diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-10-08 13:15:03 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-10-08 13:15:03 -0400 |
commit | d2a9ccf407709aa7a2a2378f758fb4db40181684 (patch) | |
tree | 3b28a390551cba7c077a9363212e9576d83934e6 /ipalib/util.py | |
parent | dccb386d57090869acbebe92c8da173fef770869 (diff) | |
download | freeipa-d2a9ccf407709aa7a2a2378f758fb4db40181684.tar.gz freeipa-d2a9ccf407709aa7a2a2378f758fb4db40181684.tar.xz freeipa-d2a9ccf407709aa7a2a2378f758fb4db40181684.zip |
Accept an incoming certificate as either DER or base64 in the service plugin.
The plugin required a base64-encoded certificate and always decoded it
before processing. This doesn't work with the UI because the json module
decodes binary values already.
Try to detect if the incoming value is base64-encoded and decode if
necessary. Finally, try to pull the cert apart to validate it. This will
tell us for sure that the data is a certificate, regardless of the format
it came in as.
ticket 348
Diffstat (limited to 'ipalib/util.py')
-rw-r--r-- | ipalib/util.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ipalib/util.py b/ipalib/util.py index 6bd1da541..1803e65ab 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -26,6 +26,7 @@ import imp import logging import time import socket +import re from types import NoneType from ipalib import errors @@ -148,3 +149,24 @@ def validate_host_dns(log, fqdn): log.debug( 'IPA: found %d records for %s' % (len(rs), fqdn) ) + +def isvalid_base64(data): + """ + Validate the incoming data as valid base64 data or not. + + The character set must only include of a-z, A-Z, 0-9, + or / and + be padded with = to be a length divisible by 4 (so only 0-2 =s are + allowed). Its length must be divisible by 4. White space is + not significant so it is removed. + + This doesn't guarantee we have a base64-encoded value, just that it + fits the base64 requirements. + """ + + data = ''.join(data.split()) + + if len(data) % 4 > 0 or \ + re.match('^[a-zA-Z0-9\+\/]+\={0,2}$', data) is None: + return False + else: + return True |