diff options
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/service.py | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 1e1dcd82..8ccdaeac 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -76,6 +76,7 @@ from ipalib.plugins.baseldap import * from ipalib import x509 from ipalib import _, ngettext from ipalib import util +import nss.nss as nss from nss.error import NSPRError @@ -203,7 +204,7 @@ class service(LDAPObject): cli_name='certificate', label=_('Certificate'), doc=_('Base-64 encoded server certificate'), - ), + ) ) api.register(service) @@ -357,7 +358,33 @@ class service_show(LDAPRetrieve): """ member_attributes = ['managedby'] takes_options = LDAPRetrieve.takes_options - has_output_params = LDAPRetrieve.has_output_params + output_params + + has_output_params = LDAPRetrieve.has_output_params + output_params + ( + Str('subject', + label=_('Subject'), + ), + Str('serial_number', + label=_('Serial Number'), + ), + Str('issuer', + label=_('Issuer'), + ), + Str('valid_not_before', + label=_('Not Before'), + ), + Str('valid_not_after', + label=_('Not After'), + ), + Str('md5_fingerprint', + label=_('Fingerprint (MD5)'), + ), + Str('sha1_fingerprint', + label=_('Fingerprint (SHA1)'), + ), + Str('revocation_reason?', + label=_('Revocation reason'), + ) + ) def post_callback(self, ldap, dn, entry_attrs, *keys, **options): if 'krblastpwdchange' in entry_attrs: @@ -367,6 +394,16 @@ class service_show(LDAPRetrieve): else: entry_attrs['has_keytab'] = False + if 'usercertificate' in entry_attrs: + cert = x509.load_certificate(entry_attrs['usercertificate'][0], datatype=x509.DER) + entry_attrs['subject'] = unicode(cert.subject) + entry_attrs['serial_number'] = unicode(cert.serial_number) + entry_attrs['issuer'] = unicode(cert.issuer) + entry_attrs['valid_not_before'] = unicode(cert.valid_not_before_str) + entry_attrs['valid_not_after'] = unicode(cert.valid_not_after_str) + entry_attrs['md5_fingerprint'] = unicode(nss.data_to_hex(nss.md5_digest(cert.der_data), 64)[0]) + entry_attrs['sha1_fingerprint'] = unicode(nss.data_to_hex(nss.sha1_digest(cert.der_data), 64)[0]) + return dn api.register(service_show) |