diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-11-12 17:44:15 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2013-01-23 14:26:41 -0500 |
commit | a40285c5a0288669b72f9d991508d4405885bffc (patch) | |
tree | 2020f8ffa0042a766b6cf06131c257bf8413c76d /ipaserver | |
parent | 18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f (diff) | |
download | freeipa-a40285c5a0288669b72f9d991508d4405885bffc.tar.gz freeipa-a40285c5a0288669b72f9d991508d4405885bffc.tar.xz freeipa-a40285c5a0288669b72f9d991508d4405885bffc.zip |
Update plugin to upload CA certificate to LDAP
Define post-update plugin to upload public CA certificate to IPA LDAP server.
The plugin includes also update file that creates default container for the
certificate.
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/plugins/upload_cacrt.py | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/ipaserver/install/plugins/upload_cacrt.py b/ipaserver/install/plugins/upload_cacrt.py new file mode 100644 index 000000000..d60247b7c --- /dev/null +++ b/ipaserver/install/plugins/upload_cacrt.py @@ -0,0 +1,56 @@ +# Authors: +# Alexander Bokovoy <abokovoy@redhat.com> +# +# Copyright (C) 2012 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from ipaserver.install.plugins import MIDDLE +from ipaserver.install.plugins.baseupdate import PostUpdate +from ipaserver.install.dsinstance import realm_to_serverid, config_dirname +from ipaserver.install import certs +from ipalib import api +from ipapython.dn import DN +import base64 + +class update_upload_cacrt(PostUpdate): + """ + Upload public CA certificate to LDAP + """ + order=MIDDLE + + def execute(self, **options): + ldap = self.obj.backend + (cdn, ipa_config) = ldap.get_ipa_config() + subject_base = ipa_config.get('ipacertificatesubjectbase', [None])[0] + dirname = config_dirname(realm_to_serverid(api.env.realm)) + certdb = certs.CertDB(api.env.realm, nssdir=dirname, subject_base=subject_base) + + dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False) + cadercert = base64.b64encode(dercert) + + updates = {} + dn = DN(('cn', 'CACert'), ('cn', 'ipa'), ('cn','etc'), api.env.basedn) + + cacrt_entry = ['objectclass:nsContainer', + 'objectclass:pkiCA', + 'cn:CAcert', + 'cACertificate;binary:%s' % cadercert, + ] + updates[dn] = {'dn': dn, 'default': cacrt_entry} + + return (False, True, [updates]) + +api.register(update_upload_cacrt) |