def _get_cert_key(self, cert):
try:
nss_cert = x509.load_certificate(cert, x509.DER)
except NSPRError as e:
message = messages.SearchResultTruncated(
reason=_("failed to load certificate: %s") % e, )
self.add_message(message)
raise ValueError("failed to load certificate")
return (DN(unicode(nss_cert.issuer)), nss_cert.serial_number)
def _get_cert_key(self, cert):
try:
cert_obj = x509.load_certificate(cert, x509.DER)
except ValueError as e:
message = messages.SearchResultTruncated(
reason=_("failed to load certificate: %s") % e, )
self.add_message(message)
raise
return (DN(cert_obj.issuer), cert_obj.serial)
def _ldap_search(self, all, raw, pkey_only, no_members, timelimit,
sizelimit, **options):
ldap = self.api.Backend.ldap2
filters = []
for owner in self.obj._owners():
for prefix, rule in (('', ldap.MATCH_ALL), ('no_',
ldap.MATCH_NONE)):
try:
value = options[prefix + owner.name]
except KeyError:
continue
filter = ldap.make_filter_from_attr('objectclass',
owner.object_class,
ldap.MATCH_ALL)
if filter not in filters:
filters.append(filter)
filter = ldap.make_filter_from_attr(owner.primary_key.name,
value, rule)
filters.append(filter)
result = collections.OrderedDict()
complete = bool(filters)
cert = options.get('certificate')
if cert is not None:
filter = ldap.make_filter_from_attr('usercertificate', cert)
else:
filter = '(usercertificate=*)'
filters.append(filter)
filter = ldap.combine_filters(filters, ldap.MATCH_ALL)
try:
entries, truncated = ldap.find_entries(
base_dn=self.api.env.basedn,
filter=filter,
attrs_list=['usercertificate'],
time_limit=timelimit,
size_limit=sizelimit,
)
except errors.EmptyResult:
entries = []
truncated = False
else:
try:
ldap.handle_truncated_result(truncated)
except errors.LimitsExceeded as e:
self.add_message(messages.SearchResultTruncated(reason=e))
truncated = bool(truncated)
for entry in entries:
for attr in ('usercertificate', 'usercertificate;binary'):
for cert in entry.get(attr, []):
try:
key = self._get_cert_key(cert)
except ValueError:
truncated = True
continue
try:
obj = result[key]
except KeyError:
obj = self._get_cert_obj(cert, all, raw, pkey_only)
result[key] = obj
if not pkey_only and (all or not no_members):
owners = obj.setdefault('owner', [])
if entry.dn not in owners:
owners.append(entry.dn)
if not raw:
for obj in six.itervalues(result):
self.obj._fill_owners(obj)
return result, truncated, complete