def set_certificate_attrs(entry, options, want_cert=True):
"""
Set certificate attributes into the entry. Depending on
options, this may contact Dogtag to retrieve certificate or
chain. If the retrieval fails with 404 (which can occur under
normal operation due to lightweight CA key replication delay),
return a message object that should be set in the response.
"""
try:
ca_id = entry['ipacaid'][0]
except KeyError:
return None
full = options.get('all', False)
want_chain = options.get('chain', False)
want_data = want_cert or want_chain or full
if not want_data:
return None
msg = None
with api.Backend.ra_lightweight_ca as ca_api:
if want_cert or full:
try:
der = ca_api.read_ca_cert(ca_id)
entry['certificate'] = base64.b64encode(der).decode('ascii')
except errors.HTTPRequestError as e:
if e.status == 404: # pylint: disable=no-member
msg = messages.LightweightCACertificateNotAvailable(
ca=entry['cn'][0])
else:
raise e
if want_chain or full:
try:
pkcs7_der = ca_api.read_ca_chain(ca_id)
certs = x509.pkcs7_to_certs(pkcs7_der, x509.DER)
ders = [cert.public_bytes(x509.Encoding.DER) for cert in certs]
entry['certificate_chain'] = ders
except errors.HTTPRequestError as e:
if e.status == 404: # pylint: disable=no-member
msg = messages.LightweightCACertificateNotAvailable(
ca=entry['cn'][0])
else:
raise e
return msg
def set_certificate_attrs(entry, options, want_cert=True):
try:
ca_id = entry['ipacaid'][0]
except KeyError:
return
full = options.get('all', False)
want_chain = options.get('chain', False)
want_data = want_cert or want_chain or full
if not want_data:
return
with api.Backend.ra_lightweight_ca as ca_api:
if want_cert or full:
der = ca_api.read_ca_cert(ca_id)
entry['certificate'] = base64.b64encode(der).decode('ascii')
if want_chain or full:
pkcs7_der = ca_api.read_ca_chain(ca_id)
certs = x509.pkcs7_to_certs(pkcs7_der, x509.DER)
ders = [cert.public_bytes(x509.Encoding.DER) for cert in certs]
entry['certificate_chain'] = ders
def set_certificate_attrs(entry, options, want_cert=True):
try:
ca_id = entry['ipacaid'][0]
except KeyError:
return
full = options.get('all', False)
want_chain = options.get('chain', False)
want_data = want_cert or want_chain or full
if not want_data:
return
with api.Backend.ra_lightweight_ca as ca_api:
if want_cert or full:
der = ca_api.read_ca_cert(ca_id)
entry['certificate'] = base64.b64encode(der).decode('ascii')
if want_chain or full:
pkcs7_der = ca_api.read_ca_chain(ca_id)
certs = x509.pkcs7_to_certs(pkcs7_der, x509.DER)
ders = [cert.public_bytes(x509.Encoding.DER) for cert in certs]
entry['certificate_chain'] = ders
def test_load_pkcs7_pem(self):
certlist = x509.pkcs7_to_certs(good_pkcs7, datatype=x509.PEM)
assert len(certlist) == 1
cert = certlist[0]
assert DN(cert.subject) == DN('CN=Certificate Authority,O=EXAMPLE.COM')
assert cert.serial_number == 1