From dc55240fe8ce2f27aaca05a5287089080c902c85 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 1 Feb 2010 14:00:28 -0500
Subject: Be more careful when base64-decoding certificates

Only decode certs that have a BEGIN/END block, otherwise assume it
is in DER format.
---
 ipalib/plugins/service.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'ipalib/plugins/service.py')

diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 6ad992f3..a477de9a 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -28,6 +28,7 @@ from ipalib import Str, Flag, Bytes
 from ipalib.plugins.baseldap import *
 from ipalib import x509
 from pyasn1.error import PyAsn1Error
+from ipalib import _, ngettext
 
 
 def get_serial(certificate):
@@ -37,16 +38,12 @@ def get_serial(certificate):
     """
     if type(certificate) in (list, tuple):
         certificate = certificate[0]
-    try:
-        certificate = base64.b64decode(certificate)
-    except Exception:
-        pass
 
     try:
         serial = x509.get_serial_number(certificate, type=x509.DER)
-    except PyAsn1Error:
+    except PyAsn1Error, e:
         raise errors.GenericError(
-            format='Unable to decode certificate in entry'
+            format='Unable to decode certificate in entry: %s' % e
         )
     return serial
 
-- 
cgit