From 4950f167d628b04c3859baf512328bff8538bd2d Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 11 May 2016 19:33:51 +0200 Subject: Fixed support for generic CSR extensions. The deployment tool has been modified to support adding Subordinate CA extension into the CSR for Microsoft CA, and also adding generic extensions to any system certificate. https://fedorahosted.org/pki/ticket/2312 --- base/common/python/pki/nssdb.py | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'base/common/python') diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 7908461b1..2504a9579 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -171,7 +171,8 @@ class NSSDatabase(object): key_type=None, key_size=None, curve=None, hash_alg=None, basic_constraints_ext=None, - key_usage_ext=None): + key_usage_ext=None, + generic_exts=None): tmpdir = tempfile.mkdtemp() @@ -251,6 +252,30 @@ class NSSDatabase(object): keystroke += '\n' + if generic_exts: + + cmd.extend(['--extGeneric']) + + counter = 0 + exts = [] + + for generic_ext in generic_exts: + + data_file = os.path.join(tmpdir, 'csr-ext-%d' % counter) + with open(data_file, 'w') as f: + f.write(generic_ext['data']) + + critical = 'critical' if generic_ext['critical'] else 'not-critical' + + ext = generic_ext['oid'] + ext += ':' + critical + ext += ':' + data_file + + exts.append(ext) + counter += 1 + + cmd.append(','.join(exts)) + # generate binary request p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) -- cgit