From 1dc0a3ab3e145e0f8fdfd71a1205b546a906bd51 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 7 Oct 2010 14:02:44 -0500
Subject: Certificate management for services.

This is an initial implementation of certificate management for
services. It addresses the mechanism required to view and update
certificates. The complete UI implementation will be addressed in
subsequent patches.

On the server side, the service.py has been modified to define
usercertificate in the service object's takes_params. This is
needed to generate the proper JSON metadata which is needed by
the UI. It also has been modified to accept null certificate for
deletion.

On the client side, the service details page has been modified to
display the base64-encoded certificate in a text area. When the
page is saved, the action handler will store the base64-encoded
certificate in the proper JSON structure. Also the service name
and service hostname are now displayed in separate fields.

The details configuration has been modified to support displaying
and updating certificates. The structure is changed to use maps
to define sections and fields. A section contains name, label,
and an array of fields. A field contains name, label, setup
function, load function, and save function. This is used to
implement custom interface and behavior for certificates.

All other entities, test cases, and test data have been updated
accordingly. Some functions and variables have been renamed to
improve clarity and consistency.
---
 ipalib/plugins/service.py | 39 ++++++++++++---------------------------
 1 file changed, 12 insertions(+), 27 deletions(-)

(limited to 'ipalib')

diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index d226f95a2..1e1dcd827 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -131,7 +131,7 @@ def validate_certificate(ugettext, cert):
     """
     For now just verify that it is properly base64-encoded.
     """
-    if util.isvalid_base64(cert):
+    if cert and util.isvalid_base64(cert):
         try:
             base64.b64decode(cert)
         except Exception, e:
@@ -147,6 +147,9 @@ def normalize_certificate(cert):
     Note that this can't be a normalizer on the Param because only unicode
     variables are normalized.
     """
+    if not cert:
+        return cert
+
     if util.isvalid_base64(cert):
         try:
             cert = base64.b64decode(cert)
@@ -196,6 +199,11 @@ class service(LDAPObject):
             primary_key=True,
             normalizer=lambda value: normalize_principal(value),
         ),
+        Bytes('usercertificate?', validate_certificate,
+            cli_name='certificate',
+            label=_('Certificate'),
+            doc=_('Base-64 encoded server certificate'),
+        ),
     )
 
 api.register(service)
@@ -212,11 +220,6 @@ class service_add(LDAPCreate):
         Flag('force',
             doc=_('force principal name even if not in DNS'),
         ),
-        Bytes('usercertificate?', validate_certificate,
-            cli_name='certificate',
-            label=_('Certificate'),
-            doc=_('Base-64 encoded server certificate'),
-        ),
     )
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         (service, hostname, realm) = split_principal(keys[-1])
@@ -287,13 +290,7 @@ class service_mod(LDAPUpdate):
     Modify an existing IPA service.
     """
     msg_summary = _('Modified service "%(value)s"')
-    takes_options = LDAPUpdate.takes_options + (
-        Bytes('usercertificate?', validate_certificate,
-            cli_name='certificate',
-            label=_('Certificate'),
-            doc=_('Base-64 encoded server certificate'),
-        ),
-    )
+    takes_options = LDAPUpdate.takes_options
     has_output_params = LDAPUpdate.has_output_params + output_params
 
     member_attributes = ['managedby']
@@ -326,13 +323,7 @@ class service_find(LDAPSearch):
         '%(count)d service matched', '%(count)d services matched'
     )
     member_attributes = ['managedby']
-    takes_options = LDAPSearch.takes_options + (
-        Bytes('usercertificate?', validate_certificate,
-            cli_name='certificate',
-            label=_('Certificate'),
-            doc=_('Base-64 encoded server certificate'),
-        ),
-    )
+    takes_options = LDAPSearch.takes_options
     has_output_params = LDAPSearch.has_output_params + output_params
     def pre_callback(self, ldap, filter, attrs_list, base_dn, *args, **options):
         # lisp style!
@@ -365,13 +356,7 @@ class service_show(LDAPRetrieve):
     Display information about an IPA service.
     """
     member_attributes = ['managedby']
-    takes_options = LDAPRetrieve.takes_options + (
-        Bytes('usercertificate?', validate_certificate,
-            cli_name='certificate',
-            label=_('Certificate'),
-            doc=_('Base-64 encoded server certificate'),
-        ),
-    )
+    takes_options = LDAPRetrieve.takes_options
     has_output_params = LDAPRetrieve.has_output_params + output_params
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
-- 
cgit