diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-07-02 10:09:45 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-07-07 14:43:19 -0400 |
commit | 45931f980d6cea073f9f7899bdea7f0f15ffa61c (patch) | |
tree | 1b41728f6a96a66b20069b043288ab7928e1cf36 /base | |
parent | 4234d56b5601b74cdca892e241d9679fc6360195 (diff) | |
download | pki-45931f980d6cea073f9f7899bdea7f0f15ffa61c.tar.gz pki-45931f980d6cea073f9f7899bdea7f0f15ffa61c.tar.xz pki-45931f980d6cea073f9f7899bdea7f0f15ffa61c.zip |
Refactored SystemCertClient.get_transport_cert().
To simplify the usage, the SystemCertClient.get_transport_cert()
has been modified to parse and decode the PEM certificate in
CertData object, store the DER certificate back into the object,
and return the CertData object to the client. This way the client
will have access to the certificate attributes and both PEM and
DER certificates.
The PKIService.sendConditionalGetResponse() has been fixed to use
the requested format. This is needed to display the transport
certificate properly in the browser.
Ticket #1062
Diffstat (limited to 'base')
-rw-r--r-- | base/common/python/pki/cert.py | 1 | ||||
-rw-r--r-- | base/common/python/pki/crypto.py | 4 | ||||
-rw-r--r-- | base/common/python/pki/systemcert.py | 8 | ||||
-rw-r--r-- | base/kra/functional/drmtest.py | 6 | ||||
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java | 1 |
5 files changed, 13 insertions, 7 deletions
diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py index f0f429a90..3e4ba058b 100644 --- a/base/common/python/pki/cert.py +++ b/base/common/python/pki/cert.py @@ -52,6 +52,7 @@ class CertData(object): self.subject_dn = None self.pretty_repr = None self.encoded = None + self.binary = None self.pkcs7_cert_chain = None self.not_before = None self.not_after = None diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py index 174e681b8..f9aed3f36 100644 --- a/base/common/python/pki/crypto.py +++ b/base/common/python/pki/crypto.py @@ -140,9 +140,9 @@ class NSSCryptoProvider(CryptoProvider): def import_cert(self, cert_nick, cert, trust): """ Import a certificate into the nss database """ - # certutil -A -d db_dir -n cert_nick -t trust -i cert_file -a + # certutil -A -d db_dir -n cert_nick -t trust -i cert_file with tempfile.NamedTemporaryFile() as cert_file: - cert_file.write(cert) + cert_file.write(cert.binary) cert_file.flush() command = ['certutil', '-A', '-d', self.certdb_dir, '-n', cert_nick, '-t', trust, diff --git a/base/common/python/pki/systemcert.py b/base/common/python/pki/systemcert.py index 43da7fc35..6986ba072 100644 --- a/base/common/python/pki/systemcert.py +++ b/base/common/python/pki/systemcert.py @@ -21,6 +21,7 @@ """ Module containing the Python client classes for the SystemCert REST API """ +import base64 import pki from pki.cert import CertData @@ -46,4 +47,9 @@ class SystemCertClient(object): url = self.cert_url + '/transport' response = self.connection.get(url, self.headers) cert_data = CertData.from_json(response.json()) - return cert_data.encoded + + pem = cert_data.encoded + b64 = pem[len(pki.CERT_HEADER):len(pem) - len(pki.CERT_FOOTER)] + cert_data.binary = base64.decodestring(b64) + + return cert_data diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index abade3511..ce4a1eb37 100644 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -91,10 +91,8 @@ def main(): # Get transport cert and insert in the certdb transport_nick = "kra transport cert" transport_cert = kraclient.system_certs.get_transport_cert() - print transport_cert - tcert = transport_cert[len(pki.CERT_HEADER):len(transport_cert) - len( - pki.CERT_FOOTER)] - crypto.import_cert(transport_nick, base64.decodestring(tcert), "u,u,u") + print transport_cert.encoded + crypto.import_cert(transport_nick, transport_cert, "u,u,u") # initialize the certdb for crypto operations # for NSS db, this must be done after importing the transport cert diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java index edd7da38d..3c1e311be 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java @@ -162,6 +162,7 @@ public class PKIService { builder = Response.ok(object); builder.cacheControl(cc); builder.tag(tag); + builder.type(getResponseFormat()); return builder.build(); } |