Change error handling for cert validity check
Before this change the code was doing the cert validity check and stopping the execution if any of the certificates in the passed in file were invalid. This change removes the invalid certificate from the PEM bundle being installed and allows the remaining valid certs to be installed. The error message is stored and returned at the end. Closes-Bug: 1939917 Change-Id: Ic9c45ac15f081576a71472853e6e00ca0017336e Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
This commit is contained in:
parent
2cd10430d1
commit
68f05dcf23
|
@ -90,9 +90,6 @@ def do_certificate_install(cc, args):
|
|||
|
||||
try:
|
||||
response = cc.certificate.certificate_install(sec_file, data=data)
|
||||
error = response.get('error')
|
||||
if error:
|
||||
raise exc.CommandError("%s" % error)
|
||||
except exc.HTTPNotFound:
|
||||
raise exc.CommandError('Certificate not installed %s. No response.' %
|
||||
certificate_file)
|
||||
|
@ -101,13 +98,21 @@ def do_certificate_install(cc, args):
|
|||
(certificate_file, e))
|
||||
else:
|
||||
certificates = response.get('certificates')
|
||||
for certificate in certificates:
|
||||
_print_certificate_show(certificate)
|
||||
try:
|
||||
os.remove(certificate_file)
|
||||
except OSError:
|
||||
raise exc.CommandError('Error: Could not remove the '
|
||||
'certificate %s' % certificate_file)
|
||||
if certificates:
|
||||
for certificate in certificates:
|
||||
_print_certificate_show(certificate)
|
||||
|
||||
error = response.get('error')
|
||||
if error:
|
||||
print("WARNING: Some certificates were not installed.")
|
||||
print(error)
|
||||
else:
|
||||
try:
|
||||
os.remove(certificate_file)
|
||||
except OSError:
|
||||
raise exc.CommandError('Error: Could not remove the '
|
||||
'certificate %s' % certificate_file)
|
||||
|
||||
|
||||
@utils.arg('certificate_uuid', metavar='<certificate_uuid>',
|
||||
help="UUID of certificate to uninstall")
|
||||
|
|
|
@ -378,10 +378,31 @@ class CertificateController(rest.RestController):
|
|||
return dict(success="", error=msg)
|
||||
|
||||
hash_issuers = []
|
||||
cert_validity_error = None
|
||||
for index, cert in enumerate(certs):
|
||||
msg = self._check_cert_validity(cert)
|
||||
if msg is not True:
|
||||
return dict(success="", error=msg)
|
||||
# If file has only one cert fails right away
|
||||
# if file has multiple certs continues execution for
|
||||
# other certs and saves the error to be returned later
|
||||
if len(certs) == 1:
|
||||
return dict(success="", error=msg)
|
||||
|
||||
msg = "Error with cert number %s in the file: " \
|
||||
% (index + 1) + msg
|
||||
if cert_validity_error:
|
||||
cert_validity_error += "\n" + msg
|
||||
else:
|
||||
cert_validity_error = msg
|
||||
|
||||
LOG.info(msg)
|
||||
|
||||
# gets certificate in PEM format
|
||||
# removes expired certificates from pem_contents
|
||||
pem_cert = cutils.get_public_bytes(cert)
|
||||
pem_contents = pem_contents.replace(pem_cert, "")
|
||||
|
||||
continue
|
||||
|
||||
# validation checking for ssl, tpm_mode, docker_registry
|
||||
# and openstack certficcates
|
||||
|
@ -514,7 +535,10 @@ class CertificateController(rest.RestController):
|
|||
log_end = cutils.timestamped("certificate_do_post_end")
|
||||
LOG.info("certificate %s" % log_end)
|
||||
|
||||
return dict(success="", error="", body="",
|
||||
error = ""
|
||||
if cert_validity_error:
|
||||
error = cert_validity_error
|
||||
return dict(success="", error=error, body="",
|
||||
certificates=certificate_dicts)
|
||||
|
||||
@wsme_pecan.wsexpose(RequestResult, body=RenewCertificate)
|
||||
|
|
|
@ -2640,6 +2640,13 @@ def extract_ca_crt_bytes_from_pem(pem_content):
|
|||
return base64_crt
|
||||
|
||||
|
||||
def get_public_bytes(cert):
|
||||
""" Returns the PEM file text from x509 cert object
|
||||
"""
|
||||
cert_bytes = cert.public_bytes(encoding=serialization.Encoding.PEM)
|
||||
return cert_bytes.decode('utf-8')
|
||||
|
||||
|
||||
def extract_certs_from_pem(pem_contents):
|
||||
"""
|
||||
Extract certificates from a pem string
|
||||
|
|
Loading…
Reference in New Issue