diff options
author | Endi S. Dewata <edewata@redhat.com> | 2010-10-15 12:22:01 -0500 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2010-10-15 14:26:07 -0400 |
commit | 4c24581b5cffaffbb200152e1d43931c0d674102 (patch) | |
tree | 2f9aa6c8b7a2875804e1af834c7fc8e02d0a7973 /ipalib | |
parent | acf5f9cad7438268148dff6c6b74d8c63048409a (diff) | |
download | freeipa.git-4c24581b5cffaffbb200152e1d43931c0d674102.tar.gz freeipa.git-4c24581b5cffaffbb200152e1d43931c0d674102.tar.xz freeipa.git-4c24581b5cffaffbb200152e1d43931c0d674102.zip |
Service certificate UI.
The service.py has been modified to include certificate info in
the service-show result if the service contains usercertificate.
A new file certificate.js has been added to store codes related
to certificates (e.g. revocation reasons, dialog boxes). The
service.js has been modified to provide the UI for certificate
management. The certificate.js can also be used for host
certificate management.
The Makefile.am and index.xhtml has been modified to include
certificate.js. New test data files have been added for certificate
operations.
To test revoke and restore operations the server needs to be
installed with dogtag CA instead of self-signed CA.
The certificate status and revocation reason in the details page
will be implemented in subsequent patches. Unit tests will also
be added in subsequent patches.
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/service.py | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 1e1dcd82..8ccdaeac 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -76,6 +76,7 @@ from ipalib.plugins.baseldap import * from ipalib import x509 from ipalib import _, ngettext from ipalib import util +import nss.nss as nss from nss.error import NSPRError @@ -203,7 +204,7 @@ class service(LDAPObject): cli_name='certificate', label=_('Certificate'), doc=_('Base-64 encoded server certificate'), - ), + ) ) api.register(service) @@ -357,7 +358,33 @@ class service_show(LDAPRetrieve): """ member_attributes = ['managedby'] takes_options = LDAPRetrieve.takes_options - has_output_params = LDAPRetrieve.has_output_params + output_params + + has_output_params = LDAPRetrieve.has_output_params + output_params + ( + Str('subject', + label=_('Subject'), + ), + Str('serial_number', + label=_('Serial Number'), + ), + Str('issuer', + label=_('Issuer'), + ), + Str('valid_not_before', + label=_('Not Before'), + ), + Str('valid_not_after', + label=_('Not After'), + ), + Str('md5_fingerprint', + label=_('Fingerprint (MD5)'), + ), + Str('sha1_fingerprint', + label=_('Fingerprint (SHA1)'), + ), + Str('revocation_reason?', + label=_('Revocation reason'), + ) + ) def post_callback(self, ldap, dn, entry_attrs, *keys, **options): if 'krblastpwdchange' in entry_attrs: @@ -367,6 +394,16 @@ class service_show(LDAPRetrieve): else: entry_attrs['has_keytab'] = False + if 'usercertificate' in entry_attrs: + cert = x509.load_certificate(entry_attrs['usercertificate'][0], datatype=x509.DER) + entry_attrs['subject'] = unicode(cert.subject) + entry_attrs['serial_number'] = unicode(cert.serial_number) + entry_attrs['issuer'] = unicode(cert.issuer) + entry_attrs['valid_not_before'] = unicode(cert.valid_not_before_str) + entry_attrs['valid_not_after'] = unicode(cert.valid_not_after_str) + entry_attrs['md5_fingerprint'] = unicode(nss.data_to_hex(nss.md5_digest(cert.der_data), 64)[0]) + entry_attrs['sha1_fingerprint'] = unicode(nss.data_to_hex(nss.sha1_digest(cert.der_data), 64)[0]) + return dn api.register(service_show) |