diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2017-09-25 09:18:41 +0200 |
---|---|---|
committer | Stanislav Laznicka <slaznick@redhat.com> | 2017-10-25 09:46:41 +0200 |
commit | 0d7daf0495433e242f4d7e80e1f43f8486fbddab (patch) | |
tree | 54fafc9d81b6a3ea844ad89c1d89fb90160c46cc /ipalib | |
parent | f350b5698aa84ffd0f3337e39b7c94de525f1d81 (diff) | |
download | freeipa-0d7daf0495433e242f4d7e80e1f43f8486fbddab.tar.gz freeipa-0d7daf0495433e242f4d7e80e1f43f8486fbddab.tar.xz freeipa-0d7daf0495433e242f4d7e80e1f43f8486fbddab.zip |
Remove pkcs10 module contents
This removes pkcs10 module contents and adds a warning message
about its future removal.
https://pagure.io/freeipa/issue/7131
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/parameters.py | 2 | ||||
-rw-r--r-- | ipalib/pkcs10.py | 60 | ||||
-rw-r--r-- | ipalib/util.py | 17 |
3 files changed, 24 insertions, 55 deletions
diff --git a/ipalib/parameters.py b/ipalib/parameters.py index d647b6b60..7ee80212a 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -123,7 +123,7 @@ from ipalib.text import Gettext, FixMe from ipalib.util import json_serialize, validate_idna_domain from ipalib.x509 import ( load_der_x509_certificate, IPACertificate, default_backend) -from ipalib.pkcs10 import strip_header as strip_csr_header +from ipalib.util import strip_csr_header from ipapython import kerberos from ipapython.dn import DN from ipapython.dnsutil import DNSName diff --git a/ipalib/pkcs10.py b/ipalib/pkcs10.py index 03d2cb367..2756c8568 100644 --- a/ipalib/pkcs10.py +++ b/ipalib/pkcs10.py @@ -1,56 +1,8 @@ -# Authors: -# Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2010 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - from __future__ import print_function +import sys -import binascii -from cryptography.hazmat.backends import default_backend -import cryptography.x509 - - -def strip_header(csr): - """ - Remove the header and footer (and surrounding material) from a CSR. - """ - headerlen = 40 - s = csr.find(b"-----BEGIN NEW CERTIFICATE REQUEST-----") - if s == -1: - headerlen = 36 - s = csr.find(b"-----BEGIN CERTIFICATE REQUEST-----") - if s >= 0: - e = csr.find(b"-----END") - csr = csr[s + headerlen:e] - - return csr - - -def load_certificate_request(data): - """ - Load a PEM or base64-encoded PKCS #10 certificate request. - - :return: a python-cryptography ``Certificate`` object. - :raises: ``ValueError`` if unable to load the request - - """ - data = strip_header(data) - try: - data = binascii.a2b_base64(data) - except binascii.Error as e: - raise ValueError(e) - return cryptography.x509.load_der_x509_csr(data, default_backend()) +print( + "ipalib.pkcs10 module is deprecated and will be removed in FreeIPA 4.6. " + "To load CSRs, please, use python-cryptography instead.", + file=sys.stderr +) diff --git a/ipalib/util.py b/ipalib/util.py index 90605b12e..ea2f5c51a 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -153,6 +153,23 @@ def isvalid_base64(data): else: return True + +def strip_csr_header(csr): + """ + Remove the header and footer (and surrounding material) from a CSR. + """ + headerlen = 40 + s = csr.find(b"-----BEGIN NEW CERTIFICATE REQUEST-----") + if s == -1: + headerlen = 36 + s = csr.find(b"-----BEGIN CERTIFICATE REQUEST-----") + if s >= 0: + e = csr.find(b"-----END") + csr = csr[s + headerlen:e] + + return csr + + def validate_ipaddr(ipaddr): """ Check to see if the given IP address is a valid IPv4 or IPv6 address. |