summaryrefslogtreecommitdiffstats
path: root/ipapython
diff options
context:
space:
mode:
authorFraser Tweedale <ftweedal@redhat.com>2016-08-16 13:16:58 +1000
committerJan Cholasta <jcholast@redhat.com>2016-12-12 13:03:15 +0100
commitc7ea56c049ec8ab1a5500852eca6faf750b1479f (patch)
tree2362e63154921dd460db8dfb5643a1d4d774315a /ipapython
parent95e602598a481f9c4a3b69ce8a861bf3816aa8ba (diff)
downloadfreeipa-c7ea56c049ec8ab1a5500852eca6faf750b1479f.tar.gz
freeipa-c7ea56c049ec8ab1a5500852eca6faf750b1479f.tar.xz
freeipa-c7ea56c049ec8ab1a5500852eca6faf750b1479f.zip
Add function for extracting PEM certs from PKCS #7
Add a single function for extracting X.509 certs in PEM format from a PKCS #7 object. Refactor sites that execute ``openssl pkcs7`` to use the new function. Part of: https://fedorahosted.org/freeipa/ticket/6178 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipapython')
-rw-r--r--ipapython/certdb.py9
1 files changed, 2 insertions, 7 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index 4e05b7880..4fbbbd91c 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -239,13 +239,8 @@ class NSSDatabase(object):
continue
if label in ('PKCS7', 'PKCS #7 SIGNED DATA', 'CERTIFICATE'):
- args = [
- OPENSSL, 'pkcs7',
- '-print_certs',
- ]
try:
- result = ipautil.run(
- args, stdin=body, capture_output=True)
+ certs = x509.pkcs7_to_pems(body)
except ipautil.CalledProcessError as e:
if label == 'CERTIFICATE':
root_logger.warning(
@@ -257,7 +252,7 @@ class NSSDatabase(object):
filename, line, e)
continue
else:
- extracted_certs += result.output + '\n'
+ extracted_certs += '\n'.join(certs) + '\n'
loaded = True
continue