diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2010-10-15 23:40:38 -0500 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2010-10-20 09:33:44 -0400 |
| commit | 2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7 (patch) | |
| tree | 7fcaf067b6a46e5c48a6df57b3af2435d39b3ac8 /install/static/certificate.js | |
| parent | df97bce34904e2b135a4b98d5cd5d59c2bb6b9ac (diff) | |
| download | freeipa-2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7.tar.gz freeipa-2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7.tar.xz freeipa-2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7.zip | |
Host certificate management
The service certificate management UI has been generalized and moved
into certificate.js. The host details page is now using the same code
to manage certificates. The host.py has been modified to return host
certificate info.
The Get/Revoke/View buttons behavior has been modified such that they
are visible only if there is a valid certificate. The Get dialog box
has been fixed to show the correct certificate header and footer.
The ipa.css has been modified to store the style of the status bullets.
New unit tests for certificate has been added. The test data has been
modified to include sample host certificate.
Diffstat (limited to 'install/static/certificate.js')
| -rwxr-xr-x | install/static/certificate.js | 317 |
1 files changed, 311 insertions, 6 deletions
diff --git a/install/static/certificate.js b/install/static/certificate.js index a688fe811..e1297a834 100755 --- a/install/static/certificate.js +++ b/install/static/certificate.js @@ -18,6 +18,9 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +var BEGIN_CERTIFICATE = '-----BEGIN CERTIFICATE-----'; +var END_CERTIFICATE = '-----END CERTIFICATE-----'; + var BEGIN_CERTIFICATE_REQUEST = '-----BEGIN CERTIFICATE REQUEST-----'; var END_CERTIFICATE_REQUEST = '-----END CERTIFICATE REQUEST-----'; @@ -35,19 +38,33 @@ var CRL_REASON = [ 'AA Compromise' ]; +var CERTIFICATE_STATUS_MISSING = 0; +var CERTIFICATE_STATUS_VALID = 1; +var CERTIFICATE_STATUS_REVOKED = 2; + function certificate_parse_dn(dn) { var result = {}; + if (!dn) return result; // TODO: Use proper LDAP DN parser var rdns = dn.split(','); for (var i=0; i<rdns.length; i++) { var rdn = rdns[i]; - var parts = rdn.split('='); - var name = parts[0].toLowerCase(); - var value = parts[1]; + if (!rdn) continue; - result[name] = value; + var parts = rdn.split('='); + var name = $.trim(parts[0].toLowerCase()); + var value = $.trim(parts[1]); + + var old_value = result[name]; + if (!old_value) { + result[name] = value; + } else if (typeof old_value == "string") { + result[name] = [old_value, value]; + } else { + result[name].push(value); + } } return result; @@ -70,9 +87,9 @@ function certificate_get_dialog(spec) { }).appendTo(dialog); textarea.val( - BEGIN_CERTIFICATE_REQUEST+'\n'+ + BEGIN_CERTIFICATE+'\n'+ that.usercertificate+'\n'+ - END_CERTIFICATE_REQUEST + END_CERTIFICATE ); that.open = function() { @@ -371,3 +388,291 @@ function certificate_request_dialog(spec) { return that; } + +function certificate_status_panel(spec) { + var that = $('<div/>'); + spec = spec || {}; + + that.entity_type = spec.entity_type; + that.entity_label = spec.entity_label || that.entity_type; + + that.result = spec.result; + + that.get_entity_pkey = spec.get_entity_pkey; + that.get_entity_name = spec.get_entity_name; + that.get_entity_principal = spec.get_entity_principal; + that.get_entity_certificate = spec.get_entity_certificate; + + var li1, li2, li3; + + function init() { + var pkey = that.get_entity_pkey(that.result); + + var table = $('<table/>').appendTo(that); + + var tr = $('<tr/>').appendTo(table); + + var td = $('<td/>').appendTo(tr); + li1 = $('<li/>', { + 'class': 'certificate-status-valid' + }).appendTo(td); + + td = $('<td/>').appendTo(tr); + td.append('Valid Certificate Present:'); + + td = $('<td/>').appendTo(tr); + $('<input/>', { + 'id': 'get_button', + 'type': 'button', + 'value': 'Get', + 'click': function() { + ipa_cmd(that.entity_type+'_show', [pkey], {}, + function(data, text_status, xhr) { + get_certificate(data.result.result); + } + ); + } + }).appendTo(td); + + $('<input/>', { + 'id': 'revoke_button', + 'type': 'button', + 'value': 'Revoke', + 'click': function() { + ipa_cmd(that.entity_type+'_show', [pkey], {}, + function(data, text_status, xhr) { + revoke_certificate(data.result.result); + } + ); + } + }).appendTo(td); + + $('<input/>', { + 'id': 'view_button', + 'type': 'button', + 'value': 'View', + 'click': function() { + ipa_cmd(that.entity_type+'_show', [pkey], {}, + function(data, text_status, xhr) { + view_certificate(data.result.result); + } + ); + } + }).appendTo(td); + + tr = $('<tr/>').appendTo(table); + + td = $('<td/>').appendTo(tr); + li2 = $('<li/>', { + 'class': 'certificate-status-revoked' + }).appendTo(td); + + td = $('<td/>').appendTo(tr); + td.append('Certificate Revoked:'); + + td = $('<td/>').appendTo(tr); + td.append($('<span/>', { + 'id': 'revocation_reason' + })); + td.append(' '); + + $('<input/>', { + 'id': 'restore_button', + 'type': 'button', + 'value': 'Restore', + 'click': function() { + ipa_cmd(that.entity_type+'_show', [pkey], {}, + function(data, text_status, xhr) { + restore_certificate(data.result.result); + } + ); + } + }).appendTo(td); + + tr = $('<tr/>').appendTo(table); + + td = $('<td/>').appendTo(tr); + li3 = $('<li/>', { + 'class': 'certificate-status-missing' + }).appendTo(td); + + td = $('<td/>').appendTo(tr); + td.append('No Valid Certificate:'); + + td = $('<td/>').appendTo(tr); + $('<input/>', { + 'type': 'button', + 'value': 'New Certificate', + 'click': function() { + request_certificate(that.result); + } + }).appendTo(td); + + var entity_certificate = that.get_entity_certificate(that.result); + if (entity_certificate) { + check_status(that.result.serial_number); + } else { + set_status(CERTIFICATE_STATUS_MISSING); + } + } + + function set_status(status, revocation_reason) { + li1.toggleClass('certificate-status-active', status == CERTIFICATE_STATUS_VALID); + li2.toggleClass('certificate-status-active', status == CERTIFICATE_STATUS_REVOKED); + li3.toggleClass('certificate-status-active', status == CERTIFICATE_STATUS_MISSING); + + $('#get_button', that).css('visibility', status == CERTIFICATE_STATUS_VALID ? 'visible' : 'hidden'); + $('#revoke_button', that).css('visibility', status == CERTIFICATE_STATUS_VALID ? 'visible' : 'hidden'); + $('#view_button', that).css('visibility', status == CERTIFICATE_STATUS_VALID ? 'visible' : 'hidden'); + $('#revocation_reason', that).html(revocation_reason == undefined ? '' : CRL_REASON[revocation_reason]); + $('#restore_button', that).css('visibility', revocation_reason == 6 ? 'visible' : 'hidden'); + } + + function check_status(serial_number) { + ipa_cmd( + 'cert_show', + [serial_number], + { }, + function(data, text_status, xhr) { + var revocation_reason = data.result.result.revocation_reason; + if (revocation_reason == undefined) { + set_status(CERTIFICATE_STATUS_VALID); + } else { + set_status(CERTIFICATE_STATUS_REVOKED, revocation_reason); + } + } + ); + } + + function view_certificate(result) { + + var entity_certificate = that.get_entity_certificate(result); + if (!entity_certificate) { + set_status(CERTIFICATE_STATUS_MISSING); + return; + } + + var entity_name = that.get_entity_name(result); + + var dialog = certificate_view_dialog({ + 'title': 'Certificate for '+that.entity_label+' '+entity_name, + 'subject': result['subject'], + 'serial_number': result['serial_number'], + 'issuer': result['issuer'], + 'issued_on': result['valid_not_before'], + 'expires_on': result['valid_not_after'], + 'md5_fingerprint': result['md5_fingerprint'], + 'sha1_fingerprint': result['sha1_fingerprint'] + }); + + dialog.open(); + } + + function get_certificate(result) { + + var entity_certificate = that.get_entity_certificate(result); + if (!entity_certificate) { + set_status(CERTIFICATE_STATUS_MISSING); + return; + } + + var entity_name = that.get_entity_name(result); + + var dialog = certificate_get_dialog({ + 'title': 'Certificate for '+that.entity_label+' '+entity_name, + 'usercertificate': entity_certificate + }); + + dialog.open(); + } + + function request_certificate(result) { + + var entity_name = that.get_entity_name(result); + var entity_principal = that.get_entity_principal(result); + + var dialog = certificate_request_dialog({ + 'title': 'Issue New Certificate for '+that.entity_label+' '+entity_name, + 'request': function(values) { + var request = values['request']; + + ipa_cmd( + 'cert_request', + [request], + { + 'principal': entity_principal + }, + function(data, text_status, xhr) { + check_status(data.result.result.serial_number); + } + ); + } + }); + + dialog.open(); + } + + function revoke_certificate(result) { + + var entity_certificate = that.get_entity_certificate(result); + if (!entity_certificate) { + set_status(CERTIFICATE_STATUS_MISSING); + return; + } + + var entity_name = that.get_entity_name(result); + var serial_number = result['serial_number']; + + var dialog = certificate_revoke_dialog({ + 'title': 'Revoke Certificate for '+that.entity_label+' '+entity_name, + 'revoke': function(values) { + var reason = values['reason']; + + ipa_cmd( + 'cert_revoke', + [serial_number], + { + 'revocation_reason': reason + }, + function(data, text_status, xhr) { + check_status(serial_number); + } + ); + } + }); + + dialog.open(); + } + + function restore_certificate(result) { + + var entity_certificate = that.get_entity_certificate(result); + if (!entity_certificate) { + set_status(CERTIFICATE_STATUS_MISSING); + return; + } + + var entity_name = that.get_entity_name(result); + var serial_number = result['serial_number']; + + var dialog = certificate_restore_dialog({ + 'title': 'Restore Certificate for '+that.entity_label+' '+entity_name, + 'restore': function(values) { + ipa_cmd( + 'cert_remove_hold', + [serial_number], + { }, + function(data, text_status, xhr) { + check_status(serial_number); + } + ); + } + }); + + dialog.open(); + } + + init(); + + return that; +} |