4e7838f ipa upgrade: handle double-encoded certificates

1 file Authored by frenaud 5 years ago, Committed by tdudlak 5 years ago,
    ipa upgrade: handle double-encoded certificates
    
    Issue is linked to the ticket
     #3477 LDAP upload CA cert sometimes double-encodes the value
    In old FreeIPA releases (< 3.2), the upgrade plugin was encoding twice
    the value of the certificate in cn=cacert,cn=ipa,cn=etc,$BASEDN.
    
    The fix for 3477 is only partial as it prevents double-encoding when a
    new cert is uploaded but does not fix wrong values already present in LDAP.
    
    With this commit, the code first tries to read a der cert. If it fails,
    it logs a debug message and re-writes the value caCertificate;binary
    to repair the entry.
    
    Fixes https://pagure.io/freeipa/issue/7775
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>