certdb: accumulate extracted certs as list of PEMs

certdb.NSSDatabase.import_files currently accumulates certificates extracted from input files as a string, which is ugly. Accumulate a list of PEMs instead, and join() them just in time for PKCS #12 creation. Part of: https://fedorahosted.org/freeipa/ticket/6178 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2016-11-18 10:04:24 +1000
committer: Jan Cholasta <jcholast@redhat.com> 2016-12-12 13:03:15 +0100
commit: cc5b88e5d4ac1171374be9ae8e6e60730243dd3d (patch)
tree: 727f68515023a9fa37aaa4e39d1697ca557ae478
parent: c7ea56c049ec8ab1a5500852eca6faf750b1479f (diff)
download: freeipa-cc5b88e5d4ac1171374be9ae8e6e60730243dd3d.tar.gz
freeipa-cc5b88e5d4ac1171374be9ae8e6e60730243dd3d.tar.xz
freeipa-cc5b88e5d4ac1171374be9ae8e6e60730243dd3d.zip
1 files changed, 8 insertions, 7 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index 4fbbbd91c..948132633 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -203,7 +203,7 @@ class NSSDatabase(object):
         """
         key_file = None
         extracted_key = None
-        extracted_certs = ''
+        extracted_certs = []
 
         for filename in files:
             try:
@@ -234,7 +234,7 @@ class NSSDatabase(object):
                                     filename, line, e)
                                 continue
                         else:
-                            extracted_certs += body + '\n'
+                            extracted_certs.append(body)
                             loaded = True
                             continue
 
@@ -252,7 +252,7 @@ class NSSDatabase(object):
                                     filename, line, e)
                             continue
                         else:
-                            extracted_certs += '\n'.join(certs) + '\n'
+                            extracted_certs.extend(certs)
                             loaded = True
                             continue
 
@@ -302,7 +302,7 @@ class NSSDatabase(object):
                 pass
             else:
                 data = x509.make_pem(base64.b64encode(data))
-                extracted_certs += data + '\n'
+                extracted_certs.append(data)
                 continue
 
             # Try to import the file as PKCS#12 file
@@ -343,14 +343,15 @@ class NSSDatabase(object):
             raise RuntimeError(
                 "No server certificates found in %s" % (', '.join(files)))
 
-        certs = x509.load_certificate_list(extracted_certs)
-        for cert in certs:
+        for cert_pem in extracted_certs:
+            cert = x509.load_certificate(cert_pem)
             nickname = str(DN(cert.subject))
             data = cert.public_bytes(serialization.Encoding.DER)
             self.add_cert(data, nickname, ',,')
 
         if extracted_key:
-            in_file = ipautil.write_tmp_file(extracted_certs + extracted_key)
+            in_file = ipautil.write_tmp_file(
+                    '\n'.join(extracted_certs) + '\n' + extracted_key)
             out_file = tempfile.NamedTemporaryFile()
             out_password = ipautil.ipa_generate_password()
             out_pwdfile = ipautil.write_tmp_file(out_password)
author	Fraser Tweedale <ftweedal@redhat.com>	2016-11-18 10:04:24 +1000
committer	Jan Cholasta <jcholast@redhat.com>	2016-12-12 13:03:15 +0100
commit	cc5b88e5d4ac1171374be9ae8e6e60730243dd3d (patch)
tree	727f68515023a9fa37aaa4e39d1697ca557ae478
parent	c7ea56c049ec8ab1a5500852eca6faf750b1479f (diff)
download	freeipa-cc5b88e5d4ac1171374be9ae8e6e60730243dd3d.tar.gz freeipa-cc5b88e5d4ac1171374be9ae8e6e60730243dd3d.tar.xz freeipa-cc5b88e5d4ac1171374be9ae8e6e60730243dd3d.zip