def forward(self, *keys, **options): filename = None if 'certificate_out' in options: filename = options.pop('certificate_out') try: util.check_writable_file(filename) except errors.FileError as e: raise errors.ValidationError(name='certificate-out', error=str(e)) result = super(WithCertOutArgs, self).forward(*keys, **options) if filename: def to_pem(x): return x509.make_pem(x) if options.get('chain', False): ders = result['result']['certificate_chain'] data = '\n'.join(to_pem(base64.b64encode(der)) for der in ders) else: data = to_pem(result['result']['certificate']) with open(filename, 'wb') as f: f.write(data) return result
def forward(self, *keys, **options): filename = None if 'certificate_out' in options: filename = options.pop('certificate_out') try: util.check_writable_file(filename) except errors.FileError as e: raise errors.ValidationError(name='certificate-out', error=str(e)) result = super(WithCertOutArgs, self).forward(*keys, **options) if filename: # if result certificate / certificate_chain not present in result, # it means Dogtag did not provide it (probably due to LWCA key # replication lag or failure. The server transmits a warning # message in this case, which the client automatically prints. # So in this section we just ignore it and move on. certs = None if options.get('chain', False): if 'certificate_chain' in result['result']: certs = result['result']['certificate_chain'] else: if 'certificate' in result['result']: certs = [base64.b64decode(result['result']['certificate'])] if certs: x509.write_certificate_list( (x509.load_der_x509_certificate(cert) for cert in certs), filename) return result
def execute(self, *args, **options): # Deferred import, ipaclient.csrgen is expensive to load. # see https://pagure.io/freeipa/issue/7484 from ipaclient import csrgen from ipaclient import csrgen_ffi if 'out' in options: util.check_writable_file(options['out']) principal = options.get('principal') profile_id = options.get('profile_id') if profile_id is None: profile_id = dogtag.DEFAULT_PROFILE public_key_info = options.get('public_key_info') public_key_info = base64.b64decode(public_key_info) if self.api.env.in_server: backend = self.api.Backend.ldap2 else: backend = self.api.Backend.rpcclient if not backend.isconnected(): backend.connect() try: if principal.is_host: principal_obj = api.Command.host_show( principal.hostname, all=True) elif principal.is_service: principal_obj = api.Command.service_show( unicode(principal), all=True) elif principal.is_user: principal_obj = api.Command.user_show( principal.username, all=True) except errors.NotFound: raise errors.NotFound( reason=_("The principal for this request doesn't exist.")) principal_obj = principal_obj['result'] config = api.Command.config_show()['result'] generator = csrgen.CSRGenerator(csrgen.FileRuleProvider()) csr_config = generator.csr_config(principal_obj, config, profile_id) request_info = base64.b64encode(csrgen_ffi.build_requestinfo( csr_config.encode('utf8'), public_key_info)) result = {} if 'out' in options: with open(options['out'], 'wb') as f: f.write(request_info) else: result = dict(request_info=request_info) return dict( result=result )
def forward(self, *keys, **options): if 'out' in options: util.check_writable_file(options['out']) result = super(cert_show, self).forward(*keys, **options) if 'certificate' in result['result']: x509.write_certificate(result['result']['certificate'], options['out']) return result else: raise errors.NoCertificateError(entry=keys[-1]) else: return super(cert_show, self).forward(*keys, **options)
def execute(self, *args, **options): # Deferred import, ipaclient.csrgen is expensive to load. # see https://pagure.io/freeipa/issue/7484 from ipaclient import csrgen from ipaclient import csrgen_ffi if 'out' in options: util.check_writable_file(options['out']) principal = options.get('principal') profile_id = options.get('profile_id') if profile_id is None: profile_id = dogtag.DEFAULT_PROFILE public_key_info = options.get('public_key_info') public_key_info = base64.b64decode(public_key_info) if self.api.env.in_server: backend = self.api.Backend.ldap2 else: backend = self.api.Backend.rpcclient if not backend.isconnected(): backend.connect() try: if principal.is_host: principal_obj = api.Command.host_show(principal.hostname, all=True) elif principal.is_service: principal_obj = api.Command.service_show(unicode(principal), all=True) elif principal.is_user: principal_obj = api.Command.user_show(principal.username, all=True) except errors.NotFound: raise errors.NotFound( reason=_("The principal for this request doesn't exist.")) principal_obj = principal_obj['result'] config = api.Command.config_show()['result'] generator = csrgen.CSRGenerator(csrgen.FileRuleProvider()) csr_config = generator.csr_config(principal_obj, config, profile_id) request_info = base64.b64encode( csrgen_ffi.build_requestinfo(csr_config.encode('utf8'), public_key_info)) result = {} if 'out' in options: with open(options['out'], 'wb') as f: f.write(request_info) else: result = dict(request_info=request_info) return dict(result=result)
def forward(self, *keys, **options): if "out" in options: util.check_writable_file(options["out"]) result = super(certprofile_show, self).forward(*keys, **options) if "out" in options and "config" in result["result"]: with open(options["out"], "w") as f: f.write(result["result"].pop("config")) result["summary"] = _("Profile configuration stored in file '%(file)s'") % dict(file=options["out"]) return result
def forward(self, *keys, **options): if "out" in options: util.check_writable_file(options["out"]) result = super(service_show, self).forward(*keys, **options) if "usercertificate" in result["result"]: x509.write_certificate_list(result["result"]["usercertificate"], options["out"]) result["summary"] = _("Certificate(s) stored in file '%(file)s'") % dict(file=options["out"]) return result else: raise errors.NoCertificateError(entry=keys[-1]) else: return super(service_show, self).forward(*keys, **options)
def forward(self, *keys, **options): if 'out' in options: util.check_writable_file(options['out']) result = super(host_show, self).forward(*keys, **options) if 'usercertificate' in result['result']: x509.write_certificate(result['result']['usercertificate'][0], options['out']) result['summary'] = _('Certificate stored in file \'%(file)s\'') % dict(file=options['out']) return result else: raise errors.NoCertificateError(entry=keys[-1]) else: return super(host_show, self).forward(*keys, **options)
def forward(self, *keys, **options): if 'out' in options: util.check_writable_file(options['out']) result = super(certprofile_show, self).forward(*keys, **options) if 'out' in options and 'config' in result['result']: with open(options['out'], 'wb') as f: f.write(result['result'].pop('config')) result['summary'] = ( _("Profile configuration stored in file '%(file)s'") % dict(file=options['out'])) return result
def forward(self, *keys, **options): if 'out' in options: util.check_writable_file(options['out']) result = super(certprofile_show, self).forward(*keys, **options) if 'out' in options and 'config' in result['result']: with open(options['out'], 'w') as f: f.write(result['result'].pop('config')) result['summary'] = ( _("Profile configuration stored in file '%(file)s'") % dict(file=options['out']) ) return result
def forward(self, *keys, **options): # pop `out` before sending to server as it is only client side option out = options.pop('out', None) if out: util.check_writable_file(out) res = super(dns_update_system_records, self).forward(*keys, **options) if out and 'result' in res: try: with open(out, "w") as f: self._nsupdate_output_file(f, res['result']) except (OSError, IOError) as e: raise errors.FileError(reason=unicode(e)) return res
def forward(self, *keys, **options): if 'out' in options: util.check_writable_file(options['out']) result = super(service_show, self).forward(*keys, **options) if 'usercertificate' in result['result']: certs = (x509.load_der_x509_certificate(c) for c in result['result']['usercertificate']) x509.write_certificate_list(certs, options['out']) result['summary'] = ( _('Certificate(s) stored in file \'%(file)s\'') % dict(file=options['out'])) return result else: raise errors.NoCertificateError(entry=keys[-1]) else: return super(service_show, self).forward(*keys, **options)
def forward(self, *keys, **options): if 'out' in options: util.check_writable_file(options['out']) result = super(service_show, self).forward(*keys, **options) if 'usercertificate' in result['result']: certs = (x509.load_der_x509_certificate(c) for c in result['result']['usercertificate']) x509.write_certificate_list(certs, options['out']) result['summary'] = ( _('Certificate(s) stored in file \'%(file)s\'') % dict(file=options['out']) ) return result else: raise errors.NoCertificateError(entry=keys[-1]) else: return super(service_show, self).forward(*keys, **options)
def forward(self, *args, **options): certificate_out = options.pop('certificate_out', None) if certificate_out is not None: util.check_writable_file(certificate_out) result = super(CertRetrieveOverride, self).forward(*args, **options) if certificate_out is not None: if options.get('chain', False): certs = result['result']['certificate_chain'] else: certs = [result['result']['certificate']] certs = (x509.normalize_certificate(cert) for cert in certs) certs = (x509.make_pem(base64.b64encode(cert)) for cert in certs) with open(certificate_out, 'w') as f: f.write('\n'.join(certs)) return result
def execute(self, *args, **options): if 'out' in options: util.check_writable_file(options['out']) principal = options.get('principal') profile_id = options.get('profile_id') helper = options.get('helper') if self.api.env.in_server: backend = self.api.Backend.ldap2 else: backend = self.api.Backend.rpcclient if not backend.isconnected(): backend.connect() try: if principal.is_host: principal_obj = api.Command.host_show(principal.hostname, all=True) elif principal.is_service: principal_obj = api.Command.service_show(unicode(principal), all=True) elif principal.is_user: principal_obj = api.Command.user_show(principal.username, all=True) except errors.NotFound: raise errors.NotFound( reason=_("The principal for this request doesn't exist.")) principal_obj = principal_obj['result'] config = api.Command.config_show()['result'] generator = CSRGenerator(FileRuleProvider()) script = generator.csr_script(principal_obj, config, profile_id, helper) result = {} if 'out' in options: with open(options['out'], 'wb') as f: f.write(script) else: result = dict(script=script) return dict(result=result)
def forward(self, *keys, **options): filename = None if 'certificate_out' in options: filename = options.pop('certificate_out') util.check_writable_file(filename) result = super(WithCertOutArgs, self).forward(*keys, **options) if filename: def to_pem(x): return x509.make_pem(x) if options.get('chain', False): ders = result['result']['certificate_chain'] data = '\n'.join(to_pem(base64.b64encode(der)) for der in ders) else: data = to_pem(result['result']['certificate']) with open(filename, 'wb') as f: f.write(data) return result
def forward(self, *keys, **options): filename = None if 'certificate_out' in options: filename = options.pop('certificate_out') try: util.check_writable_file(filename) except errors.FileError as e: raise errors.ValidationError(name='certificate-out', error=str(e)) result = super(WithCertOutArgs, self).forward(*keys, **options) if filename: if options.get('chain', False): certs = result['result']['certificate_chain'] else: certs = [base64.b64decode(result['result']['certificate'])] certs = (x509.load_der_x509_certificate(cert) for cert in certs) x509.write_certificate_list(certs, filename) return result
def forward(self, *args, **options): if 'certificate_out' in options: certificate_out = options.pop('certificate_out') try: util.check_writable_file(certificate_out) except errors.FileError as e: raise errors.ValidationError(name='certificate-out', error=str(e)) else: certificate_out = None result = super(CertRetrieveOverride, self).forward(*args, **options) if certificate_out is not None: if options.get('chain', False): certs = result['result']['certificate_chain'] else: certs = [base64.b64decode(result['result']['certificate'])] certs = (x509.load_der_x509_certificate(cert) for cert in certs) x509.write_certificate_list(certs, certificate_out) return result
def forward(self, *args, **options): if 'certificate_out' in options: certificate_out = options.pop('certificate_out') try: util.check_writable_file(certificate_out) except errors.FileError as e: raise errors.ValidationError(name='certificate-out', error=str(e)) else: certificate_out = None result = super(CertRetrieveOverride, self).forward(*args, **options) if certificate_out is not None: if options.get('chain', False): certs = result['result']['certificate_chain'] else: certs = [result['result']['certificate']] certs = (x509.load_der_x509_certificate(base64.b64decode(cert)) for cert in certs) x509.write_certificate_list(certs, certificate_out) return result
def forward(self, *args, **options): if 'certificate_out' in options: certificate_out = options.pop('certificate_out') try: util.check_writable_file(certificate_out) except errors.FileError as e: raise errors.ValidationError(name='certificate-out', error=str(e)) else: certificate_out = None result = super(CertRetrieveOverride, self).forward(*args, **options) if certificate_out is not None: if options.get('chain', False): certs = result['result']['certificate_chain'] else: certs = [result['result']['certificate']] certs = (x509.normalize_certificate(cert) for cert in certs) certs = (x509.make_pem(base64.b64encode(cert)) for cert in certs) with open(certificate_out, 'w') as f: f.write('\n'.join(certs)) return result