
--- a/base/common/python/pki/cert.py
+++ b/base/common/python/pki/cert.py
@@ -52,6 +52,7 @@ class CertData(object):
         self.subject_dn = None
         self.pretty_repr = None
         self.encoded = None
+        self.binary = None
         self.pkcs7_cert_chain = None
         self.not_before = None
         self.not_after = None
diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py
index 174e681b8..f9aed3f36 100644
--- a/base/common/python/pki/crypto.py
+++ b/base/common/python/pki/crypto.py
@@ -140,9 +140,9 @@ class NSSCryptoProvider(CryptoProvider):
     def import_cert(self, cert_nick, cert, trust):
         """ Import a certificate into the nss database
         """
-        # certutil -A -d db_dir -n cert_nick -t trust -i cert_file -a
+        # certutil -A -d db_dir -n cert_nick -t trust -i cert_file
         with tempfile.NamedTemporaryFile() as cert_file:
-            cert_file.write(cert)
+            cert_file.write(cert.binary)
             cert_file.flush()
             command = ['certutil', '-A', '-d', self.certdb_dir,
                        '-n', cert_nick, '-t', trust,
diff --git a/base/common/python/pki/systemcert.py b/base/common/python/pki/systemcert.py
index 43da7fc35..6986ba072 100644
--- a/base/common/python/pki/systemcert.py
+++ b/base/common/python/pki/systemcert.py
@@ -21,6 +21,7 @@
 """
 Module containing the Python client classes for the SystemCert REST API
 """
+import base64
 import pki
 from pki.cert import CertData
 
@@ -46,4 +47,9 @@ class SystemCertClient(object):
         url = self.cert_url + '/transport'
         response = self.connection.get(url, self.headers)
         cert_data = CertData.from_json(response.json())
-        return cert_data.encoded
+
+        pem = cert_data.encoded
+        b64 = pem[len(pki.CERT_HEADER):len(pem) - len(pki.CERT_FOOTER)]
+        cert_data.binary = base64.decodestring(b64)
+
+        return cert_data
diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py
index abade3511..ce4a1eb37 100644
--- a/base/kra/functional/drmtest.py
+++ b/base/kra/functional/drmtest.py
@@ -91,10 +91,8 @@ def main():
     # Get transport cert and insert in the certdb
     transport_nick = "kra transport cert"
     transport_cert = kraclient.system_certs.get_transport_cert()
-    print transport_cert
-    tcert = transport_cert[len(pki.CERT_HEADER):len(transport_cert) - len(
-        pki.CERT_FOOTER)]
-    crypto.import_cert(transport_nick, base64.decodestring(tcert), "u,u,u")
+    print transport_cert.encoded
+    crypto.import_cert(transport_nick, transport_cert, "u,u,u")
 
     # initialize the certdb for crypto operations
     # for NSS db, this must be done after importing the transport cert
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
index edd7da38d..3c1e311be 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
@@ -162,6 +162,7 @@ public class PKIService {
         builder = Response.ok(object);
         builder.cacheControl(cc);
         builder.tag(tag);
+        builder.type(getResponseFormat());
         return builder.build();
     }