[Freeipa-devel] [PATCH] dogtag clean-up

John Dennis jdennis at redhat.com
Thu Dec 3 00:01:03 UTC 2009 

The essence of this patch is to return the correct types from
certificate plugins and avoid scraping Javascript from dogtag (CMS)
html responses with better error handling. Instead we ask CMS to
always return our data as XML documents which can be much more
robustly parsed (including properly handling issues such as character
encoding, escapes, etc.).

Fundamentally the process is split into two parts. A parsing routine
which returns a dict with all the values from CMS in the correct
Python types for IPA. The possible values returned from CMS are fully
documented and can easily be read via the documentation link in HTML
posted at the bottom (plus in the code of course). The command plugin
invokes the parsing routine and picks out from the parse result dict
the values it wants to return (and may optionaly convert the type as
needed for XMLRPC, this is fully documented, in particular serial
numbers need special handling in XMLRPC). This model allows us to use
different parsing methods without disturbing the logic in the command
plugin should that ever be necessary (i.e. clear separation of
responsibilities).

Status results are never returned in the command result. Instead we
use the defined exception handling logic for IPA XMLRPC. If the
command fails in some fashion we return a CertificateOperationError
exception. On the receiving end if no exception has been thrown it
knows the values returned are valid.

Careful attention has been paid to the types being used. Strings are
always unicode, integral values are represented as either int or long
objects. No longer are integral values represented as strings with
confusion as to thier radix representation (with the notable exception
of serial numbers which must be passed through XMLRPC as decimal
strings, the rules for this are fully documented).

The logic in the selfsign and dogtag plugins have been brought into
alignment.

Much more extensive error checking has been added to selfsign to
handle issues concering serial number operations.

A new error exception has been added (CertificateOperationError).

Error messages have been localized.

The check_ra.py test was updated (unfortunately this test requires a
configured server so I used my test server).

Extensive documentation has been added to many of the routines.

Easy to browse HTML documentation for the dogtag plugin can be found
here (for the time being)

http://jdennis.fedorapeople.org/ipa/dogtag

I've noticed we have a bit of code duplication going on with CMS
interactions. In the future we shold consolodate all CMS code in one
library (module).

This patch has been lingering in my private repo too long. I no longer
want to keep merging as others modify the same code :-) So here it
is. Other components of the fixes have already been posted as patches.


-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-dogtag-clean-up
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091202/a924c60e/attachment.ksh>

More information about the Freeipa-devel mailing list