diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2010-10-15 23:40:38 -0500 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2010-10-20 09:33:44 -0400 |
| commit | 2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7 (patch) | |
| tree | 7fcaf067b6a46e5c48a6df57b3af2435d39b3ac8 /ipalib | |
| parent | df97bce34904e2b135a4b98d5cd5d59c2bb6b9ac (diff) | |
| download | freeipa-2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7.tar.gz freeipa-2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7.tar.xz freeipa-2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7.zip | |
Host certificate management
The service certificate management UI has been generalized and moved
into certificate.js. The host details page is now using the same code
to manage certificates. The host.py has been modified to return host
certificate info.
The Get/Revoke/View buttons behavior has been modified such that they
are visible only if there is a valid certificate. The Get dialog box
has been fixed to show the correct certificate header and footer.
The ipa.css has been modified to store the style of the status bullets.
New unit tests for certificate has been added. The test data has been
modified to include sample host certificate.
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/host.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index d207f5267..3a63d212f 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -76,6 +76,7 @@ from ipalib.plugins.service import validate_certificate from ipalib import _, ngettext from ipalib import x509 import base64 +import nss.nss as nss def validate_host(ugettext, fqdn): @@ -335,6 +336,30 @@ class host_show(LDAPRetrieve): has_output_params = ( Flag('has_keytab', label=_('Keytab'), + ), + Str('subject', + label=_('Subject'), + ), + Str('serial_number', + label=_('Serial Number'), + ), + Str('issuer', + label=_('Issuer'), + ), + Str('valid_not_before', + label=_('Not Before'), + ), + Str('valid_not_after', + label=_('Not After'), + ), + Str('md5_fingerprint', + label=_('Fingerprint (MD5)'), + ), + Str('sha1_fingerprint', + label=_('Fingerprint (SHA1)'), + ), + Str('revocation_reason?', + label=_('Revocation reason'), ) ) @@ -346,6 +371,16 @@ class host_show(LDAPRetrieve): else: entry_attrs['has_keytab'] = False + if 'usercertificate' in entry_attrs: + cert = x509.load_certificate(entry_attrs['usercertificate'][0], datatype=x509.DER) + entry_attrs['subject'] = unicode(cert.subject) + entry_attrs['serial_number'] = unicode(cert.serial_number) + entry_attrs['issuer'] = unicode(cert.issuer) + entry_attrs['valid_not_before'] = unicode(cert.valid_not_before_str) + entry_attrs['valid_not_after'] = unicode(cert.valid_not_after_str) + entry_attrs['md5_fingerprint'] = unicode(nss.data_to_hex(nss.md5_digest(cert.der_data), 64)[0]) + entry_attrs['sha1_fingerprint'] = unicode(nss.data_to_hex(nss.sha1_digest(cert.der_data), 64)[0]) + return dn api.register(host_show) |