Exemple #1
0
    def forward(self, *keys, **options):
        filename = None
        if 'certificate_out' in options:
            filename = options.pop('certificate_out')
            try:
                util.check_writable_file(filename)
            except errors.FileError as e:
                raise errors.ValidationError(name='certificate-out',
                                             error=str(e))

        result = super(WithCertOutArgs, self).forward(*keys, **options)
        if filename:

            def to_pem(x):
                return x509.make_pem(x)

            if options.get('chain', False):
                ders = result['result']['certificate_chain']
                data = '\n'.join(to_pem(base64.b64encode(der)) for der in ders)
            else:
                data = to_pem(result['result']['certificate'])
            with open(filename, 'wb') as f:
                f.write(data)

        return result
Exemple #2
0
    def forward(self, *keys, **options):
        filename = None
        if 'certificate_out' in options:
            filename = options.pop('certificate_out')
            try:
                util.check_writable_file(filename)
            except errors.FileError as e:
                raise errors.ValidationError(name='certificate-out',
                                             error=str(e))

        result = super(WithCertOutArgs, self).forward(*keys, **options)

        if filename:
            # if result certificate / certificate_chain not present in result,
            # it means Dogtag did not provide it (probably due to LWCA key
            # replication lag or failure.  The server transmits a warning
            # message in this case, which the client automatically prints.
            # So in this section we just ignore it and move on.
            certs = None
            if options.get('chain', False):
                if 'certificate_chain' in result['result']:
                    certs = result['result']['certificate_chain']
            else:
                if 'certificate' in result['result']:
                    certs = [base64.b64decode(result['result']['certificate'])]
            if certs:
                x509.write_certificate_list(
                    (x509.load_der_x509_certificate(cert) for cert in certs),
                    filename)

        return result
Exemple #3
0
    def execute(self, *args, **options):
        # Deferred import, ipaclient.csrgen is expensive to load.
        # see https://pagure.io/freeipa/issue/7484
        from ipaclient import csrgen
        from ipaclient import csrgen_ffi

        if 'out' in options:
            util.check_writable_file(options['out'])

        principal = options.get('principal')
        profile_id = options.get('profile_id')
        if profile_id is None:
            profile_id = dogtag.DEFAULT_PROFILE
        public_key_info = options.get('public_key_info')
        public_key_info = base64.b64decode(public_key_info)

        if self.api.env.in_server:
            backend = self.api.Backend.ldap2
        else:
            backend = self.api.Backend.rpcclient
        if not backend.isconnected():
            backend.connect()

        try:
            if principal.is_host:
                principal_obj = api.Command.host_show(
                    principal.hostname, all=True)
            elif principal.is_service:
                principal_obj = api.Command.service_show(
                    unicode(principal), all=True)
            elif principal.is_user:
                principal_obj = api.Command.user_show(
                    principal.username, all=True)
        except errors.NotFound:
            raise errors.NotFound(
                reason=_("The principal for this request doesn't exist."))
        principal_obj = principal_obj['result']
        config = api.Command.config_show()['result']

        generator = csrgen.CSRGenerator(csrgen.FileRuleProvider())

        csr_config = generator.csr_config(principal_obj, config, profile_id)
        request_info = base64.b64encode(csrgen_ffi.build_requestinfo(
            csr_config.encode('utf8'), public_key_info))

        result = {}
        if 'out' in options:
            with open(options['out'], 'wb') as f:
                f.write(request_info)
        else:
            result = dict(request_info=request_info)

        return dict(
            result=result
        )
Exemple #4
0
 def forward(self, *keys, **options):
     if 'out' in options:
         util.check_writable_file(options['out'])
         result = super(cert_show, self).forward(*keys, **options)
         if 'certificate' in result['result']:
             x509.write_certificate(result['result']['certificate'], options['out'])
             return result
         else:
             raise errors.NoCertificateError(entry=keys[-1])
     else:
         return super(cert_show, self).forward(*keys, **options)
Exemple #5
0
    def execute(self, *args, **options):
        # Deferred import, ipaclient.csrgen is expensive to load.
        # see https://pagure.io/freeipa/issue/7484
        from ipaclient import csrgen
        from ipaclient import csrgen_ffi

        if 'out' in options:
            util.check_writable_file(options['out'])

        principal = options.get('principal')
        profile_id = options.get('profile_id')
        if profile_id is None:
            profile_id = dogtag.DEFAULT_PROFILE
        public_key_info = options.get('public_key_info')
        public_key_info = base64.b64decode(public_key_info)

        if self.api.env.in_server:
            backend = self.api.Backend.ldap2
        else:
            backend = self.api.Backend.rpcclient
        if not backend.isconnected():
            backend.connect()

        try:
            if principal.is_host:
                principal_obj = api.Command.host_show(principal.hostname,
                                                      all=True)
            elif principal.is_service:
                principal_obj = api.Command.service_show(unicode(principal),
                                                         all=True)
            elif principal.is_user:
                principal_obj = api.Command.user_show(principal.username,
                                                      all=True)
        except errors.NotFound:
            raise errors.NotFound(
                reason=_("The principal for this request doesn't exist."))
        principal_obj = principal_obj['result']
        config = api.Command.config_show()['result']

        generator = csrgen.CSRGenerator(csrgen.FileRuleProvider())

        csr_config = generator.csr_config(principal_obj, config, profile_id)
        request_info = base64.b64encode(
            csrgen_ffi.build_requestinfo(csr_config.encode('utf8'),
                                         public_key_info))

        result = {}
        if 'out' in options:
            with open(options['out'], 'wb') as f:
                f.write(request_info)
        else:
            result = dict(request_info=request_info)

        return dict(result=result)
Exemple #6
0
    def forward(self, *keys, **options):
        if "out" in options:
            util.check_writable_file(options["out"])

        result = super(certprofile_show, self).forward(*keys, **options)
        if "out" in options and "config" in result["result"]:
            with open(options["out"], "w") as f:
                f.write(result["result"].pop("config"))
            result["summary"] = _("Profile configuration stored in file '%(file)s'") % dict(file=options["out"])

        return result
Exemple #7
0
 def forward(self, *keys, **options):
     if "out" in options:
         util.check_writable_file(options["out"])
         result = super(service_show, self).forward(*keys, **options)
         if "usercertificate" in result["result"]:
             x509.write_certificate_list(result["result"]["usercertificate"], options["out"])
             result["summary"] = _("Certificate(s) stored in file '%(file)s'") % dict(file=options["out"])
             return result
         else:
             raise errors.NoCertificateError(entry=keys[-1])
     else:
         return super(service_show, self).forward(*keys, **options)
Exemple #8
0
 def forward(self, *keys, **options):
     if 'out' in options:
         util.check_writable_file(options['out'])
         result = super(host_show, self).forward(*keys, **options)
         if 'usercertificate' in result['result']:
             x509.write_certificate(result['result']['usercertificate'][0], options['out'])
             result['summary'] = _('Certificate stored in file \'%(file)s\'') % dict(file=options['out'])
             return result
         else:
             raise errors.NoCertificateError(entry=keys[-1])
     else:
         return super(host_show, self).forward(*keys, **options)
Exemple #9
0
 def forward(self, *keys, **options):
     if 'out' in options:
         util.check_writable_file(options['out'])
         result = super(cert_show, self).forward(*keys, **options)
         if 'certificate' in result['result']:
             x509.write_certificate(result['result']['certificate'],
                                    options['out'])
             return result
         else:
             raise errors.NoCertificateError(entry=keys[-1])
     else:
         return super(cert_show, self).forward(*keys, **options)
Exemple #10
0
 def forward(self, *keys, **options):
     if 'out' in options:
         util.check_writable_file(options['out'])
         result = super(host_show, self).forward(*keys, **options)
         if 'usercertificate' in result['result']:
             x509.write_certificate(result['result']['usercertificate'][0], options['out'])
             result['summary'] = _('Certificate stored in file \'%(file)s\'') % dict(file=options['out'])
             return result
         else:
             raise errors.NoCertificateError(entry=keys[-1])
     else:
         return super(host_show, self).forward(*keys, **options)
Exemple #11
0
    def forward(self, *keys, **options):
        if 'out' in options:
            util.check_writable_file(options['out'])

        result = super(certprofile_show, self).forward(*keys, **options)
        if 'out' in options and 'config' in result['result']:
            with open(options['out'], 'wb') as f:
                f.write(result['result'].pop('config'))
            result['summary'] = (
                _("Profile configuration stored in file '%(file)s'") %
                dict(file=options['out']))

        return result
Exemple #12
0
    def forward(self, *keys, **options):
        if 'out' in options:
            util.check_writable_file(options['out'])

        result = super(certprofile_show, self).forward(*keys, **options)
        if 'out' in options and 'config' in result['result']:
            with open(options['out'], 'w') as f:
                f.write(result['result'].pop('config'))
            result['summary'] = (
                _("Profile configuration stored in file '%(file)s'")
                % dict(file=options['out'])
            )

        return result
Exemple #13
0
    def forward(self, *keys, **options):
        # pop `out` before sending to server as it is only client side option
        out = options.pop('out', None)
        if out:
            util.check_writable_file(out)

        res = super(dns_update_system_records, self).forward(*keys, **options)

        if out and 'result' in res:
            try:
                with open(out, "w") as f:
                    self._nsupdate_output_file(f, res['result'])
            except (OSError, IOError) as e:
                raise errors.FileError(reason=unicode(e))

        return res
Exemple #14
0
    def forward(self, *keys, **options):
        # pop `out` before sending to server as it is only client side option
        out = options.pop('out', None)
        if out:
            util.check_writable_file(out)

        res = super(dns_update_system_records, self).forward(*keys, **options)

        if out and 'result' in res:
            try:
                with open(out, "w") as f:
                    self._nsupdate_output_file(f, res['result'])
            except (OSError, IOError) as e:
                raise errors.FileError(reason=unicode(e))

        return res
Exemple #15
0
 def forward(self, *keys, **options):
     if 'out' in options:
         util.check_writable_file(options['out'])
         result = super(service_show, self).forward(*keys, **options)
         if 'usercertificate' in result['result']:
             certs = (x509.load_der_x509_certificate(c)
                      for c in result['result']['usercertificate'])
             x509.write_certificate_list(certs, options['out'])
             result['summary'] = (
                 _('Certificate(s) stored in file \'%(file)s\'') %
                 dict(file=options['out']))
             return result
         else:
             raise errors.NoCertificateError(entry=keys[-1])
     else:
         return super(service_show, self).forward(*keys, **options)
Exemple #16
0
 def forward(self, *keys, **options):
     if 'out' in options:
         util.check_writable_file(options['out'])
         result = super(service_show, self).forward(*keys, **options)
         if 'usercertificate' in result['result']:
             certs = (x509.load_der_x509_certificate(c)
                      for c in result['result']['usercertificate'])
             x509.write_certificate_list(certs, options['out'])
             result['summary'] = (
                 _('Certificate(s) stored in file \'%(file)s\'')
                 % dict(file=options['out'])
             )
             return result
         else:
             raise errors.NoCertificateError(entry=keys[-1])
     else:
         return super(service_show, self).forward(*keys, **options)
Exemple #17
0
    def forward(self, *args, **options):
        certificate_out = options.pop('certificate_out', None)
        if certificate_out is not None:
            util.check_writable_file(certificate_out)

        result = super(CertRetrieveOverride, self).forward(*args, **options)

        if certificate_out is not None:
            if options.get('chain', False):
                certs = result['result']['certificate_chain']
            else:
                certs = [result['result']['certificate']]
            certs = (x509.normalize_certificate(cert) for cert in certs)
            certs = (x509.make_pem(base64.b64encode(cert)) for cert in certs)
            with open(certificate_out, 'w') as f:
                f.write('\n'.join(certs))

        return result
Exemple #18
0
    def execute(self, *args, **options):
        if 'out' in options:
            util.check_writable_file(options['out'])

        principal = options.get('principal')
        profile_id = options.get('profile_id')
        helper = options.get('helper')

        if self.api.env.in_server:
            backend = self.api.Backend.ldap2
        else:
            backend = self.api.Backend.rpcclient
        if not backend.isconnected():
            backend.connect()

        try:
            if principal.is_host:
                principal_obj = api.Command.host_show(principal.hostname,
                                                      all=True)
            elif principal.is_service:
                principal_obj = api.Command.service_show(unicode(principal),
                                                         all=True)
            elif principal.is_user:
                principal_obj = api.Command.user_show(principal.username,
                                                      all=True)
        except errors.NotFound:
            raise errors.NotFound(
                reason=_("The principal for this request doesn't exist."))
        principal_obj = principal_obj['result']
        config = api.Command.config_show()['result']

        generator = CSRGenerator(FileRuleProvider())

        script = generator.csr_script(principal_obj, config, profile_id,
                                      helper)

        result = {}
        if 'out' in options:
            with open(options['out'], 'wb') as f:
                f.write(script)
        else:
            result = dict(script=script)

        return dict(result=result)
Exemple #19
0
    def forward(self, *keys, **options):
        filename = None
        if 'certificate_out' in options:
            filename = options.pop('certificate_out')
            util.check_writable_file(filename)

        result = super(WithCertOutArgs, self).forward(*keys, **options)
        if filename:
            def to_pem(x):
                return x509.make_pem(x)
            if options.get('chain', False):
                ders = result['result']['certificate_chain']
                data = '\n'.join(to_pem(base64.b64encode(der)) for der in ders)
            else:
                data = to_pem(result['result']['certificate'])
            with open(filename, 'wb') as f:
                f.write(data)

        return result
Exemple #20
0
    def forward(self, *keys, **options):
        filename = None
        if 'certificate_out' in options:
            filename = options.pop('certificate_out')
            try:
                util.check_writable_file(filename)
            except errors.FileError as e:
                raise errors.ValidationError(name='certificate-out',
                                             error=str(e))

        result = super(WithCertOutArgs, self).forward(*keys, **options)
        if filename:
            if options.get('chain', False):
                certs = result['result']['certificate_chain']
            else:
                certs = [base64.b64decode(result['result']['certificate'])]
            certs = (x509.load_der_x509_certificate(cert) for cert in certs)
            x509.write_certificate_list(certs, filename)

        return result
Exemple #21
0
    def forward(self, *keys, **options):
        filename = None
        if 'certificate_out' in options:
            filename = options.pop('certificate_out')
            try:
                util.check_writable_file(filename)
            except errors.FileError as e:
                raise errors.ValidationError(name='certificate-out',
                                             error=str(e))

        result = super(WithCertOutArgs, self).forward(*keys, **options)
        if filename:
            if options.get('chain', False):
                certs = result['result']['certificate_chain']
            else:
                certs = [base64.b64decode(result['result']['certificate'])]
            certs = (x509.load_der_x509_certificate(cert) for cert in certs)
            x509.write_certificate_list(certs, filename)

        return result
Exemple #22
0
    def forward(self, *args, **options):
        if 'certificate_out' in options:
            certificate_out = options.pop('certificate_out')
            try:
                util.check_writable_file(certificate_out)
            except errors.FileError as e:
                raise errors.ValidationError(name='certificate-out',
                                             error=str(e))
        else:
            certificate_out = None

        result = super(CertRetrieveOverride, self).forward(*args, **options)

        if certificate_out is not None:
            if options.get('chain', False):
                certs = result['result']['certificate_chain']
            else:
                certs = [base64.b64decode(result['result']['certificate'])]
            certs = (x509.load_der_x509_certificate(cert) for cert in certs)
            x509.write_certificate_list(certs, certificate_out)

        return result
Exemple #23
0
    def forward(self, *args, **options):
        if 'certificate_out' in options:
            certificate_out = options.pop('certificate_out')
            try:
                util.check_writable_file(certificate_out)
            except errors.FileError as e:
                raise errors.ValidationError(name='certificate-out',
                                             error=str(e))
        else:
            certificate_out = None

        result = super(CertRetrieveOverride, self).forward(*args, **options)

        if certificate_out is not None:
            if options.get('chain', False):
                certs = result['result']['certificate_chain']
            else:
                certs = [result['result']['certificate']]
            certs = (x509.load_der_x509_certificate(base64.b64decode(cert))
                     for cert in certs)
            x509.write_certificate_list(certs, certificate_out)

        return result
Exemple #24
0
    def forward(self, *args, **options):
        if 'certificate_out' in options:
            certificate_out = options.pop('certificate_out')
            try:
                util.check_writable_file(certificate_out)
            except errors.FileError as e:
                raise errors.ValidationError(name='certificate-out',
                                             error=str(e))
        else:
            certificate_out = None

        result = super(CertRetrieveOverride, self).forward(*args, **options)

        if certificate_out is not None:
            if options.get('chain', False):
                certs = result['result']['certificate_chain']
            else:
                certs = [result['result']['certificate']]
            certs = (x509.normalize_certificate(cert) for cert in certs)
            certs = (x509.make_pem(base64.b64encode(cert)) for cert in certs)
            with open(certificate_out, 'w') as f:
                f.write('\n'.join(certs))

        return result