certstore: add support for asterisk form to DNTree replacement

This commit is contained in:
Maximilian Hils 2014-07-19 00:02:31 +02:00
parent cba927885e
commit d382bb27bf
1 changed files with 18 additions and 1 deletions

View File

@ -215,6 +215,19 @@ class CertStore:
for i in names: for i in names:
self.certs[i] = (cert, privkey) self.certs[i] = (cert, privkey)
@staticmethod
def asterisk_forms(dn):
parts = dn.split(".")
parts.reverse()
curr_dn = ""
dn_forms = ["*"]
for part in parts[:-1]:
curr_dn = "." + part + curr_dn # .example.com
dn_forms.append("*" + curr_dn) # *.example.com
if parts[-1] != "*":
dn_forms.append(parts[-1] + curr_dn)
return dn_forms
def get_cert(self, commonname, sans): def get_cert(self, commonname, sans):
""" """
Returns an (cert, privkey) tuple. Returns an (cert, privkey) tuple.
@ -227,7 +240,11 @@ class CertStore:
Return None if the certificate could not be found or generated. Return None if the certificate could not be found or generated.
""" """
potential_keys = [commonname] + sans + [(commonname, tuple(sans))] potential_keys = self.asterisk_forms(commonname)
for s in sans:
potential_keys.extend(self.asterisk_forms(s))
potential_keys.append((commonname, tuple(sans)))
name = next(itertools.ifilter(lambda key: key in self.certs, potential_keys), None) name = next(itertools.ifilter(lambda key: key in self.certs, potential_keys), None)
if name: if name:
c = self.certs[name] c = self.certs[name]