Add an escape clause to the CSR validator in the cert plugin. If the csr
is a file just return and let the load_files() call slurp in the
contents. It will still get validated.
rob
>From d85b43a4bf88224734a7a9f93bbc6e56f467b068 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 13 Sep 2011 14:25:16 -0400
Subject: [PATCH] Skip the cert validator if the csr we are passed in is a
valid filename
The validator will still fire, just after the load_files() call. Basically
it will hit the validator twice. The first time it will exit because the
value of csr is a filename. The second time it will run the validator against
the contents of the file.
ticket https://fedorahosted.org/freeipa/ticket/1777
---
ipalib/plugins/cert.py | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index e32004e..ffc5866 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -23,6 +23,7 @@ from ipalib import api, SkipPluginModule
if api.env.enable_ra is not True:
# In this case, abort loading this plugin module...
raise SkipPluginModule(reason='env.enable_ra is not True')
+import os
from ipalib import Command, Str, Int, Bytes, Flag, File
from ipalib import errors
from ipalib import pkcs10
@@ -129,6 +130,11 @@ def validate_csr(ugettext, csr):
Ensure the CSR is base64-encoded and can be decoded by our PKCS#10
parser.
"""
+ if api.env.context == 'cli':
+ # If we are passed in a pointer to a valid file on the client side
+ # escape and let the load_files() handle things
+ if os.path.exists(csr):
+ return
try:
request = pkcs10.load_certificate_request(csr)
except TypeError, e:
@@ -203,6 +209,7 @@ class cert_request(VirtualCommand):
takes_args = (
File('csr', validate_csr,
+ label=_('CSR'),
cli_name='csr_file',
normalizer=normalize_csr,
),
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
