[Pki-devel] [PATCH] Allow separate certificate and private key for PKIConnection

Tue, 31 Jan 2017 03:27:56 -0800 

Hello,
Attached is a patch which allows for separation of a client certificate and a private key in PKIConnection.set_authentication_cert(). Since python-requests allows for this separation, I think this should be allowed here as well. 

Have a nice day,
Standa

From 76d2285925afc9c89046ee464db083f6170c326b Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <[email protected]>
Date: Tue, 31 Jan 2017 12:07:27 +0100
Subject: [PATCH] PKIConnection: allow separation of client cert and pkey

Currently, PKIConnection does not allow to have client certificate
and private key stored in different files. However, python-requests
library allows this separation so it should be made possible.
---
 base/common/python/pki/client.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/base/common/python/pki/client.py b/base/common/python/pki/client.py
index 7e91046b856d9363abe4e3098c16098412957848..3e819cfd1fb23b9b4215aa53d4aaa6b2ebf3f737 100644
--- a/base/common/python/pki/client.py
+++ b/base/common/python/pki/client.py
@@ -101,14 +101,17 @@ class PKIConnection:
         if username is not None and password is not None:
             self.session.auth = (username, password)
 
-    def set_authentication_cert(self, pem_cert_path):
+    def set_authentication_cert(self, pem_cert_path, pem_key_path=None):
         """
         Set the path to the PEM file containing the certificate and private key
         for the client certificate to be used for authentication to the server,
-        when client certificate authentication is required.
+        when client certificate authentication is required. The private key may
+        optionally be stored in a different path.
 
         :param pem_cert_path: path to the PEM file
         :type pem_cert_path: str
+        :param pem_key_path: path to the PEM-formatted private key file
+        :type pem_key_path: str
         :return: None
         :raises: Exception if path is empty or None.
         """
@@ -116,7 +119,10 @@ class PKIConnection:
             raise Exception("No path for the certificate specified.")
         if len(str(pem_cert_path)) == 0:
             raise Exception("No path for the certificate specified.")
-        self.session.cert = pem_cert_path
+        if pem_key_path is not None:
+            self.session.cert = (pem_cert_path, pem_key_path)
+        else:
+            self.session.cert = pem_cert_path
 
     @catch_insecure_warning
     def get(self, path, headers=None, params=None, payload=None):
-- 
2.9.3


_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel





















					Reply via email to