From 8d2d7429beb6bf66cb3c4fc35a7a3dbb165a432c Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 24 Jun 2010 11:40:02 -0400 Subject: Clean up crypto code, take advantage of new nss-python capabilities This patch does the following: - drops our in-tree x509v3 parser to use the python-nss one - return more information on certificates - make an API change, renaming cert-get to cert-show - Drop a lot of duplicated code --- ipalib/plugins/host.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'ipalib/plugins/host.py') diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index b0d7289a..b42cbbcb 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -71,8 +71,8 @@ from ipalib import Str, Flag, Bytes from ipalib.plugins.baseldap import * from ipalib.plugins.service import split_principal from ipalib.plugins.service import validate_certificate -from ipalib.plugins.service import get_serial from ipalib import _, ngettext +from ipalib import x509 import base64 @@ -291,10 +291,10 @@ class host_mod(LDAPUpdate): if 'usercertificate' in entry_attrs_old: # FIXME: what to do here? do we revoke the old cert? fmt = 'entry already has a certificate, serial number: %s' % ( - get_serial(entry_attrs_old['usercertificate']) + x509.get_serial_number(entry_attrs_old['usercertificate'][0], x509.DER) ) raise errors.GenericError(format=fmt) - # FIXME: should be in normalizer; see service_add + # FIXME: decoding should be in normalizer; see service_add entry_attrs['usercertificate'] = base64.b64decode(cert) return dn -- cgit