From 45931f980d6cea073f9f7899bdea7f0f15ffa61c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Wed, 2 Jul 2014 10:09:45 -0400
Subject: Refactored SystemCertClient.get_transport_cert().

To simplify the usage, the SystemCertClient.get_transport_cert()
has been modified to parse and decode the PEM certificate in
CertData object, store the DER certificate back into the object,
and return the CertData object to the client. This way the client
will have access to the certificate attributes and both PEM and
DER certificates.

The PKIService.sendConditionalGetResponse() has been fixed to use
the requested format. This is needed to display the transport
certificate properly in the browser.

Ticket #1062
---
 base/common/python/pki/cert.py       | 1 +
 base/common/python/pki/crypto.py     | 4 ++--
 base/common/python/pki/systemcert.py | 8 +++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'base/common/python')

diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py
index f0f429a90..3e4ba058b 100644
--- a/base/common/python/pki/cert.py
+++ b/base/common/python/pki/cert.py
@@ -52,6 +52,7 @@ class CertData(object):
         self.subject_dn = None
         self.pretty_repr = None
         self.encoded = None
+        self.binary = None
         self.pkcs7_cert_chain = None
         self.not_before = None
         self.not_after = None
diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py
index 174e681b8..f9aed3f36 100644
--- a/base/common/python/pki/crypto.py
+++ b/base/common/python/pki/crypto.py
@@ -140,9 +140,9 @@ class NSSCryptoProvider(CryptoProvider):
     def import_cert(self, cert_nick, cert, trust):
         """ Import a certificate into the nss database
         """
-        # certutil -A -d db_dir -n cert_nick -t trust -i cert_file -a
+        # certutil -A -d db_dir -n cert_nick -t trust -i cert_file
         with tempfile.NamedTemporaryFile() as cert_file:
-            cert_file.write(cert)
+            cert_file.write(cert.binary)
             cert_file.flush()
             command = ['certutil', '-A', '-d', self.certdb_dir,
                        '-n', cert_nick, '-t', trust,
diff --git a/base/common/python/pki/systemcert.py b/base/common/python/pki/systemcert.py
index 43da7fc35..6986ba072 100644
--- a/base/common/python/pki/systemcert.py
+++ b/base/common/python/pki/systemcert.py
@@ -21,6 +21,7 @@
 """
 Module containing the Python client classes for the SystemCert REST API
 """
+import base64
 import pki
 from pki.cert import CertData
 
@@ -46,4 +47,9 @@ class SystemCertClient(object):
         url = self.cert_url + '/transport'
         response = self.connection.get(url, self.headers)
         cert_data = CertData.from_json(response.json())
-        return cert_data.encoded
+
+        pem = cert_data.encoded
+        b64 = pem[len(pki.CERT_HEADER):len(pem) - len(pki.CERT_FOOTER)]
+        cert_data.binary = base64.decodestring(b64)
+
+        return cert_data
-- 
cgit