diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-10-16 07:39:51 +0000 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:55 +0100 |
commit | d5e35f92a55d4e80d13ce157a8aa8f36276ad327 (patch) | |
tree | e714679ab1a77a92c2157f129076d41566387da8 /ipalib/pkcs10.py | |
parent | bab88eb1ed440d1e62eb59e32c4d22fa178f4869 (diff) | |
download | freeipa-d5e35f92a55d4e80d13ce157a8aa8f36276ad327.tar.gz freeipa-d5e35f92a55d4e80d13ce157a8aa8f36276ad327.tar.xz freeipa-d5e35f92a55d4e80d13ce157a8aa8f36276ad327.zip |
Update pkcs10 module functions to always load CSRs and allow selecting format.
This change makes the pkcs10 module more consistent with the x509 module.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipalib/pkcs10.py')
-rw-r--r-- | ipalib/pkcs10.py | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/ipalib/pkcs10.py b/ipalib/pkcs10.py index 29f9b3520..12db78377 100644 --- a/ipalib/pkcs10.py +++ b/ipalib/pkcs10.py @@ -27,24 +27,32 @@ from ipalib import api PEM = 0 DER = 1 -def get_subjectaltname(request): +def get_subject(csr, datatype=PEM): """ - Given a CSR return the subjectaltname value, if any. + Given a CSR return the subject value. - The return value is a tuple of strings or None + This returns an nss.DN object. """ - for extension in request.extensions: - if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME: - return nss.x509_alt_name(extension.value) - return None + request = load_certificate_request(csr, datatype) + try: + return request.subject + finally: + del request -def get_subject(request): +def get_subjectaltname(csr, datatype=PEM): """ - Given a CSR return the subject value. + Given a CSR return the subjectaltname value, if any. - This returns an nss.DN object. + The return value is a tuple of strings or None """ - return request.subject + request = load_certificate_request(csr, datatype) + try: + for extension in request.extensions: + if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME: + return nss.x509_alt_name(extension.value) + finally: + del request + return None def strip_header(csr): """ @@ -61,21 +69,21 @@ def strip_header(csr): return csr -def load_certificate_request(csr): +def load_certificate_request(csr, datatype=PEM): """ Given a base64-encoded certificate request, with or without the header/footer, return a request object. """ - csr = strip_header(csr) - - substrate = base64.b64decode(csr) + if datatype == PEM: + csr = strip_header(csr) + csr = base64.b64decode(csr) # A fail-safe so we can always read a CSR. python-nss/NSS will segfault # otherwise if not nss.nss_is_initialized(): nss.nss_init_nodb() - return nss.CertificateRequest(substrate) + return nss.CertificateRequest(csr) if __name__ == '__main__': nss.nss_init_nodb() @@ -85,9 +93,6 @@ if __name__ == '__main__': csrlines = sys.stdin.readlines() csr = ''.join(csrlines) - csr = load_certificate_request(csr) - - print csr - + print load_certificate_request(csr) print get_subject(csr) print get_subjectaltname(csr) |