The following raises ACIError because of failed authorization check, I think
its ok.
RequirementError is only thrown when a command option that is required is not
passed by the user. I am not fond of expanding its use to the validation of
user content, like CSR file.
NotFound error is used when an _entry_ is not found - so not an ideal candidate
either for this case.
IMHO, ValidationError is fine for this situation - but maybe somebody else may
have other opinion...
Martin
I assume no one is up in arms about electing to go for ValidationError :)
New patch attached. Thanks for your help, Martin!
--
Lynn Root
@roguelynn
Associate Software Engineer
Red Hat, Inc
>From 64ce8c043e5330e56f6e7b031e53f3116815b237 Mon Sep 17 00:00:00 2001
From: Lynn Root <lr...@redhat.com>
Date: Mon, 10 Dec 2012 09:13:13 -0500
Subject: [PATCH] Raise ValidationError when CSR does not have a subject
hostname
Raise ValidationError when CSR does not have a subject hostname.
Ticket: https://fedorahosted.org/freeipa/ticket/3123
---
ipalib/plugins/cert.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index c4bbf8215341d1fdbf8b84cf70ee7ebd8e2b96c4..fafaa51f3141b00aaee47d032cec5fa485b7d87e 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -296,6 +296,10 @@ class cert_request(VirtualCommand):
# Ensure that the hostname in the CSR matches the principal
subject_host = get_csr_hostname(csr)
+ if not subject_host:
+ raise errors.ValidationError(
+ info=_("No hostname was found in subject of request"))
+
(servicename, hostname, realm) = split_principal(principal)
if subject_host.lower() != hostname.lower():
raise errors.ACIError(
--
1.8.0.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
