diff options
Diffstat (limited to 'base/server/python')
| -rw-r--r-- | base/server/python/pki/server/__init__.py | 67 | ||||
| -rw-r--r-- | base/server/python/pki/server/ca.py | 91 | ||||
| -rw-r--r-- | base/server/python/pki/server/cli/subsystem.py | 58 |
3 files changed, 120 insertions, 96 deletions
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 87303cd56..03bb225dc 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -25,6 +25,7 @@ import getpass import grp import io import ldap +import ldap.filter import operator import os import pwd @@ -389,6 +390,72 @@ class PKISubsystem(object): return str(self.instance) + '/' + self.name +class CASubsystem(PKISubsystem): + + def __init__(self, instance): + super(CASubsystem, self).__init__(instance, 'ca') + + def find_cert_requests(self, cert=None): + + base_dn = self.config['internaldb.basedn'] + + if cert: + escaped_value = ldap.filter.escape_filter_chars(cert) + search_filter = '(extdata-req--005fissued--005fcert=%s)' % escaped_value + + else: + search_filter = '(objectClass=*)' + + con = self.open_database() + + entries = con.ldap.search_s( + 'ou=ca,ou=requests,%s' % base_dn, + ldap.SCOPE_ONELEVEL, + search_filter, + None) + + con.close() + + requests = [] + for entry in entries: + requests.append(self.create_request_object(entry)) + + return requests + + def get_cert_requests(self, request_id): + + base_dn = self.config['internaldb.basedn'] + + con = self.open_database() + + entries = con.ldap.search_s( + 'cn=%s,ou=ca,ou=requests,%s' % (request_id, base_dn), + ldap.SCOPE_BASE, + '(objectClass=*)', + None) + + con.close() + + entry = entries[0] + return self.create_request_object(entry) + + def create_request_object(self, entry): + + attrs = entry[1] + + request = {} + request['id'] = attrs['cn'][0] + request['type'] = attrs['requestType'][0] + request['status'] = attrs['requestState'][0] + request['request'] = attrs['extdata-cert--005frequest'][0] + + return request + + +# register CASubsystem +SUBSYSTEM_CLASSES['ca'] = CASubsystem + + class ExternalCert(object): def __init__(self, nickname=None, token=None): diff --git a/base/server/python/pki/server/ca.py b/base/server/python/pki/server/ca.py deleted file mode 100644 index afb281cc1..000000000 --- a/base/server/python/pki/server/ca.py +++ /dev/null @@ -1,91 +0,0 @@ -# Authors: -# Endi S. Dewata <edewata@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2015 Red Hat, Inc. -# All rights reserved. -# - -from __future__ import absolute_import -import ldap -import ldap.filter - -import pki -import pki.server - - -class CASubsystem(pki.server.PKISubsystem): - - def __init__(self, instance): - super(CASubsystem, self).__init__(instance, 'ca') - - def find_cert_requests(self, cert=None): - - base_dn = self.config['internaldb.basedn'] - - if cert: - escaped_value = ldap.filter.escape_filter_chars(cert) - search_filter = '(extdata-req--005fissued--005fcert=%s)' % escaped_value - - else: - search_filter = '(objectClass=*)' - - con = self.open_database() - - entries = con.ldap.search_s( - 'ou=ca,ou=requests,%s' % base_dn, - ldap.SCOPE_ONELEVEL, - search_filter, - None) - - con.close() - - requests = [] - for entry in entries: - requests.append(self.create_request_object(entry)) - - return requests - - def get_cert_requests(self, request_id): - - base_dn = self.config['internaldb.basedn'] - - con = self.open_database() - - entries = con.ldap.search_s( - 'cn=%s,ou=ca,ou=requests,%s' % (request_id, base_dn), - ldap.SCOPE_BASE, - '(objectClass=*)', - None) - - con.close() - - entry = entries[0] - return self.create_request_object(entry) - - def create_request_object(self, entry): - - attrs = entry[1] - - request = {} - request['id'] = attrs['cn'][0] - request['type'] = attrs['requestType'][0] - request['status'] = attrs['requestState'][0] - request['request'] = attrs['extdata-cert--005frequest'][0] - - return request - - -pki.server.SUBSYSTEM_CLASSES['ca'] = CASubsystem diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 45f5be9b4..49215cf46 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -99,6 +99,11 @@ class SubsystemFindCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() self.print_message('%s entries matched' % len(instance.subsystems)) @@ -164,6 +169,11 @@ class SubsystemShowCLI(pki.cli.CLI): subsystem_name = args[0] instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() subsystem = instance.get_subsystem(subsystem_name) @@ -222,6 +232,11 @@ class SubsystemEnableCLI(pki.cli.CLI): subsystem_name = args[0] instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() subsystem = instance.get_subsystem(subsystem_name) @@ -285,6 +300,11 @@ class SubsystemDisableCLI(pki.cli.CLI): subsystem_name = args[0] instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() subsystem = instance.get_subsystem(subsystem_name) @@ -375,6 +395,11 @@ class SubsystemCertFindCLI(pki.cli.CLI): subsystem_name = args[0] instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() subsystem = instance.get_subsystem(subsystem_name) @@ -402,6 +427,7 @@ class SubsystemCertShowCLI(pki.cli.CLI): print('Usage: pki-server subsystem-cert-show [OPTIONS] <subsystem ID> <cert ID>') print() print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).') + print(' --show-all Show all attributes.') print(' -v, --verbose Run in verbose mode.') print(' --help Show help message.') print() @@ -410,7 +436,7 @@ class SubsystemCertShowCLI(pki.cli.CLI): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ - 'instance=', + 'instance=', 'show-all', 'verbose', 'help']) except getopt.GetoptError as e: @@ -419,11 +445,15 @@ class SubsystemCertShowCLI(pki.cli.CLI): sys.exit(1) instance_name = 'pki-tomcat' + show_all = False for o, a in opts: if o in ('-i', '--instance'): instance_name = a + elif o == '--show-all': + show_all = True + elif o in ('-v', '--verbose'): self.set_verbose(True) @@ -451,12 +481,17 @@ class SubsystemCertShowCLI(pki.cli.CLI): cert_id = args[1] instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() subsystem = instance.get_subsystem(subsystem_name) - subsystem_cert = subsystem.get_subsystem_cert(cert_id) + cert = subsystem.get_subsystem_cert(cert_id) - SubsystemCertCLI.print_subsystem_cert(subsystem_cert) + SubsystemCertCLI.print_subsystem_cert(cert, show_all) class SubsystemCertExportCLI(pki.cli.CLI): @@ -568,6 +603,11 @@ class SubsystemCertExportCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() subsystem = instance.get_subsystem(subsystem_name) @@ -684,6 +724,11 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): cert_id = args[1] instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() subsystem = instance.get_subsystem(subsystem_name) @@ -723,8 +768,6 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): self.print_message('Updated "%s" subsystem certificate' % cert_id) - SubsystemCertCLI.print_subsystem_cert(subsystem_cert) - class SubsystemCertValidateCLI(pki.cli.CLI): @@ -783,6 +826,11 @@ class SubsystemCertValidateCLI(pki.cli.CLI): cert_id = None instance = pki.server.PKIInstance(instance_name) + + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + instance.load() subsystem = instance.get_subsystem(subsystem_name) |