From 2c5f3cfd60575d7c72e6be8124b34c88b90d9fb7 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 15 Oct 2010 23:40:38 -0500
Subject: Host certificate management

The service certificate management UI has been generalized and moved
into certificate.js. The host details page is now using the same code
to manage certificates. The host.py has been modified to return host
certificate info.

The Get/Revoke/View buttons behavior has been modified such that they
are visible only if there is a valid certificate. The Get dialog box
has been fixed to show the correct certificate header and footer.

The ipa.css has been modified to store the style of the status bullets.
New unit tests for certificate has been added. The test data has been
modified to include sample host certificate.
---
 ipalib/plugins/host.py | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index d207f526..3a63d212 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -76,6 +76,7 @@ from ipalib.plugins.service import validate_certificate
 from ipalib import _, ngettext
 from ipalib import x509
 import base64
+import nss.nss as nss
 
 
 def validate_host(ugettext, fqdn):
@@ -335,6 +336,30 @@ class host_show(LDAPRetrieve):
     has_output_params = (
         Flag('has_keytab',
             label=_('Keytab'),
+        ),
+        Str('subject',
+            label=_('Subject'),
+        ),
+        Str('serial_number',
+            label=_('Serial Number'),
+        ),
+        Str('issuer',
+            label=_('Issuer'),
+        ),
+        Str('valid_not_before',
+            label=_('Not Before'),
+        ),
+        Str('valid_not_after',
+            label=_('Not After'),
+        ),
+        Str('md5_fingerprint',
+            label=_('Fingerprint (MD5)'),
+        ),
+        Str('sha1_fingerprint',
+            label=_('Fingerprint (SHA1)'),
+        ),
+        Str('revocation_reason?',
+            label=_('Revocation reason'),
         )
     )
 
@@ -346,6 +371,16 @@ class host_show(LDAPRetrieve):
         else:
             entry_attrs['has_keytab'] = False
 
+        if 'usercertificate' in entry_attrs:
+            cert = x509.load_certificate(entry_attrs['usercertificate'][0], datatype=x509.DER)
+            entry_attrs['subject'] = unicode(cert.subject)
+            entry_attrs['serial_number'] = unicode(cert.serial_number)
+            entry_attrs['issuer'] = unicode(cert.issuer)
+            entry_attrs['valid_not_before'] = unicode(cert.valid_not_before_str)
+            entry_attrs['valid_not_after'] = unicode(cert.valid_not_after_str)
+            entry_attrs['md5_fingerprint'] = unicode(nss.data_to_hex(nss.md5_digest(cert.der_data), 64)[0])
+            entry_attrs['sha1_fingerprint'] = unicode(nss.data_to_hex(nss.sha1_digest(cert.der_data), 64)[0])
+
         return dn
 
 api.register(host_show)
-- 
cgit