From dd69c7dbe68e8f8674994a54ea913f2dd2e52c32 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 8 Jun 2011 10:54:41 -0400 Subject: Make data type of certificates more obvious/predictable internally. For the most part certificates will be treated as being in DER format. When we load a certificate we will generally accept it in any format but will convert it to DER before proceeding in normalize_certificate(). This also re-arranges a bit of code to pull some certificate-specific functions out of ipalib/plugins/service.py into ipalib/x509.py. This also tries to use variable names to indicate what format the certificate is in at any given point: dercert: DER cert: PEM nsscert: a python-nss Certificate object rawcert: unknown format ticket 32 --- ipaserver/install/service.py | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) (limited to 'ipaserver/install/service.py') diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index d8d04e73..efbb2c93 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -94,6 +94,7 @@ class Service(object): self.realm = None self.suffix = None self.principal = None + self.dercert = None def ldap_connect(self): self.admin_conn = self.__get_conn(self.fqdn, self.dm_password) @@ -192,23 +193,12 @@ class Service(object): """ Add a certificate to a service - This should be passed in DER format but we'll be nice and convert - a base64-encoded cert if needed (like when we add certs that come - from PKCS#12 files.) + This server cert should be in DER format. """ if not self.admin_conn: self.ldap_connect() - try: - s = self.dercert.find('-----BEGIN CERTIFICATE-----') - if s > -1: - e = self.dercert.find('-----END CERTIFICATE-----') - s = s + 27 - self.dercert = self.dercert[s:e] - self.dercert = base64.b64decode(self.dercert) - except Exception: - pass dn = "krbprincipalname=%s,cn=services,cn=accounts,%s" % (self.principal, self.suffix) mod = [(ldap.MOD_ADD, 'userCertificate', self.dercert)] try: -- cgit