freeipa.git/ipaclient/plugins, branch cakeysfix FreeIPA patches vault: piped input for ipa vault-add fails 2017-04-28T11:19:51+00:00 Florence Blanc-Renaud flo@redhat.com 2017-04-27T16:20:06+00:00 d5c41ed4ad370c7d74296a830993a5bd3fd32e5f An exception is raised when using echo "Secret123\n" | ipa vault-add myvault This happens because the code is using (string).decode(sys.stdin.encoding) and sys.stdin.encoding is None when the input is read from a pipe. The fix is using the prompt_password method defined by Backend.textui, which gracefully handles this issue. https://pagure.io/freeipa/issue/6907 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
An exception is raised when using echo "Secret123\n" | ipa vault-add myvault

This happens because the code is using (string).decode(sys.stdin.encoding)
and sys.stdin.encoding is None when the input is read from a pipe.
The fix is using the prompt_password method defined by Backend.textui,
which gracefully handles this issue.

https://pagure.io/freeipa/issue/6907

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
csrgen: Modify cert_get_requestdata to return a CertificationRequestInfo 2017-04-03T07:46:30+00:00 Ben Lipton blipton@redhat.com 2017-01-06T16:19:19+00:00 e7588ab2dc73e7f66ebc6cdcfb99470540e37731 Also modify cert_request to use this new format. Note, only PEM private keys are supported for now. NSS databases are not. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Also modify cert_request to use this new format. Note, only PEM private
keys are supported for now. NSS databases are not.

https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Change to pure openssl config format (no script) 2017-04-03T07:46:30+00:00 Ben Lipton blipton@redhat.com 2017-03-21T21:23:46+00:00 136c6c3e2a4f77a27f435efd4a1cd95c9e089314 https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Remove helper abstraction 2017-04-03T07:46:30+00:00 Ben Lipton blipton@redhat.com 2017-03-21T16:21:30+00:00 5420e9cfbe7803808b6e26d2dae64f2a6a50149a All requests now use the OpenSSL formatter. However, we keep Formatter a separate class so that it can be changed out for tests. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
All requests now use the OpenSSL formatter. However, we keep Formatter
a separate class so that it can be changed out for tests.

https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Simplify KRA transport cert cache 2017-03-28T08:10:03+00:00 Christian Heimes cheimes@redhat.com 2017-03-17T09:44:38+00:00 abefb64bea8ea1b8487ad87716e4a335555d19dc In-memory cache causes problem in forking servers. A file based cache is good enough. It's easier to understand and avoids performance regression and synchronization issues when cert becomes out-of-date. https://pagure.io/freeipa/issue/6787 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
In-memory cache causes problem in forking servers. A file based cache is
good enough. It's easier to understand and avoids performance regression
and synchronization issues when cert becomes out-of-date.

https://pagure.io/freeipa/issue/6787
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: hide cert-get-requestdata in CLI 2017-03-14T12:26:16+00:00 Jan Cholasta jcholast@redhat.com 2017-03-14T06:25:19+00:00 72de679eb445c975ec70cd265d37d4927823ce5b The CSR generation feature is supposed to be used from cert-request, hide the internal cert-get-requestdata command in the CLI. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
The CSR generation feature is supposed to be used from cert-request, hide
the internal cert-get-requestdata command in the CLI.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
cert: include certificate chain in cert command output 2017-03-14T11:58:45+00:00 Jan Cholasta jcholast@redhat.com 2017-03-10T09:22:42+00:00 8ed891cb619abd2efd428f767edf760ebf5eec5d Include the full certificate chain in the output of cert-request, cert-show and cert-find if --chain or --all is specified. If output file is specified in the CLI together with --chain, the full certificate chain is written to the file. https://pagure.io/freeipa/issue/6547 Reviewed-By: David Kupka <dkupka@redhat.com> 
Include the full certificate chain in the output of cert-request, cert-show
and cert-find if --chain or --all is specified.

If output file is specified in the CLI together with --chain, the full
certificate chain is written to the file.

https://pagure.io/freeipa/issue/6547

Reviewed-By: David Kupka <dkupka@redhat.com>
cert: add output file option to cert-request 2017-03-14T11:58:45+00:00 Jan Cholasta jcholast@redhat.com 2017-03-10T09:19:53+00:00 c60d9c9744b1f8a7b55bcdda65cce8bb36700bf6 The certificate returned by cert-request can now be saved to a file in the CLI using a new --certificate-out option. Deprecate --out in cert-show in favor of --certificate-out. https://pagure.io/freeipa/issue/6547 Reviewed-By: David Kupka <dkupka@redhat.com> 
The certificate returned by cert-request can now be saved to a file in the
CLI using a new --certificate-out option.

Deprecate --out in cert-show in favor of --certificate-out.

https://pagure.io/freeipa/issue/6547

Reviewed-By: David Kupka <dkupka@redhat.com>
vault: cache the transport certificate on client 2017-03-13T15:02:16+00:00 Jan Cholasta jcholast@redhat.com 2017-02-17T10:25:17+00:00 98bb5397c535e5e1a6c5ade9f0fb918be1d282c3 Cache the KRA transport certificate on disk (in ~/.cache/ipa) as well as in memory. https://fedorahosted.org/freeipa/ticket/6652 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> 
Cache the KRA transport certificate on disk (in ~/.cache/ipa) as well as
in memory.

https://fedorahosted.org/freeipa/ticket/6652

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
certmap: load certificate from file in certmap-match CLI 2017-03-13T08:03:53+00:00 Jan Cholasta jcholast@redhat.com 2017-03-09T06:19:26+00:00 0298ecf441ba38858d7909b8c3b4cc2b4c4e53c4 Load the certificate from a file specified in the first argument. Raw certificate value can be specified using --certificate. https://pagure.io/freeipa/issue/6646 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 
Load the certificate from a file specified in the first argument. Raw
certificate value can be specified using --certificate.

https://pagure.io/freeipa/issue/6646

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>