Remove pkcs10 module contents

This removes pkcs10 module contents and adds a warning message
about its future removal.

https://pagure.io/freeipa/issue/7131

3 files changed, 24 insertions, 55 deletions

diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index d647b6b60..7ee80212a 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -123,7 +123,7 @@ from ipalib.text import Gettext, FixMe
 from ipalib.util import json_serialize, validate_idna_domain
 from ipalib.x509 import (
     load_der_x509_certificate, IPACertificate, default_backend)
-from ipalib.pkcs10 import strip_header as strip_csr_header
+from ipalib.util import strip_csr_header
 from ipapython import kerberos
 from ipapython.dn import DN
 from ipapython.dnsutil import DNSName
diff --git a/ipalib/pkcs10.py b/ipalib/pkcs10.py
index 03d2cb367..2756c8568 100644
--- a/ipalib/pkcs10.py
+++ b/ipalib/pkcs10.py
@@ -1,56 +1,8 @@
-# Authors:
-#   Rob Crittenden <rcritten@redhat.com>
-#
-# Copyright (C) 2010  Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
 from __future__ import print_function
+import sys
 
-import binascii
-from cryptography.hazmat.backends import default_backend
-import cryptography.x509
-
-
-def strip_header(csr):
-    """
-    Remove the header and footer (and surrounding material) from a CSR.
-    """
-    headerlen = 40
-    s = csr.find(b"-----BEGIN NEW CERTIFICATE REQUEST-----")
-    if s == -1:
-        headerlen = 36
-        s = csr.find(b"-----BEGIN CERTIFICATE REQUEST-----")
-    if s >= 0:
-        e = csr.find(b"-----END")
-        csr = csr[s + headerlen:e]
-
-    return csr
-
-
-def load_certificate_request(data):
-    """
-    Load a PEM or base64-encoded PKCS #10 certificate request.
-
-    :return: a python-cryptography ``Certificate`` object.
-    :raises: ``ValueError`` if unable to load the request
-
-    """
-    data = strip_header(data)
-    try:
-        data = binascii.a2b_base64(data)
-    except binascii.Error as e:
-        raise ValueError(e)
-    return cryptography.x509.load_der_x509_csr(data, default_backend())
+print(
+    "ipalib.pkcs10 module is deprecated and will be removed in FreeIPA 4.6. "
+    "To load CSRs, please, use python-cryptography instead.",
+    file=sys.stderr
+)
diff --git a/ipalib/util.py b/ipalib/util.py
index 90605b12e..ea2f5c51a 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -153,6 +153,23 @@ def isvalid_base64(data):
     else:
         return True
 
+
+def strip_csr_header(csr):
+    """
+    Remove the header and footer (and surrounding material) from a CSR.
+    """
+    headerlen = 40
+    s = csr.find(b"-----BEGIN NEW CERTIFICATE REQUEST-----")
+    if s == -1:
+        headerlen = 36
+        s = csr.find(b"-----BEGIN CERTIFICATE REQUEST-----")
+    if s >= 0:
+        e = csr.find(b"-----END")
+        csr = csr[s + headerlen:e]
+
+    return csr
+
+
 def validate_ipaddr(ipaddr):
     """
     Check to see if the given IP address is a valid IPv4 or IPv6 address.