summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorStanislav Laznicka <slaznick@redhat.com>2017-09-25 09:18:41 +0200
committerStanislav Laznicka <slaznick@redhat.com>2017-10-25 09:46:41 +0200
commit0d7daf0495433e242f4d7e80e1f43f8486fbddab (patch)
tree54fafc9d81b6a3ea844ad89c1d89fb90160c46cc /ipalib
parentf350b5698aa84ffd0f3337e39b7c94de525f1d81 (diff)
downloadfreeipa-0d7daf0495433e242f4d7e80e1f43f8486fbddab.tar.gz
freeipa-0d7daf0495433e242f4d7e80e1f43f8486fbddab.tar.xz
freeipa-0d7daf0495433e242f4d7e80e1f43f8486fbddab.zip
Remove pkcs10 module contents
This removes pkcs10 module contents and adds a warning message about its future removal. https://pagure.io/freeipa/issue/7131
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/parameters.py2
-rw-r--r--ipalib/pkcs10.py60
-rw-r--r--ipalib/util.py17
3 files changed, 24 insertions, 55 deletions
diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index d647b6b60..7ee80212a 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -123,7 +123,7 @@ from ipalib.text import Gettext, FixMe
from ipalib.util import json_serialize, validate_idna_domain
from ipalib.x509 import (
load_der_x509_certificate, IPACertificate, default_backend)
-from ipalib.pkcs10 import strip_header as strip_csr_header
+from ipalib.util import strip_csr_header
from ipapython import kerberos
from ipapython.dn import DN
from ipapython.dnsutil import DNSName
diff --git a/ipalib/pkcs10.py b/ipalib/pkcs10.py
index 03d2cb367..2756c8568 100644
--- a/ipalib/pkcs10.py
+++ b/ipalib/pkcs10.py
@@ -1,56 +1,8 @@
-# Authors:
-# Rob Crittenden <rcritten@redhat.com>
-#
-# Copyright (C) 2010 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
from __future__ import print_function
+import sys
-import binascii
-from cryptography.hazmat.backends import default_backend
-import cryptography.x509
-
-
-def strip_header(csr):
- """
- Remove the header and footer (and surrounding material) from a CSR.
- """
- headerlen = 40
- s = csr.find(b"-----BEGIN NEW CERTIFICATE REQUEST-----")
- if s == -1:
- headerlen = 36
- s = csr.find(b"-----BEGIN CERTIFICATE REQUEST-----")
- if s >= 0:
- e = csr.find(b"-----END")
- csr = csr[s + headerlen:e]
-
- return csr
-
-
-def load_certificate_request(data):
- """
- Load a PEM or base64-encoded PKCS #10 certificate request.
-
- :return: a python-cryptography ``Certificate`` object.
- :raises: ``ValueError`` if unable to load the request
-
- """
- data = strip_header(data)
- try:
- data = binascii.a2b_base64(data)
- except binascii.Error as e:
- raise ValueError(e)
- return cryptography.x509.load_der_x509_csr(data, default_backend())
+print(
+ "ipalib.pkcs10 module is deprecated and will be removed in FreeIPA 4.6. "
+ "To load CSRs, please, use python-cryptography instead.",
+ file=sys.stderr
+)
diff --git a/ipalib/util.py b/ipalib/util.py
index 90605b12e..ea2f5c51a 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -153,6 +153,23 @@ def isvalid_base64(data):
else:
return True
+
+def strip_csr_header(csr):
+ """
+ Remove the header and footer (and surrounding material) from a CSR.
+ """
+ headerlen = 40
+ s = csr.find(b"-----BEGIN NEW CERTIFICATE REQUEST-----")
+ if s == -1:
+ headerlen = 36
+ s = csr.find(b"-----BEGIN CERTIFICATE REQUEST-----")
+ if s >= 0:
+ e = csr.find(b"-----END")
+ csr = csr[s + headerlen:e]
+
+ return csr
+
+
def validate_ipaddr(ipaddr):
"""
Check to see if the given IP address is a valid IPv4 or IPv6 address.