diff options
| author | Ben Lipton <blipton@redhat.com> | 2016-08-22 10:45:04 -0400 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-01-31 10:20:28 +0100 |
| commit | f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05 (patch) | |
| tree | 1cf61cf3a383542b458673ce0d292f4a7ea0b1be | |
| parent | fc58eff6a3d7fe805e612b8b002304d8b9cd4ba9 (diff) | |
| download | freeipa-f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05.tar.gz freeipa-f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05.tar.xz freeipa-f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05.zip | |
csrgen: Add a CSR generation profile for user certificates
https://fedorahosted.org/freeipa/ticket/4899
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
| -rw-r--r-- | install/share/csrgen/Makefile.am | 3 | ||||
| -rw-r--r-- | install/share/csrgen/profiles/userCert.json | 14 | ||||
| -rw-r--r-- | install/share/csrgen/rules/dataEmail.json | 12 | ||||
| -rw-r--r-- | install/share/csrgen/rules/dataUsernameCN.json | 12 |
4 files changed, 41 insertions, 0 deletions
diff --git a/install/share/csrgen/Makefile.am b/install/share/csrgen/Makefile.am index c9437f5aa..2cd6ce2d1 100644 --- a/install/share/csrgen/Makefile.am +++ b/install/share/csrgen/Makefile.am @@ -3,12 +3,15 @@ NULL = profiledir = $(IPA_DATA_DIR)/csrgen/profiles profile_DATA = \ profiles/caIPAserviceCert.json \ + profiles/userCert.json \ $(NULL) ruledir = $(IPA_DATA_DIR)/csrgen/rules rule_DATA = \ rules/dataDNS.json \ + rules/dataEmail.json \ rules/dataHostCN.json \ + rules/dataUsernameCN.json \ rules/syntaxSAN.json \ rules/syntaxSubject.json \ $(NULL) diff --git a/install/share/csrgen/profiles/userCert.json b/install/share/csrgen/profiles/userCert.json new file mode 100644 index 000000000..d5f822e46 --- /dev/null +++ b/install/share/csrgen/profiles/userCert.json @@ -0,0 +1,14 @@ +[ + { + "syntax": "syntaxSubject", + "data": [ + "dataUsernameCN" + ] + }, + { + "syntax": "syntaxSAN", + "data": [ + "dataEmail" + ] + } +] diff --git a/install/share/csrgen/rules/dataEmail.json b/install/share/csrgen/rules/dataEmail.json new file mode 100644 index 000000000..cfc1f6014 --- /dev/null +++ b/install/share/csrgen/rules/dataEmail.json @@ -0,0 +1,12 @@ +{ + "rules": [ + { + "helper": "openssl", + "template": "email = {{ipa.datafield(subject.mail.0)}}" + }, + { + "helper": "certutil", + "template": "email:{{ipa.datafield(subject.mail.0)|quote}}" + } + ] +} diff --git a/install/share/csrgen/rules/dataUsernameCN.json b/install/share/csrgen/rules/dataUsernameCN.json new file mode 100644 index 000000000..c3e240917 --- /dev/null +++ b/install/share/csrgen/rules/dataUsernameCN.json @@ -0,0 +1,12 @@ +{ + "rules": [ + { + "helper": "openssl", + "template": "{{ipa.datafield(config.ipacertificatesubjectbase.0)}}\nCN={{ipa.datafield(subject.uid.0)}}" + }, + { + "helper": "certutil", + "template": "CN={{ipa.datafield(subject.uid.0)|quote}},{{ipa.datafield(config.ipacertificatesubjectbase.0)|quote}}" + } + ] +} |