summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2012-11-12 17:44:15 -0500
committerRob Crittenden <rcritten@redhat.com>2013-01-23 14:26:41 -0500
commita40285c5a0288669b72f9d991508d4405885bffc (patch)
tree2020f8ffa0042a766b6cf06131c257bf8413c76d /ipaserver
parent18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f (diff)
downloadfreeipa-a40285c5a0288669b72f9d991508d4405885bffc.tar.gz
freeipa-a40285c5a0288669b72f9d991508d4405885bffc.tar.xz
freeipa-a40285c5a0288669b72f9d991508d4405885bffc.zip
Update plugin to upload CA certificate to LDAP
Define post-update plugin to upload public CA certificate to IPA LDAP server. The plugin includes also update file that creates default container for the certificate.
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/plugins/upload_cacrt.py56
1 files changed, 56 insertions, 0 deletions
diff --git a/ipaserver/install/plugins/upload_cacrt.py b/ipaserver/install/plugins/upload_cacrt.py
new file mode 100644
index 000000000..d60247b7c
--- /dev/null
+++ b/ipaserver/install/plugins/upload_cacrt.py
@@ -0,0 +1,56 @@
+# Authors:
+# Alexander Bokovoy <abokovoy@redhat.com>
+#
+# Copyright (C) 2012 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from ipaserver.install.plugins import MIDDLE
+from ipaserver.install.plugins.baseupdate import PostUpdate
+from ipaserver.install.dsinstance import realm_to_serverid, config_dirname
+from ipaserver.install import certs
+from ipalib import api
+from ipapython.dn import DN
+import base64
+
+class update_upload_cacrt(PostUpdate):
+ """
+ Upload public CA certificate to LDAP
+ """
+ order=MIDDLE
+
+ def execute(self, **options):
+ ldap = self.obj.backend
+ (cdn, ipa_config) = ldap.get_ipa_config()
+ subject_base = ipa_config.get('ipacertificatesubjectbase', [None])[0]
+ dirname = config_dirname(realm_to_serverid(api.env.realm))
+ certdb = certs.CertDB(api.env.realm, nssdir=dirname, subject_base=subject_base)
+
+ dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False)
+ cadercert = base64.b64encode(dercert)
+
+ updates = {}
+ dn = DN(('cn', 'CACert'), ('cn', 'ipa'), ('cn','etc'), api.env.basedn)
+
+ cacrt_entry = ['objectclass:nsContainer',
+ 'objectclass:pkiCA',
+ 'cn:CAcert',
+ 'cACertificate;binary:%s' % cadercert,
+ ]
+ updates[dn] = {'dn': dn, 'default': cacrt_entry}
+
+ return (False, True, [updates])
+
+api.register(update_upload_cacrt)