717b817b82
- Resolves: rhbz#2010701 ipa-server-install fails while 'configuring certificate server instance'
- Resolves: rhbz#2005864 ipa cert-request replaces user certificate instead of adding
- Resolves: rhbz#2003005 AVC denied { read } comm="ipa-custodia" on aarch64 during installation of ipa-server
- Resolves: rhbz#2003004 extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT
- Resolves: rhbz#2003003 subid: subid-match displays the DN of the owner, not its UID.
- Resolves: rhbz#2013116 ipa migrate-ds command fails to warn when compat plugin is enabled
80 lines
2.8 KiB
Diff
80 lines
2.8 KiB
Diff
From 40f76a53f78267b4d2b890defa3e4f7d27fdfb7a Mon Sep 17 00:00:00 2001
|
|
From: Chris Kelley <ckelley@redhat.com>
|
|
Date: Thu, 5 Aug 2021 12:00:15 +0100
|
|
Subject: [PATCH] Parse cert chain as JSON not XML
|
|
|
|
On dogtagpki/pki master XML is being replaced by JSON in PKI 11.0+
|
|
|
|
The PR for dogtagpki/pki that makes this change necessary is:
|
|
https://github.com/dogtagpki/pki/pull/3677
|
|
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
---
|
|
ipapython/dogtag.py | 28 +++++++++++++++++++---------
|
|
1 file changed, 19 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
|
|
index 0503938fb9783d397cc7366339bb9fab48033985..8f0f0473ae313edb17e10de8b2ca7f43f231e706 100644
|
|
--- a/ipapython/dogtag.py
|
|
+++ b/ipapython/dogtag.py
|
|
@@ -20,6 +20,7 @@
|
|
import collections
|
|
import gzip
|
|
import io
|
|
+import json
|
|
import logging
|
|
from urllib.parse import urlencode
|
|
import xml.dom.minidom
|
|
@@ -100,6 +101,10 @@ def get_ca_certchain(ca_host=None):
|
|
data = res.read()
|
|
conn.close()
|
|
try:
|
|
+ doc = json.loads(data)
|
|
+ chain = doc['Response']['ChainBase64']
|
|
+ except (json.JSONDecodeError, KeyError):
|
|
+ logger.debug("Response is not valid JSON, try XML")
|
|
doc = xml.dom.minidom.parseString(data)
|
|
try:
|
|
item_node = doc.getElementsByTagName("ChainBase64")
|
|
@@ -107,9 +112,9 @@ def get_ca_certchain(ca_host=None):
|
|
except IndexError:
|
|
raise error_from_xml(
|
|
doc, _("Retrieving CA cert chain failed: %s"))
|
|
- finally:
|
|
- if doc:
|
|
- doc.unlink()
|
|
+ finally:
|
|
+ if doc:
|
|
+ doc.unlink()
|
|
else:
|
|
raise errors.RemoteRetrieveError(
|
|
reason=_("request failed with HTTP status %d") % res.status)
|
|
@@ -118,13 +123,18 @@ def get_ca_certchain(ca_host=None):
|
|
|
|
|
|
def _parse_ca_status(body):
|
|
- doc = xml.dom.minidom.parseString(body)
|
|
try:
|
|
- item_node = doc.getElementsByTagName("XMLResponse")[0]
|
|
- item_node = item_node.getElementsByTagName("Status")[0]
|
|
- return item_node.childNodes[0].data
|
|
- except IndexError:
|
|
- raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
|
|
+ doc = json.loads(body)
|
|
+ return doc['Response']['Status']
|
|
+ except (json.JSONDecodeError, KeyError):
|
|
+ logger.debug("Response is not valid JSON, try XML")
|
|
+ doc = xml.dom.minidom.parseString(body)
|
|
+ try:
|
|
+ item_node = doc.getElementsByTagName("XMLResponse")[0]
|
|
+ item_node = item_node.getElementsByTagName("Status")[0]
|
|
+ return item_node.childNodes[0].data
|
|
+ except IndexError:
|
|
+ raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
|
|
|
|
|
|
def ca_status(ca_host=None):
|
|
--
|
|
2.31.1
|
|
|