From 6b96df59e1820825a96d5457360fe195f048d3ac Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <hansmi@google.com>
Date: Wed, 24 Oct 2012 01:55:53 +0200
Subject: [PATCH] utils.x509: Factorize code to extract X509 certificate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This will be useful in β€œgnt-node add”.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
---
 lib/utils/x509.py | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/lib/utils/x509.py b/lib/utils/x509.py
index 0a91f41fa..21143a422 100644
--- a/lib/utils/x509.py
+++ b/lib/utils/x509.py
@@ -242,11 +242,8 @@ def LoadSignedX509Certificate(cert_pem, key):
   """
   (salt, signature) = _ExtractX509CertificateSignature(cert_pem)
 
-  # Load certificate
-  cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem)
-
-  # Dump again to ensure it's in a sane format
-  sane_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
+  # Load and dump certificate to ensure it's in a sane format
+  (cert, sane_pem) = ExtractX509Certificate(cert_pem)
 
   if not utils_hash.VerifySha1Hmac(key, sane_pem, signature, salt=salt):
     raise errors.GenericError("X509 certificate signature is invalid")
@@ -308,3 +305,17 @@ def GenerateSelfSignedSslCert(filename, common_name=constants.X509_CERT_CN,
 
   utils_io.WriteFile(filename, mode=0400, data=key_pem + cert_pem)
   return (key_pem, cert_pem)
+
+
+def ExtractX509Certificate(pem):
+  """Extracts the certificate from a PEM-formatted string.
+
+  @type pem: string
+  @rtype: tuple; (OpenSSL.X509 object, string)
+  @return: Certificate object and PEM-formatted certificate
+
+  """
+  cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem)
+
+  return (cert,
+          OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
-- 
GitLab