Ejemplo n.º 1
0
    def test_works_with_lowercase_attr_type_shortname(self, generator):
        principal = {
            'uid': ['testuser'],
            'mail': ['*****@*****.**'],
        }
        template_env = {
            'ipacertificatesubjectbase': [
                'o=DOMAIN.EXAMPLE.COM'  # lower-case attr type shortname
            ],
        }
        config = generator.csr_config(principal, template_env, 'userCert')

        key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048,
            backend=default_backend(),
        )
        adaptor = csrgen.OpenSSLAdaptor(key=key)

        reqinfo = bytes(
            csrgen_ffi.build_requestinfo(
                config.encode('utf-8'), adaptor.get_subject_public_key_info()))
        csr_der = adaptor.sign_csr(reqinfo)
        csr = x509.load_der_x509_csr(csr_der, default_backend())
        assert (csr.subject.get_attributes_for_oid(
            x509.NameOID.COMMON_NAME) == [
                x509.NameAttribute(x509.NameOID.COMMON_NAME, u'testuser')
            ])
        assert (csr.subject.get_attributes_for_oid(
            x509.NameOID.ORGANIZATION_NAME) == [
                x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME,
                                   u'DOMAIN.EXAMPLE.COM')
            ])
Ejemplo n.º 2
0
    def test_works_with_lowercase_attr_type_shortname(self, generator):
        principal = {
            'uid': ['testuser'],
            'mail': ['*****@*****.**'],
        }
        template_env = {
            'ipacertificatesubjectbase': [
                'o=DOMAIN.EXAMPLE.COM'  # lower-case attr type shortname
            ],
        }
        config = generator.csr_config(principal, template_env, 'userCert')

        key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048,
            backend=default_backend(),
        )
        adaptor = csrgen.OpenSSLAdaptor(key=key)

        reqinfo = bytes(csrgen_ffi.build_requestinfo(
            config.encode('utf-8'), adaptor.get_subject_public_key_info()))
        csr_der = adaptor.sign_csr(reqinfo)
        csr = x509.load_der_x509_csr(csr_der, default_backend())
        assert (
            csr.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)
            == [x509.NameAttribute(x509.NameOID.COMMON_NAME, u'testuser')]
        )
        assert (
            csr.subject.get_attributes_for_oid(x509.NameOID.ORGANIZATION_NAME)
            == [x509.NameAttribute(
                x509.NameOID.ORGANIZATION_NAME, u'DOMAIN.EXAMPLE.COM')]
        )
Ejemplo n.º 3
0
    def execute(self, *args, **options):
        # Deferred import, ipaclient.csrgen is expensive to load.
        # see https://pagure.io/freeipa/issue/7484
        from ipaclient import csrgen
        from ipaclient import csrgen_ffi

        if 'out' in options:
            util.check_writable_file(options['out'])

        principal = options.get('principal')
        profile_id = options.get('profile_id')
        if profile_id is None:
            profile_id = dogtag.DEFAULT_PROFILE
        public_key_info = options.get('public_key_info')
        public_key_info = base64.b64decode(public_key_info)

        if self.api.env.in_server:
            backend = self.api.Backend.ldap2
        else:
            backend = self.api.Backend.rpcclient
        if not backend.isconnected():
            backend.connect()

        try:
            if principal.is_host:
                principal_obj = api.Command.host_show(
                    principal.hostname, all=True)
            elif principal.is_service:
                principal_obj = api.Command.service_show(
                    unicode(principal), all=True)
            elif principal.is_user:
                principal_obj = api.Command.user_show(
                    principal.username, all=True)
        except errors.NotFound:
            raise errors.NotFound(
                reason=_("The principal for this request doesn't exist."))
        principal_obj = principal_obj['result']
        config = api.Command.config_show()['result']

        generator = csrgen.CSRGenerator(csrgen.FileRuleProvider())

        csr_config = generator.csr_config(principal_obj, config, profile_id)
        request_info = base64.b64encode(csrgen_ffi.build_requestinfo(
            csr_config.encode('utf8'), public_key_info))

        result = {}
        if 'out' in options:
            with open(options['out'], 'wb') as f:
                f.write(request_info)
        else:
            result = dict(request_info=request_info)

        return dict(
            result=result
        )
Ejemplo n.º 4
0
    def execute(self, *args, **options):
        # Deferred import, ipaclient.csrgen is expensive to load.
        # see https://pagure.io/freeipa/issue/7484
        from ipaclient import csrgen
        from ipaclient import csrgen_ffi

        if 'out' in options:
            util.check_writable_file(options['out'])

        principal = options.get('principal')
        profile_id = options.get('profile_id')
        if profile_id is None:
            profile_id = dogtag.DEFAULT_PROFILE
        public_key_info = options.get('public_key_info')
        public_key_info = base64.b64decode(public_key_info)

        if self.api.env.in_server:
            backend = self.api.Backend.ldap2
        else:
            backend = self.api.Backend.rpcclient
        if not backend.isconnected():
            backend.connect()

        try:
            if principal.is_host:
                principal_obj = api.Command.host_show(principal.hostname,
                                                      all=True)
            elif principal.is_service:
                principal_obj = api.Command.service_show(unicode(principal),
                                                         all=True)
            elif principal.is_user:
                principal_obj = api.Command.user_show(principal.username,
                                                      all=True)
        except errors.NotFound:
            raise errors.NotFound(
                reason=_("The principal for this request doesn't exist."))
        principal_obj = principal_obj['result']
        config = api.Command.config_show()['result']

        generator = csrgen.CSRGenerator(csrgen.FileRuleProvider())

        csr_config = generator.csr_config(principal_obj, config, profile_id)
        request_info = base64.b64encode(
            csrgen_ffi.build_requestinfo(csr_config.encode('utf8'),
                                         public_key_info))

        result = {}
        if 'out' in options:
            with open(options['out'], 'wb') as f:
                f.write(request_info)
        else:
            result = dict(request_info=request_info)

        return dict(result=result)
Ejemplo n.º 5
0
    def test_unrecognised_attr_type_raises(self, generator):
        principal = {
            'uid': ['testuser'],
            'mail': ['*****@*****.**'],
        }
        template_env = {
            'ipacertificatesubjectbase': [
                'X=DOMAIN.EXAMPLE.COM'  # unrecognised attr type
            ],
        }
        config = generator.csr_config(principal, template_env, 'userCert')

        key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048,
            backend=default_backend(),
        )
        adaptor = csrgen.OpenSSLAdaptor(key=key)

        with pytest.raises(errors.CSRTemplateError,
                           match=r'^unrecognised attribute type: X$'):
            csrgen_ffi.build_requestinfo(config.encode('utf-8'),
                                         adaptor.get_subject_public_key_info())
Ejemplo n.º 6
0
    def test_unrecognised_attr_type_raises(self, generator):
        principal = {
            'uid': ['testuser'],
            'mail': ['*****@*****.**'],
        }
        template_env = {
            'ipacertificatesubjectbase': [
                'X=DOMAIN.EXAMPLE.COM'  # unrecognised attr type
            ],
        }
        config = generator.csr_config(principal, template_env, 'userCert')

        key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048,
            backend=default_backend(),
        )
        adaptor = csrgen.OpenSSLAdaptor(key=key)

        with pytest.raises(
                errors.CSRTemplateError,
                message='unrecognised attribute type: X'):
            csrgen_ffi.build_requestinfo(
                config.encode('utf-8'), adaptor.get_subject_public_key_info())