summaryrefslogtreecommitdiffstats
path: root/ipaclient/csrgen.py
Commit message (Collapse)AuthorAgeFilesLines
* Py3: Remove subclassing from objectChristian Heimes2018-09-271-8/+8
| | | | | | | | | Python 2 had old style and new style classes. Python 3 has only new style classes. There is no point to subclass from object any more. See: https://pagure.io/freeipa/issue/7715 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* pylint3: workaround false positives reported for W1662Alexander Bokovoy2018-05-171-2/+2
| | | | | | | | | | | | | | | | | | | | Pylint3 falsely reports warning W1662: using a variable that was bound inside a comprehension for the cases where the same name is reused for a loop after the comprehension in question. Rename the variable in a loop to avoid it. If the code looks like the following: arr = [f for f in filters if callable(f)] for f in arr: result = result + f() pylint3 would consider 'f' used outside of comprehension. Clearly, this is a false-positive warning as the second 'f' use is completely independent of the comprehension's use of 'f'. Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
* csrgen: support initialising OpenSSL adaptor with key objectFraser Tweedale2018-04-251-12/+23
| | | | | | | | | | | As a convenience for using it with the test suite, update the csrgen OpenSSLAdaptor class to support initialisation with a python-cryptography key object, rather than reading the key from a file. Part of: https://pagure.io/freeipa/issue/7496 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* csrgen: update docstring for py3Stanislav Laznicka2017-10-251-1/+1
| | | | https://pagure.io/freeipa/issue/7131
* py3: fix ipa cert-request --database ...Florence Blanc-Renaud2017-10-251-3/+3
| | | | | | Fix bytes vs str issues in ipa cert-request https://pagure.io/freeipa/issue/7148
* csrgen: fix incorrect codec for pyasn BitStringStanislav Laznicka2017-09-081-1/+5
| | | | | | https://pagure.io/freeipa/issue/6874 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* logging: do not use `ipa_log_manager` to create module-level loggersJan Cholasta2017-07-141-4/+4
| | | | | | | | Replace all `ipa_log_manager.log_mgr.get_logger` calls to create module-level loggers with `logging.getLogger` calls and deprecate `ipa_log_manager.log_mgr.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com>
* csrgen: Beginnings of NSS database supportBen Lipton2017-04-031-1/+26
| | | | | | https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* csrgen: Modify cert_get_requestdata to return a CertificationRequestInfoBen Lipton2017-04-031-1/+74
| | | | | | | | | Also modify cert_request to use this new format. Note, only PEM private keys are supported for now. NSS databases are not. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* csrgen: Change to pure openssl config format (no script)Ben Lipton2017-04-031-5/+5
| | | | | | https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* csrgen: Remove helper abstractionBen Lipton2017-04-031-47/+24
| | | | | | | | | All requests now use the OpenSSL formatter. However, we keep Formatter a separate class so that it can be changed out for tests. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Chain CSR generator file loadersChristian Heimes2017-03-081-17/+44
| | | | | | | | | First try custom location, then csrgen subdir in confdir and finally fall back to package data. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Ben Lipton <blipton@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Move csrgen templates into ipaclient packageChristian Heimes2017-03-081-6/+15
| | | | | | | | | | | | csrgen broke packaging of ipaclient for PyPI. All csrgen related resources are now package data of ipaclient package. Package data is accessed with Jinja's PackageLoader() or through pkg_resources. https://pagure.io/freeipa/issue/6714 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Ben Lipton <blipton@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* tests: Add tests for CSR autogenerationBen Lipton2017-01-311-27/+56
| | | | | | | | | This patch also contains some code changes to make the code easier to test and to make the tests pass. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* csrgen: Use data_sources option to define which fields are renderedBen Lipton2017-01-311-13/+27
| | | | | | | | | | | | | | | This removes the ipa.syntaxrule and ipa.datarule macros in favor of simple 'if' statements based on the data referenced in the rules. The 'if' statement for a syntax rule is generated based on the data rules it contains. The Subject DN should not be generated unless all data rules are in place, so the ability to override the logical operator that combines data_sources (from 'or' to 'and') is added. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* csrgen: Add code to generate scripts that generate CSRsBen Lipton2017-01-311-0/+319
Adds a library that uses jinja2 to format a script that, when run, will build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses this library and builds the script for a given principal. The rules are read from json files in /usr/share/ipa/csr, but the rule provider is a separate class so that it can be replaced easily. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 01:46:06 +0000