diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-08-16 13:16:58 +1000 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-12-12 13:03:15 +0100 |
| commit | c7ea56c049ec8ab1a5500852eca6faf750b1479f (patch) | |
| tree | 2362e63154921dd460db8dfb5643a1d4d774315a /ipapython | |
| parent | 95e602598a481f9c4a3b69ce8a861bf3816aa8ba (diff) | |
| download | freeipa-c7ea56c049ec8ab1a5500852eca6faf750b1479f.tar.gz freeipa-c7ea56c049ec8ab1a5500852eca6faf750b1479f.tar.xz freeipa-c7ea56c049ec8ab1a5500852eca6faf750b1479f.zip | |
Add function for extracting PEM certs from PKCS #7
Add a single function for extracting X.509 certs in PEM format from
a PKCS #7 object. Refactor sites that execute ``openssl pkcs7`` to
use the new function.
Part of: https://fedorahosted.org/freeipa/ticket/6178
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/certdb.py | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py index 4e05b7880..4fbbbd91c 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -239,13 +239,8 @@ class NSSDatabase(object): continue if label in ('PKCS7', 'PKCS #7 SIGNED DATA', 'CERTIFICATE'): - args = [ - OPENSSL, 'pkcs7', - '-print_certs', - ] try: - result = ipautil.run( - args, stdin=body, capture_output=True) + certs = x509.pkcs7_to_pems(body) except ipautil.CalledProcessError as e: if label == 'CERTIFICATE': root_logger.warning( @@ -257,7 +252,7 @@ class NSSDatabase(object): filename, line, e) continue else: - extracted_certs += result.output + '\n' + extracted_certs += '\n'.join(certs) + '\n' loaded = True continue |