diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-05-14 01:46:06 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-15 07:13:38 +0200 |
commit | 3d4db834caa0688bcefc0092b7978402b783eaf3 (patch) | |
tree | e9fddc70bdff260ce738dc9458938851453d86c0 /ipaserver/plugins/dogtag.py | |
parent | 8135651abb857fbe489a1de8aacad3747d7d5cc9 (diff) | |
download | freeipa-3d4db834caa0688bcefc0092b7978402b783eaf3.tar.gz freeipa-3d4db834caa0688bcefc0092b7978402b783eaf3.tar.xz freeipa-3d4db834caa0688bcefc0092b7978402b783eaf3.zip |
Add 'ca' plugin
This commit adds the 'ca' plugin for creating and managing
lightweight CAs. The initial implementation supports a single level
of sub-CAs underneath the IPA CA.
This commit also:
- adds the container for FreeIPA CA objects
- adds schema for the FreeIPA CA objects
- updates ipa-pki-proxy.conf to allow access to the Dogtag
lightweight CAs REST API.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver/plugins/dogtag.py')
-rw-r--r-- | ipaserver/plugins/dogtag.py | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 197814c4d..20349b05f 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -2073,7 +2073,10 @@ class RestClient(Backend): headers = headers or {} headers['Cookie'] = self.cookie - resource = os.path.join('/ca/rest', self.path, path) + if path is not None: + resource = os.path.join('/ca/rest', self.path, path) + else: + resource = os.path.join('/ca/rest', self.path) # perform main request status, resp_headers, resp_body = dogtag.https_request( @@ -2147,3 +2150,52 @@ class ra_certprofile(RestClient): Delete the profile from Dogtag """ self._ssldo('DELETE', profile_id, headers={'Accept': 'application/json'}) + + +@register() +class ra_lightweight_ca(RestClient): + """ + Lightweight CA management backend plugin. + """ + path = 'authorities' + + def create_ca(self, dn): + """Create CA with the given DN. + + New CA is issued by IPA CA. Nested sub-CAs and unrelated + root CAs are not yet supported. + + Return the (parsed) JSON response from server. + + """ + + assert isinstance(dn, DN) + status, resp_headers, resp_body = self._ssldo( + 'POST', None, + headers={ + 'Content-type': 'application/json', + 'Accept': 'application/json', + }, + body=json.dumps({"parentID": "host-authority", "dn": unicode(dn)}), + ) + try: + return json.loads(resp_body) + except: + raise errors.RemoteRetrieveError(reason=_("Response from CA was not valid JSON")) + + def read_ca(self, ca_id): + status, resp_headers, resp_body = self._ssldo( + 'GET', ca_id, headers={'Accept': 'application/json'}) + try: + return json.loads(resp_body) + except: + raise errors.RemoteRetrieveError(reason=_("Response from CA was not valid JSON")) + + def disable_ca(self, ca_id): + self._ssldo( + 'POST', ca_id + '/disable', + headers={'Accept': 'application/json'}, + ) + + def delete_ca(self, ca_id): + self._ssldo('DELETE', ca_id) |