rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
717b817b82
ipa/0058-Parse-cert-chain-as-JSON-not-XML.patch

80 lines
2.8 KiB
Diff
Raw Normal View History

ipa-4.9.6-9 - Resolves: rhbz#2010701 ipa-server-install fails while 'configuring certificate server instance' - Resolves: rhbz#2005864 ipa cert-request replaces user certificate instead of adding - Resolves: rhbz#2003005 AVC denied { read } comm="ipa-custodia" on aarch64 during installation of ipa-server - Resolves: rhbz#2003004 extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT - Resolves: rhbz#2003003 subid: subid-match displays the DN of the owner, not its UID. - Resolves: rhbz#2013116 ipa migrate-ds command fails to warn when compat plugin is enabled
2021-10-12 07:34:01 +00:00
From 40f76a53f78267b4d2b890defa3e4f7d27fdfb7a Mon Sep 17 00:00:00 2001
From: Chris Kelley <ckelley@redhat.com>
Date: Thu, 5 Aug 2021 12:00:15 +0100
Subject: [PATCH] Parse cert chain as JSON not XML
On dogtagpki/pki master XML is being replaced by JSON in PKI 11.0+
The PR for dogtagpki/pki that makes this change necessary is:
https://github.com/dogtagpki/pki/pull/3677
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
ipapython/dogtag.py | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 0503938fb9783d397cc7366339bb9fab48033985..8f0f0473ae313edb17e10de8b2ca7f43f231e706 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -20,6 +20,7 @@
import collections
import gzip
import io
+import json
import logging
from urllib.parse import urlencode
import xml.dom.minidom
@@ -100,6 +101,10 @@ def get_ca_certchain(ca_host=None):
data = res.read()
conn.close()
try:
+ doc = json.loads(data)
+ chain = doc['Response']['ChainBase64']
+ except (json.JSONDecodeError, KeyError):
+ logger.debug("Response is not valid JSON, try XML")
doc = xml.dom.minidom.parseString(data)
try:
item_node = doc.getElementsByTagName("ChainBase64")
@@ -107,9 +112,9 @@ def get_ca_certchain(ca_host=None):
except IndexError:
raise error_from_xml(
doc, _("Retrieving CA cert chain failed: %s"))
- finally:
- if doc:
- doc.unlink()
+ finally:
+ if doc:
+ doc.unlink()
else:
raise errors.RemoteRetrieveError(
reason=_("request failed with HTTP status %d") % res.status)
@@ -118,13 +123,18 @@ def get_ca_certchain(ca_host=None):
def _parse_ca_status(body):
- doc = xml.dom.minidom.parseString(body)
try:
- item_node = doc.getElementsByTagName("XMLResponse")[0]
- item_node = item_node.getElementsByTagName("Status")[0]
- return item_node.childNodes[0].data
- except IndexError:
- raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
+ doc = json.loads(body)
+ return doc['Response']['Status']
+ except (json.JSONDecodeError, KeyError):
+ logger.debug("Response is not valid JSON, try XML")
+ doc = xml.dom.minidom.parseString(body)
+ try:
+ item_node = doc.getElementsByTagName("XMLResponse")[0]
+ item_node = item_node.getElementsByTagName("Status")[0]
+ return item_node.childNodes[0].data
+ except IndexError:
+ raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
def ca_status(ca_host=None):
--
2.31.1
Reference in New Issue Copy Permalink