1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
#!/usr/bin/python
# Authors:
# Endi S. Dewata <edewata@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Copyright (C) 2015 Red Hat, Inc.
# All rights reserved.
#
from __future__ import absolute_import
import ldap
import ldap.filter
import pki
import pki.server
class CASubsystem(pki.server.PKISubsystem):
def __init__(self, instance):
super(CASubsystem, self).__init__(instance, 'ca')
def find_cert_requests(self, cert=None):
base_dn = self.config['internaldb.basedn']
if cert:
escaped_value = ldap.filter.escape_filter_chars(cert)
search_filter = '(extdata-req--005fissued--005fcert=%s)' % escaped_value
else:
search_filter = '(objectClass=*)'
con = self.open_database()
entries = con.ldap.search_s(
'ou=ca,ou=requests,%s' % base_dn,
ldap.SCOPE_ONELEVEL,
search_filter,
None)
con.close()
requests = []
for entry in entries:
requests.append(self.create_request_object(entry))
return requests
def get_cert_requests(self, request_id):
base_dn = self.config['internaldb.basedn']
con = self.open_database()
entries = con.ldap.search_s(
'cn=%s,ou=ca,ou=requests,%s' % (request_id, base_dn),
ldap.SCOPE_BASE,
'(objectClass=*)',
None)
con.close()
entry = entries[0]
return self.create_request_object(entry)
def create_request_object(self, entry):
attrs = entry[1]
request = {}
request['id'] = attrs['cn'][0]
request['type'] = attrs['requestType'][0]
request['status'] = attrs['requestState'][0]
request['request'] = attrs['extdata-cert--005frequest'][0]
return request
pki.server.SUBSYSTEM_CLASSES['ca'] = CASubsystem
|