diff options
| author | Stanislav Laznicka <slaznick@redhat.com> | 2016-12-20 10:23:47 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-03-01 09:43:41 +0000 |
| commit | 0a54fac02cecad3b9e3bf8ad0c8a44df3b701857 (patch) | |
| tree | 6b1afebc7aa6c20eba16024011f292b5722a6107 /ipapython/dogtag.py | |
| parent | 6b074ad833a12acbd4643795b2150fa7f019d6b2 (diff) | |
| download | freeipa-0a54fac02cecad3b9e3bf8ad0c8a44df3b701857.tar.gz freeipa-0a54fac02cecad3b9e3bf8ad0c8a44df3b701857.tar.xz freeipa-0a54fac02cecad3b9e3bf8ad0c8a44df3b701857.zip | |
Remove NSSConnection from Dogtag
Replaced NSSConnection with Python's httplib.HTTPSConnection.
This class is OpenSSL-based.
A client certificate with a private key is required to authenticate
against the certificate server. We facilitate the RA_AGENT_PEM which
already exists.
https://fedorahosted.org/freeipa/ticket/5695
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipapython/dogtag.py')
| -rw-r--r-- | ipapython/dogtag.py | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index b17175413..4aeb897fd 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -20,16 +20,16 @@ import collections import xml.dom.minidom -import nss.nss as nss import six # pylint: disable=import-error from six.moves.urllib.parse import urlencode # pylint: enable=import-error from ipalib import api, errors +from ipalib.util import create_https_connection from ipalib.errors import NetworkError from ipalib.text import _ -from ipapython import nsslib, ipautil +from ipapython import ipautil from ipapython.ipa_log_manager import root_logger # Python 3 rename. The package is available in "six.moves.http_client", but @@ -131,8 +131,8 @@ def ca_status(ca_host=None): return _parse_ca_status(body) -def https_request(host, port, url, secdir, password, nickname, - method='POST', headers=None, body=None, **kw): +def https_request(host, port, url, cafile, client_certfile, + method='POST', headers=None, body=None, **kw): """ :param method: HTTP request method (defalut: 'POST') :param url: The path (not complete URL!) to post to. @@ -145,16 +145,12 @@ def https_request(host, port, url, secdir, password, nickname, """ def connection_factory(host, port): - no_init = secdir == nsslib.current_dbdir - conn = nsslib.NSSConnection(host, port, dbdir=secdir, no_init=no_init, - tls_version_min=api.env.tls_version_min, - tls_version_max=api.env.tls_version_max) - conn.set_debuglevel(0) - conn.connect() - conn.sock.set_client_auth_data_callback( - nsslib.client_auth_data_callback, - nickname, password, nss.get_default_certdb()) - return conn + return create_https_connection( + host, port, + cafile=cafile, + client_certfile=client_certfile, + tls_version_min=api.env.tls_version_min, + tls_version_max=api.env.tls_version_max) if body is None: body = urlencode(kw) |