x509: avoid use of nss.data_to_hex

Avoid use of the nss.data_to_hex function for formatting certificate fingerprints. Add our own helper functions to format the fingerprints as hex (with colons). Part of: https://fedorahosted.org/freeipa/ticket/6398 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2016-10-11 12:43:22 +1000
committer: David Kupka <dkupka@redhat.com> 2016-11-10 10:21:47 +0100
commit: 44c2d685f01eb4c03e4659125e41d73b8be47c19 (patch)
tree: 5f4f45dd6dcce1b96e630e400b80324412843c75 /ipaserver/plugins
parent: 85487281cdc09720f6a0385ebb7157742d762a0c (diff)
download: freeipa-44c2d685f01eb4c03e4659125e41d73b8be47c19.tar.gz
freeipa-44c2d685f01eb4c03e4659125e41d73b8be47c19.tar.xz
freeipa-44c2d685f01eb4c03e4659125e41d73b8be47c19.zip
2 files changed, 8 insertions, 6 deletions
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 5e85942dd..a534c4d26 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -379,10 +379,10 @@ class BaseCertObject(Object):
             obj['valid_not_before'] = unicode(cert.valid_not_before_str)
             obj['valid_not_after'] = unicode(cert.valid_not_after_str)
             if full:
-                obj['md5_fingerprint'] = unicode(
-                    nss.data_to_hex(nss.md5_digest(cert.der_data), 64)[0])
-                obj['sha1_fingerprint'] = unicode(
-                    nss.data_to_hex(nss.sha1_digest(cert.der_data), 64)[0])
+                obj['md5_fingerprint'] = x509.to_hex_with_colons(
+                    nss.md5_digest(cert.der_data))
+                obj['sha1_fingerprint'] = x509.to_hex_with_colons(
+                    nss.sha1_digest(cert.der_data))
 
             try:
                 ext_san = cert.get_extension(nss.SEC_OID_X509_SUBJECT_ALT_NAME)
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py
index e57ca523a..a39ba3249 100644
--- a/ipaserver/plugins/service.py
+++ b/ipaserver/plugins/service.py
@@ -274,8 +274,10 @@ def set_certificate_attrs(entry_attrs):
     entry_attrs['issuer'] = unicode(cert.issuer)
     entry_attrs['valid_not_before'] = unicode(cert.valid_not_before_str)
     entry_attrs['valid_not_after'] = unicode(cert.valid_not_after_str)
-    entry_attrs['md5_fingerprint'] = unicode(nss.data_to_hex(nss.md5_digest(cert.der_data), 64)[0])
-    entry_attrs['sha1_fingerprint'] = unicode(nss.data_to_hex(nss.sha1_digest(cert.der_data), 64)[0])
+    entry_attrs['md5_fingerprint'] = x509.to_hex_with_colons(
+        nss.md5_digest(cert.der_data))
+    entry_attrs['sha1_fingerprint'] = x509.to_hex_with_colons(
+        nss.sha1_digest(cert.der_data))
 
 def check_required_principal(ldap, principal):
     """
author	Fraser Tweedale <ftweedal@redhat.com>	2016-10-11 12:43:22 +1000
committer	David Kupka <dkupka@redhat.com>	2016-11-10 10:21:47 +0100
commit	44c2d685f01eb4c03e4659125e41d73b8be47c19 (patch)
tree	5f4f45dd6dcce1b96e630e400b80324412843c75 /ipaserver/plugins
parent	85487281cdc09720f6a0385ebb7157742d762a0c (diff)
download	freeipa-44c2d685f01eb4c03e4659125e41d73b8be47c19.tar.gz freeipa-44c2d685f01eb4c03e4659125e41d73b8be47c19.tar.xz freeipa-44c2d685f01eb4c03e4659125e41d73b8be47c19.zip