diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2017-01-06 09:08:52 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-02-23 18:59:01 +0100 |
commit | e2d1b21c5049f68d0336dcaf3f8657b214a34e2b (patch) | |
tree | 848e15f28c283cb4f8ea60c2a1b21cc536e9e98f | |
parent | dcb618152572ca013a447336e13d24399b5f7960 (diff) | |
download | freeipa-e2d1b21c5049f68d0336dcaf3f8657b214a34e2b.tar.gz freeipa-e2d1b21c5049f68d0336dcaf3f8657b214a34e2b.tar.xz freeipa-e2d1b21c5049f68d0336dcaf3f8657b214a34e2b.zip |
Remove md5_fingerprints from IPA
MD5 is a grandpa and FIPS does not like it at all.
https://fedorahosted.org/freeipa/ticket/5695
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
-rwxr-xr-x | install/ui/src/freeipa/certificate.js | 8 | ||||
-rw-r--r-- | install/ui/test/data/cert_request.json | 1 | ||||
-rw-r--r-- | install/ui/test/data/cert_show.json | 1 | ||||
-rw-r--r-- | install/ui/test/data/ipa_init.json | 1 | ||||
-rw-r--r-- | install/ui/test/data/service_show.json | 1 | ||||
-rw-r--r-- | ipaserver/plugins/cert.py | 7 | ||||
-rw-r--r-- | ipaserver/plugins/host.py | 4 | ||||
-rw-r--r-- | ipaserver/plugins/internal.py | 1 | ||||
-rw-r--r-- | ipaserver/plugins/service.py | 6 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_host_plugin.py | 1 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_service_plugin.py | 7 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/host_plugin.py | 2 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/service_plugin.py | 2 |
13 files changed, 2 insertions, 40 deletions
diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js index 4666b1ae5..b86c6cfa1 100755 --- a/install/ui/src/freeipa/certificate.js +++ b/install/ui/src/freeipa/certificate.js @@ -361,7 +361,6 @@ IPA.cert.view_dialog = function(spec) { that.issuer = IPA.cert.parse_dn(spec.certificate.issuer); that.issued_on = spec.certificate.valid_not_before || ''; that.expires_on = spec.certificate.valid_not_after || ''; - that.md5_fingerprint = spec.certificate.md5_fingerprint || ''; that.sha1_fingerprint = spec.certificate.sha1_fingerprint || ''; that.sha256_fingerprint = spec.certificate.sha256_fingerprint || ''; @@ -427,8 +426,6 @@ IPA.cert.view_dialog = function(spec) { table_layout = that.create_layout().appendTo(that.container); - new_row('@i18n:objects.cert.md5_fingerprint', that.md5_fingerprint) - .appendTo(table_layout); new_row('@i18n:objects.cert.sha1_fingerprint', that.sha1_fingerprint) .appendTo(table_layout); new_row('@i18n:objects.cert.sha256_fingerprint', that.sha256_fingerprint) @@ -570,7 +567,6 @@ IPA.cert.loader = function(spec) { var certificate = { issuer: result.issuer, certificate: result.certificate, - md5_fingerprint: result.md5_fingerprint, revocation_reason: result.revocation_reason, serial_number: result.serial_number, serial_number_hex: result.serial_number_hex, @@ -1579,9 +1575,6 @@ exp.create_cert_metadata = function() { add_param('valid_not_after', text.get('@i18n:objects.cert.expires_on'), text.get('@i18n:objects.cert.expires_on')); - add_param('md5_fingerprint', - text.get('@i18n:objects.cert.md5_fingerprint'), - text.get('@i18n:objects.cert.md5_fingerprint')); add_param('sha1_fingerprint', text.get('@i18n:objects.cert.sha1_fingerprint'), text.get('@i18n:objects.cert.sha1_fingerprint')); @@ -1762,7 +1755,6 @@ return { 'valid_not_before', 'valid_not_after', 'sha1_fingerprint', - 'md5_fingerprint', { $type: 'revocation_reason', name: 'revocation_reason' diff --git a/install/ui/test/data/cert_request.json b/install/ui/test/data/cert_request.json index 127183a87..f8d8544a5 100644 --- a/install/ui/test/data/cert_request.json +++ b/install/ui/test/data/cert_request.json @@ -5,7 +5,6 @@ "result": { "certificate": "MIICAjCCAWugAwIBAgICBAswDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTAwNzIzMzk0NFoXDTE1MTAwNzIzMzk0NFowKDEMMAoGA1UECgwDSVBBMRgwFgYDVQQDDA9kZXYuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOTXyj8grVB7Rj95RFawgdwn9OYZ03LWHZ+HMYggu2/xCCrUrdThP14YBlVqZumjVJSclj6T4ACjjdPJq9JTTmx7gMizDTReus7IPlS6fCxb5v5whQJZsEksXL04OxUMl25euPRFkYcTK1rdW47+AkG10j1qeNW+B6CpdQGR6eM/AgMBAAGjOjA4MBEGCWCGSAGG+EIBAQQEAwIGQDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEASIhq723VL5xP0q51MYXFlGU1boD7pPD1pIQspD/MjCIEupcbH2kAo4wf+EiKsXR0rs+WZkaSgvFqaM4OQ2kWSFTiqmFXFDBEi6EFr68yLg7IpQpNTzVBXERd8B4GwNL9wrRw60jPXlUK29DPBsdGq8fDgX18l39wKkWXv7p1to4=", "issuer": "CN=Certificate Authority,O=EXAMPLE.COM", - "md5_fingerprint": "08:86:a9:f9:87:af:0d:d7:42:01:e0:5f:12:9b:32:7f", "request_id": "1", "serial_number": "1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", diff --git a/install/ui/test/data/cert_show.json b/install/ui/test/data/cert_show.json index 3e8a8ab76..4942e6377 100644 --- a/install/ui/test/data/cert_show.json +++ b/install/ui/test/data/cert_show.json @@ -5,7 +5,6 @@ "result": { "certificate": "MIICAjCCAWugAwIBAgICBAswDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTAwNzIzMzk0NFoXDTE1MTAwNzIzMzk0NFowKDEMMAoGA1UECgwDSVBBMRgwFgYDVQQDDA9kZXYuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOTXyj8grVB7Rj95RFawgdwn9OYZ03LWHZ+HMYggu2/xCCrUrdThP14YBlVqZumjVJSclj6T4ACjjdPJq9JTTmx7gMizDTReus7IPlS6fCxb5v5whQJZsEksXL04OxUMl25euPRFkYcTK1rdW47+AkG10j1qeNW+B6CpdQGR6eM/AgMBAAGjOjA4MBEGCWCGSAGG+EIBAQQEAwIGQDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEASIhq723VL5xP0q51MYXFlGU1boD7pPD1pIQspD/MjCIEupcbH2kAo4wf+EiKsXR0rs+WZkaSgvFqaM4OQ2kWSFTiqmFXFDBEi6EFr68yLg7IpQpNTzVBXERd8B4GwNL9wrRw60jPXlUK29DPBsdGq8fDgX18l39wKkWXv7p1to4=", "issuer": "CN=Certificate Authority,O=EXAMPLE.COM", - "md5_fingerprint": "08:86:a9:f9:87:af:0d:d7:42:01:e0:5f:12:9b:32:7f", "serial_number": "1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", "subject": "CN=dev.example.com,O=EXAMPLE.COM", diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 6d11e7338..2fe0ef451 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -277,7 +277,6 @@ "issued_on": "Issued On", "issued_to": "Issued To", "key_compromise": "Key Compromise", - "md5_fingerprint": "MD5 Fingerprint", "missing": "No Valid Certificate", "new_certificate": "New Certificate", "new_cert_format": "Certificate in base64 or PEM format", diff --git a/install/ui/test/data/service_show.json b/install/ui/test/data/service_show.json index 37b85df8d..213dfff81 100644 --- a/install/ui/test/data/service_show.json +++ b/install/ui/test/data/service_show.json @@ -47,7 +47,6 @@ "managedby_host": [ "dev.example.com" ], - "md5_fingerprint": "08:86:a9:f9:87:af:0d:d7:42:01:e0:5f:12:9b:32:7f", "serial_number": "1", "serial_number_hex": "0x1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 08521974f..585a70ef9 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -346,11 +346,6 @@ class BaseCertObject(Object): flags={'no_create', 'no_update', 'no_search'}, ), Str( - 'md5_fingerprint', - label=_('Fingerprint (MD5)'), - flags={'no_create', 'no_update', 'no_search'}, - ), - Str( 'sha1_fingerprint', label=_('Fingerprint (SHA1)'), flags={'no_create', 'no_update', 'no_search'}, @@ -393,8 +388,6 @@ class BaseCertObject(Object): obj['valid_not_after'] = x509.format_datetime( cert.not_valid_after) if full: - obj['md5_fingerprint'] = x509.to_hex_with_colons( - cert.fingerprint(hashes.MD5())) obj['sha1_fingerprint'] = x509.to_hex_with_colons( cert.fingerprint(hashes.SHA1())) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 58e711f34..7ceec8eb4 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -510,10 +510,6 @@ class host(LDAPObject): label=_('Not After'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), - Str('md5_fingerprint', - label=_('Fingerprint (MD5)'), - flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, - ), Str('sha1_fingerprint', label=_('Fingerprint (SHA1)'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py index 0a8139ec0..e82e5fcd4 100644 --- a/ipaserver/plugins/internal.py +++ b/ipaserver/plugins/internal.py @@ -427,7 +427,6 @@ class i18n_messages(Command): "issued_on": _("Issued On"), "issued_to": _("Issued To"), "key_compromise": _("Key Compromise"), - "md5_fingerprint": _("MD5 Fingerprint"), "missing": _("No Valid Certificate"), "new_certificate": _("New Certificate"), "new_cert_format": _("Certificate in base64 or PEM format"), diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index 0c498084a..3349889e0 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -274,8 +274,6 @@ def set_certificate_attrs(entry_attrs): entry_attrs['valid_not_before'] = x509.format_datetime( cert.not_valid_before) entry_attrs['valid_not_after'] = x509.format_datetime(cert.not_valid_after) - entry_attrs['md5_fingerprint'] = x509.to_hex_with_colons( - cert.fingerprint(hashes.MD5())) entry_attrs['sha1_fingerprint'] = x509.to_hex_with_colons( cert.fingerprint(hashes.SHA1())) @@ -504,10 +502,6 @@ class service(LDAPObject): label=_('Not After'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), - Str('md5_fingerprint', - label=_('Fingerprint (MD5)'), - flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, - ), Str('sha1_fingerprint', label=_('Fingerprint (SHA1)'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, diff --git a/ipatests/test_xmlrpc/test_host_plugin.py b/ipatests/test_xmlrpc/test_host_plugin.py index d4384e1d7..e9a962352 100644 --- a/ipatests/test_xmlrpc/test_host_plugin.py +++ b/ipatests/test_xmlrpc/test_host_plugin.py @@ -232,7 +232,6 @@ class TestCRUD(XMLRPC_test): description=[u'Updated host 1'], usercertificate=[base64.b64decode(host_cert)], issuer=fuzzy_issuer, - md5_fingerprint=fuzzy_hash, serial_number=fuzzy_digits, serial_number_hex=fuzzy_hex, sha1_fingerprint=fuzzy_hash, diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py index f3940f457..a2db6fccb 100644 --- a/ipatests/test_xmlrpc/test_service_plugin.py +++ b/ipatests/test_xmlrpc/test_service_plugin.py @@ -465,7 +465,6 @@ class test_service(Declarative): subject=randomissuer, serial_number=fuzzy_digits, serial_number_hex=fuzzy_hex, - md5_fingerprint=fuzzy_hash, sha1_fingerprint=fuzzy_hash, issuer=fuzzy_issuer, ), @@ -488,7 +487,6 @@ class test_service(Declarative): subject=DN(('CN',api.env.host),x509.subject_base()), serial_number=fuzzy_digits, serial_number_hex=fuzzy_hex, - md5_fingerprint=fuzzy_hash, sha1_fingerprint=fuzzy_hash, issuer=fuzzy_issuer, ), @@ -525,7 +523,6 @@ class test_service(Declarative): subject=DN(('CN',api.env.host),x509.subject_base()), serial_number=fuzzy_digits, serial_number_hex=fuzzy_hex, - md5_fingerprint=fuzzy_hash, sha1_fingerprint=fuzzy_hash, issuer=fuzzy_issuer, ), @@ -554,7 +551,6 @@ class test_service(Declarative): subject=DN(('CN',api.env.host),x509.subject_base()), serial_number=fuzzy_digits, serial_number_hex=fuzzy_hex, - md5_fingerprint=fuzzy_hash, sha1_fingerprint=fuzzy_hash, issuer=fuzzy_issuer, ), @@ -579,7 +575,6 @@ class test_service(Declarative): subject=DN(('CN',api.env.host),x509.subject_base()), serial_number=fuzzy_digits, serial_number_hex=fuzzy_hex, - md5_fingerprint=fuzzy_hash, sha1_fingerprint=fuzzy_hash, issuer=fuzzy_issuer, krbticketflags=[u'1048704'], @@ -607,7 +602,6 @@ class test_service(Declarative): subject=DN(('CN',api.env.host),x509.subject_base()), serial_number=fuzzy_digits, serial_number_hex=fuzzy_hex, - md5_fingerprint=fuzzy_hash, sha1_fingerprint=fuzzy_hash, issuer=fuzzy_issuer, krbticketflags=[u'1048577'], @@ -633,7 +627,6 @@ class test_service(Declarative): subject=DN(('CN',api.env.host),x509.subject_base()), serial_number=fuzzy_digits, serial_number_hex=fuzzy_hex, - md5_fingerprint=fuzzy_hash, sha1_fingerprint=fuzzy_hash, issuer=fuzzy_issuer, krbticketflags=[u'1'], diff --git a/ipatests/test_xmlrpc/tracker/host_plugin.py b/ipatests/test_xmlrpc/tracker/host_plugin.py index d98017787..9d25ae1d9 100644 --- a/ipatests/test_xmlrpc/tracker/host_plugin.py +++ b/ipatests/test_xmlrpc/tracker/host_plugin.py @@ -25,7 +25,7 @@ class HostTracker(KerberosAliasMixin, Tracker): retrieve_keys = { 'dn', 'fqdn', 'description', 'l', 'krbcanonicalname', 'krbprincipalname', 'managedby_host', - 'has_keytab', 'has_password', 'issuer', 'md5_fingerprint', + 'has_keytab', 'has_password', 'issuer', 'serial_number', 'serial_number_hex', 'sha1_fingerprint', 'subject', 'usercertificate', 'valid_not_after', 'valid_not_before', 'macaddress', 'sshpubkeyfp', 'ipaallowedtoperform_read_keys_user', diff --git a/ipatests/test_xmlrpc/tracker/service_plugin.py b/ipatests/test_xmlrpc/tracker/service_plugin.py index e0756a87a..1accb6d6e 100644 --- a/ipatests/test_xmlrpc/tracker/service_plugin.py +++ b/ipatests/test_xmlrpc/tracker/service_plugin.py @@ -37,7 +37,7 @@ class ServiceTracker(KerberosAliasMixin, Tracker): u'dn', u'krbprincipalname', u'usercertificate', u'has_keytab', u'ipakrbauthzdata', u'ipaallowedtoperform', u'subject', u'managedby', u'serial_number', u'serial_number_hex', u'issuer', - u'valid_not_before', u'valid_not_after', u'md5_fingerprint', + u'valid_not_before', u'valid_not_after', u'sha1_fingerprint', u'krbprincipalauthind', u'managedby_host', u'krbcanonicalname'} retrieve_all_keys = retrieve_keys | { |