From 40f76a53f78267b4d2b890defa3e4f7d27fdfb7a Mon Sep 17 00:00:00 2001
From: Chris Kelley <ckelley@redhat.com>
Date: Thu, 5 Aug 2021 12:00:15 +0100
Subject: [PATCH] Parse cert chain as JSON not XML

On dogtagpki/pki master XML is being replaced by JSON in PKI 11.0+

The PR for dogtagpki/pki that makes this change necessary is:
https://github.com/dogtagpki/pki/pull/3677

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 ipapython/dogtag.py | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 0503938fb9783d397cc7366339bb9fab48033985..8f0f0473ae313edb17e10de8b2ca7f43f231e706 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -20,6 +20,7 @@
 import collections
 import gzip
 import io
+import json
 import logging
 from urllib.parse import urlencode
 import xml.dom.minidom
@@ -100,6 +101,10 @@ def get_ca_certchain(ca_host=None):
         data = res.read()
         conn.close()
         try:
+            doc = json.loads(data)
+            chain = doc['Response']['ChainBase64']
+        except (json.JSONDecodeError, KeyError):
+            logger.debug("Response is not valid JSON, try XML")
             doc = xml.dom.minidom.parseString(data)
             try:
                 item_node = doc.getElementsByTagName("ChainBase64")
@@ -107,9 +112,9 @@ def get_ca_certchain(ca_host=None):
             except IndexError:
                 raise error_from_xml(
                     doc, _("Retrieving CA cert chain failed: %s"))
-        finally:
-            if doc:
-                doc.unlink()
+            finally:
+                if doc:
+                    doc.unlink()
     else:
         raise errors.RemoteRetrieveError(
             reason=_("request failed with HTTP status %d") % res.status)
@@ -118,13 +123,18 @@ def get_ca_certchain(ca_host=None):
 
 
 def _parse_ca_status(body):
-    doc = xml.dom.minidom.parseString(body)
     try:
-        item_node = doc.getElementsByTagName("XMLResponse")[0]
-        item_node = item_node.getElementsByTagName("Status")[0]
-        return item_node.childNodes[0].data
-    except IndexError:
-        raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
+        doc = json.loads(body)
+        return doc['Response']['Status']
+    except (json.JSONDecodeError, KeyError):
+        logger.debug("Response is not valid JSON, try XML")
+        doc = xml.dom.minidom.parseString(body)
+        try:
+            item_node = doc.getElementsByTagName("XMLResponse")[0]
+            item_node = item_node.getElementsByTagName("Status")[0]
+            return item_node.childNodes[0].data
+        except IndexError:
+            raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
 
 
 def ca_status(ca_host=None):
-- 
2.31.1