diff options
author | Ben Lipton <blipton@redhat.com> | 2016-08-22 10:43:49 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-01-31 10:20:28 +0100 |
commit | fc58eff6a3d7fe805e612b8b002304d8b9cd4ba9 (patch) | |
tree | 8eba8d4bbe46d2dd4de69ba079956c3c57475de0 /install/share | |
parent | 10ef5947860f5098182b1f95c08c1158e2da15f9 (diff) | |
download | freeipa-fc58eff6a3d7fe805e612b8b002304d8b9cd4ba9.tar.gz freeipa-fc58eff6a3d7fe805e612b8b002304d8b9cd4ba9.tar.xz freeipa-fc58eff6a3d7fe805e612b8b002304d8b9cd4ba9.zip |
csrgen: Add CSR generation profile for caIPAserviceCert
https://fedorahosted.org/freeipa/ticket/4899
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/csrgen/Makefile.am | 5 | ||||
-rw-r--r-- | install/share/csrgen/profiles/caIPAserviceCert.json | 14 | ||||
-rw-r--r-- | install/share/csrgen/rules/dataDNS.json | 12 | ||||
-rw-r--r-- | install/share/csrgen/rules/dataHostCN.json | 12 | ||||
-rw-r--r-- | install/share/csrgen/rules/syntaxSAN.json | 15 | ||||
-rw-r--r-- | install/share/csrgen/rules/syntaxSubject.json | 15 |
6 files changed, 73 insertions, 0 deletions
diff --git a/install/share/csrgen/Makefile.am b/install/share/csrgen/Makefile.am index 7b718cca1..c9437f5aa 100644 --- a/install/share/csrgen/Makefile.am +++ b/install/share/csrgen/Makefile.am @@ -2,10 +2,15 @@ NULL = profiledir = $(IPA_DATA_DIR)/csrgen/profiles profile_DATA = \ + profiles/caIPAserviceCert.json \ $(NULL) ruledir = $(IPA_DATA_DIR)/csrgen/rules rule_DATA = \ + rules/dataDNS.json \ + rules/dataHostCN.json \ + rules/syntaxSAN.json \ + rules/syntaxSubject.json \ $(NULL) templatedir = $(IPA_DATA_DIR)/csrgen/templates diff --git a/install/share/csrgen/profiles/caIPAserviceCert.json b/install/share/csrgen/profiles/caIPAserviceCert.json new file mode 100644 index 000000000..0d1be5e9b --- /dev/null +++ b/install/share/csrgen/profiles/caIPAserviceCert.json @@ -0,0 +1,14 @@ +[ + { + "syntax": "syntaxSubject", + "data": [ + "dataHostCN" + ] + }, + { + "syntax": "syntaxSAN", + "data": [ + "dataDNS" + ] + } +] diff --git a/install/share/csrgen/rules/dataDNS.json b/install/share/csrgen/rules/dataDNS.json new file mode 100644 index 000000000..f0aadca3a --- /dev/null +++ b/install/share/csrgen/rules/dataDNS.json @@ -0,0 +1,12 @@ +{ + "rules": [ + { + "helper": "openssl", + "template": "DNS = {{ipa.datafield(subject.krbprincipalname.0.partition('/')[2].partition('@')[0])}}" + }, + { + "helper": "certutil", + "template": "dns:{{ipa.datafield(subject.krbprincipalname.0.partition('/')[2].partition('@')[0])|quote}}" + } + ] +} diff --git a/install/share/csrgen/rules/dataHostCN.json b/install/share/csrgen/rules/dataHostCN.json new file mode 100644 index 000000000..172c7ec51 --- /dev/null +++ b/install/share/csrgen/rules/dataHostCN.json @@ -0,0 +1,12 @@ +{ + "rules": [ + { + "helper": "openssl", + "template": "{{ipa.datafield(config.ipacertificatesubjectbase.0)}}\nCN={{ipa.datafield(subject.krbprincipalname.0.partition('/')[2].partition('@')[0])}}" + }, + { + "helper": "certutil", + "template": "CN={{ipa.datafield(subject.krbprincipalname.0.partition('/')[2].partition('@')[0])|quote}},{{ipa.datafield(config.ipacertificatesubjectbase.0)|quote}}" + } + ] +} diff --git a/install/share/csrgen/rules/syntaxSAN.json b/install/share/csrgen/rules/syntaxSAN.json new file mode 100644 index 000000000..122eb1244 --- /dev/null +++ b/install/share/csrgen/rules/syntaxSAN.json @@ -0,0 +1,15 @@ +{ + "rules": [ + { + "helper": "openssl", + "template": "subjectAltName = @{% call openssl.section() %}{{ datarules|join('\n') }}{% endcall %}", + "options": { + "extension": true + } + }, + { + "helper": "certutil", + "template": "--extSAN {{ datarules|join(',') }}" + } + ] +} diff --git a/install/share/csrgen/rules/syntaxSubject.json b/install/share/csrgen/rules/syntaxSubject.json new file mode 100644 index 000000000..7dfa9325d --- /dev/null +++ b/install/share/csrgen/rules/syntaxSubject.json @@ -0,0 +1,15 @@ +{ + "rules": [ + { + "helper": "openssl", + "template": "distinguished_name = {% call openssl.section() %}{{ datarules|first }}{% endcall %}" + }, + { + "helper": "certutil", + "template": "-s {{ datarules|first }}" + } + ], + "options": { + "required": true + } +} |