def _get_cert_key(self, cert): try: nss_cert = x509.load_certificate(cert, x509.DER) except NSPRError as e: message = messages.SearchResultTruncated( reason=_("failed to load certificate: %s") % e, ) self.add_message(message) raise ValueError("failed to load certificate") return (DN(unicode(nss_cert.issuer)), nss_cert.serial_number)
def _get_cert_key(self, cert): try: cert_obj = x509.load_certificate(cert, x509.DER) except ValueError as e: message = messages.SearchResultTruncated( reason=_("failed to load certificate: %s") % e, ) self.add_message(message) raise return (DN(cert_obj.issuer), cert_obj.serial)
def _ldap_search(self, all, raw, pkey_only, no_members, timelimit, sizelimit, **options): ldap = self.api.Backend.ldap2 filters = [] for owner in self.obj._owners(): for prefix, rule in (('', ldap.MATCH_ALL), ('no_', ldap.MATCH_NONE)): try: value = options[prefix + owner.name] except KeyError: continue filter = ldap.make_filter_from_attr('objectclass', owner.object_class, ldap.MATCH_ALL) if filter not in filters: filters.append(filter) filter = ldap.make_filter_from_attr(owner.primary_key.name, value, rule) filters.append(filter) result = collections.OrderedDict() complete = bool(filters) cert = options.get('certificate') if cert is not None: filter = ldap.make_filter_from_attr('usercertificate', cert) else: filter = '(usercertificate=*)' filters.append(filter) filter = ldap.combine_filters(filters, ldap.MATCH_ALL) try: entries, truncated = ldap.find_entries( base_dn=self.api.env.basedn, filter=filter, attrs_list=['usercertificate'], time_limit=timelimit, size_limit=sizelimit, ) except errors.EmptyResult: entries = [] truncated = False else: try: ldap.handle_truncated_result(truncated) except errors.LimitsExceeded as e: self.add_message(messages.SearchResultTruncated(reason=e)) truncated = bool(truncated) for entry in entries: for attr in ('usercertificate', 'usercertificate;binary'): for cert in entry.get(attr, []): try: key = self._get_cert_key(cert) except ValueError: truncated = True continue try: obj = result[key] except KeyError: obj = self._get_cert_obj(cert, all, raw, pkey_only) result[key] = obj if not pkey_only and (all or not no_members): owners = obj.setdefault('owner', []) if entry.dn not in owners: owners.append(entry.dn) if not raw: for obj in six.itervalues(result): self.obj._fill_owners(obj) return result, truncated, complete