diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-01-06 14:50:42 +1100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-01-13 08:12:30 +0100 |
| commit | fe94222873c4df5118e93cebe7e9d69439266ba0 (patch) | |
| tree | 2f2309492eb0843b744d7034a22b425c183855ea /ipaserver/plugins/dogtag.py | |
| parent | 6b2b173a4d6b1cd8789e87d0392dd86c980f858a (diff) | |
| download | freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.tar.gz freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.tar.xz freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.zip | |
Do not decode HTTP reason phrase from Dogtag
The HTTP reason phrase sent by Dogtag is assumed to be encoded in
UTF-8, but the encoding used by Tomcat is dependent on system
locale, causing decode errors in some locales.
The reason phrase is optional and will not be sent in a future
version of Tomcat[1], so do not bother decoding and returning it.
[1] https://github.com/apache/tomcat/commit/707ab1c77f3bc189e1c3f29b641506db4c8bce37
Fixes: https://fedorahosted.org/freeipa/ticket/5578
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/plugins/dogtag.py')
| -rw-r--r-- | ipaserver/plugins/dogtag.py | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 1a1172a38..2549aae3d 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1351,8 +1351,8 @@ class ra(rabase.rabase): """ :param url: The URL to post to. :param kw: Keyword arguments to encode into POST body. - :return: (http_status, http_reason_phrase, http_headers, http_body) - as (integer, unicode, dict, str) + :return: (http_status, http_headers, http_body) + as (integer, dict, str) Perform an HTTP request. """ @@ -1362,8 +1362,8 @@ class ra(rabase.rabase): """ :param url: The URL to post to. :param kw: Keyword arguments to encode into POST body. - :return: (http_status, http_reason_phrase, http_headers, http_body) - as (integer, unicode, dict, str) + :return: (http_status, http_headers, http_body) + as (integer, dict, str) Perform an HTTPS request """ @@ -1423,7 +1423,7 @@ class ra(rabase.rabase): self.debug('%s.check_request_status()', self.fullname) # Call CMS - http_status, http_reason_phrase, http_headers, http_body = \ + http_status, http_headers, http_body = \ self._request('/ca/ee/ca/checkRequest', self.env.ca_port, requestId=request_id, @@ -1432,7 +1432,7 @@ class ra(rabase.rabase): # Parse and handle errors if http_status != 200: self.raise_certificate_operation_error('check_request_status', - detail=http_reason_phrase) + detail=http_status) parse_result = self.get_parse_result_xml(http_body, parse_check_request_result_xml) request_status = parse_result['request_status'] @@ -1508,7 +1508,7 @@ class ra(rabase.rabase): serial_number = int(serial_number, 0) # Call CMS - http_status, http_reason_phrase, http_headers, http_body = \ + http_status, http_headers, http_body = \ self._sslget('/ca/agent/ca/displayBySerial', self.env.ca_agent_port, serialNumber=str(serial_number), @@ -1518,7 +1518,7 @@ class ra(rabase.rabase): # Parse and handle errors if http_status != 200: self.raise_certificate_operation_error('get_certificate', - detail=http_reason_phrase) + detail=http_status) parse_result = self.get_parse_result_xml(http_body, parse_display_cert_xml) request_status = parse_result['request_status'] @@ -1576,7 +1576,7 @@ class ra(rabase.rabase): self.debug('%s.request_certificate()', self.fullname) # Call CMS - http_status, http_reason_phrase, http_headers, http_body = \ + http_status, http_headers, http_body = \ self._sslget('/ca/eeca/ca/profileSubmitSSLClient', self.env.ca_ee_port, profileId=profile_id, @@ -1586,7 +1586,7 @@ class ra(rabase.rabase): # Parse and handle errors if http_status != 200: self.raise_certificate_operation_error('request_certificate', - detail=http_reason_phrase) + detail=http_status) parse_result = self.get_parse_result_xml(http_body, parse_profile_submit_result_xml) # Note different status return, it's not request_status, it's error_code @@ -1655,7 +1655,7 @@ class ra(rabase.rabase): serial_number = int(serial_number, 0) # Call CMS - http_status, http_reason_phrase, http_headers, http_body = \ + http_status, http_headers, http_body = \ self._sslget('/ca/agent/ca/doRevoke', self.env.ca_agent_port, op='revoke', @@ -1667,7 +1667,7 @@ class ra(rabase.rabase): # Parse and handle errors if http_status != 200: self.raise_certificate_operation_error('revoke_certificate', - detail=http_reason_phrase) + detail=http_status) parse_result = self.get_parse_result_xml(http_body, parse_revoke_cert_xml) request_status = parse_result['request_status'] @@ -1718,7 +1718,7 @@ class ra(rabase.rabase): serial_number = int(serial_number, 0) # Call CMS - http_status, http_reason_phrase, http_headers, http_body = \ + http_status, http_headers, http_body = \ self._sslget('/ca/agent/ca/doUnrevoke', self.env.ca_agent_port, serialNumber=str(serial_number), @@ -1727,7 +1727,7 @@ class ra(rabase.rabase): # Parse and handle errors if http_status != 200: self.raise_certificate_operation_error('take_certificate_off_hold', - detail=http_reason_phrase) + detail=http_status) parse_result = self.get_parse_result_xml(http_body, parse_unrevoke_cert_xml) @@ -2030,7 +2030,7 @@ class RestClient(Backend): """Log into the REST API""" if self.cookie is not None: return - status, status_text, resp_headers, resp_body = dogtag.https_request( + status, resp_headers, resp_body = dogtag.https_request( self.ca_host, self.override_port or self.env.ca_agent_port, '/ca/rest/account/login', self.sec_dir, self.password, self.ipa_certificate_nickname, @@ -2056,8 +2056,8 @@ class RestClient(Backend): """ :param url: The URL to post to. :param kw: Keyword arguments to encode into POST body. - :return: (http_status, http_reason_phrase, http_headers, http_body) - as (integer, unicode, dict, str) + :return: (http_status, http_headers, http_body) + as (integer, dict, str) Perform an HTTPS request """ @@ -2071,7 +2071,7 @@ class RestClient(Backend): resource = os.path.join('/ca/rest', self.path, path) # perform main request - status, status_text, resp_headers, resp_body = dogtag.https_request( + status, resp_headers, resp_body = dogtag.https_request( self.ca_host, self.override_port or self.env.ca_agent_port, resource, self.sec_dir, self.password, self.ipa_certificate_nickname, @@ -2080,10 +2080,10 @@ class RestClient(Backend): if status < 200 or status >= 300: explanation = self._parse_dogtag_error(resp_body) or '' raise errors.RemoteRetrieveError( - reason=_('Non-2xx response from CA REST API: %(status)d %(status_text)s. %(explanation)s') - % {'status': status, 'status_text': status_text, 'explanation': explanation} + reason=_('Non-2xx response from CA REST API: %(status)d. %(explanation)s') + % {'status': status, 'explanation': explanation} ) - return (status, status_text, resp_headers, resp_body) + return (status, resp_headers, resp_body) class ra_certprofile(RestClient): @@ -2108,7 +2108,7 @@ class ra_certprofile(RestClient): """ Read the profile configuration from Dogtag """ - status, status_text, resp_headers, resp_body = self._ssldo( + status, resp_headers, resp_body = self._ssldo( 'GET', profile_id + '/raw') return resp_body |