def execute(self, *keys, **options): ca_enabled_check(self.api) result = super(ca_show, self).execute(*keys, **options) msg = set_certificate_attrs(result['result'], options) if msg: self.add_message(msg) return result
def execute(self, *keys, **options): ca_enabled_check(self.api) result = super(ca_find, self).execute(*keys, **options) if not options.get('pkey_only', False): for entry in result['result']: set_certificate_attrs(entry, options, want_cert=False) return result
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options): ca_enabled_check() if not ldap.can_add(dn[1:]): raise errors.ACIError( info=_("Insufficient 'add' privilege for entry '%s'.") % dn) # check for name collision before creating CA in Dogtag try: api.Object.ca.get_dn_if_exists(keys[-1]) self.obj.handle_duplicate_entry(*keys) except errors.NotFound: pass # check for subject collision before creating CA in Dogtag result = api.Command.ca_find(ipacasubjectdn=options['ipacasubjectdn']) if result['count'] > 0: raise errors.DuplicateEntry( message=_("Subject DN is already used by CA '%s'") % result['result'][0]['cn'][0]) # Create the CA in Dogtag. with self.api.Backend.ra_lightweight_ca as ca_api: resp = ca_api.create_ca(options['ipacasubjectdn']) entry['ipacaid'] = [resp['id']] entry['ipacaissuerdn'] = [resp['issuerDN']] # In the event that the issued certificate's subject DN # differs from what was requested, record the actual DN. # entry['ipacasubjectdn'] = [resp['dn']] return dn
def pre_callback(self, ldap, dn, *keys, **options): ca_enabled_check(self.api) # ensure operator has permission to delete CA # before contacting Dogtag if not ldap.can_delete(dn): raise errors.ACIError(info=_( "Insufficient privilege to delete a CA.")) if keys[0] == IPA_CA_CN: raise errors.ProtectedEntryError( label=_("CA"), key=keys[0], reason=_("IPA CA cannot be deleted")) ca_id = self.api.Command.ca_show(keys[0])['result']['ipacaid'][0] with self.api.Backend.ra_lightweight_ca as ca_api: data = ca_api.read_ca(ca_id) if data['enabled']: raise errors.ProtectedEntryError( label=_("CA"), key=keys[0], reason=_("Must be disabled first")) ca_api.delete_ca(ca_id) return dn
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options): ca_enabled_check() if not ldap.can_add(dn[1:]): raise errors.ACIError( info=_("Insufficient 'add' privilege for entry '%s'.") % dn) # check for name collision before creating CA in Dogtag try: api.Object.ca.get_dn_if_exists(keys[-1]) self.obj.handle_duplicate_entry(*keys) except errors.NotFound: pass # check for subject collision before creating CA in Dogtag result = api.Command.ca_find(ipacasubjectdn=options['ipacasubjectdn']) if result['count'] > 0: raise errors.DuplicateEntry(message=_( "Subject DN is already used by CA '%s'" ) % result['result'][0]['cn'][0]) # Create the CA in Dogtag. with self.api.Backend.ra_lightweight_ca as ca_api: resp = ca_api.create_ca(options['ipacasubjectdn']) entry['ipacaid'] = [resp['id']] entry['ipacaissuerdn'] = [resp['issuerDN']] # In the event that the issued certificate's subject DN # differs from what was requested, record the actual DN. # entry['ipacasubjectdn'] = [resp['dn']] return dn
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): ca_enabled_check() if "rename" in options or "cn" in entry_attrs: if keys[0] == IPA_CA_CN: raise errors.ProtectedEntryError(label=_("CA"), key=keys[0], reason=u"IPA CA cannot be renamed") return dn
def execute(self, cn, **options): ca_enabled_check() ca_id = self.api.Command.ca_show(cn)["result"]["ipacaid"][0] with self.api.Backend.ra_lightweight_ca as ca_api: self.perform_action(ca_api, ca_id) return dict(result=True, value=pkey_to_value(cn, options))
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): ca_enabled_check(self.api) if 'rename' in options or 'cn' in entry_attrs: if keys[0] == IPA_CA_CN: raise errors.ProtectedEntryError( label=_("CA"), key=keys[0], reason=u'IPA CA cannot be renamed') return dn
def execute(self, cn, **options): ca_enabled_check() ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0] with self.api.Backend.ra_lightweight_ca as ca_api: self.perform_action(ca_api, ca_id) return dict( result=True, value=pkey_to_value(cn, options), )
def pre_callback(self, ldap, dn, *keys, **options): ca_enabled_check() if keys[0] == IPA_CA_CN: raise errors.ProtectedEntryError(label=_("CA"), key=keys[0], reason=_("IPA CA cannot be deleted")) ca_id = self.api.Command.ca_show(keys[0])["result"]["ipacaid"][0] with self.api.Backend.ra_lightweight_ca as ca_api: ca_api.disable_ca(ca_id) ca_api.delete_ca(ca_id) return dn
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options): ca_enabled_check(self.api) if not ldap.can_add(dn[1:]): raise errors.ACIError( info=_("Insufficient 'add' privilege for entry '%s'.") % dn) # check that DN only includes standard naming attributes dn_attrs = { ava.attr.lower() for rdn in options['ipacasubjectdn'] for ava in rdn } x509_attrs = { attr.lower() for attr in six.viewvalues(ATTR_NAME_BY_OID) } unknown_attrs = dn_attrs - x509_attrs if len(unknown_attrs) > 0: raise errors.ValidationError( name=_("Subject DN"), error=_("Unrecognized attributes: %(attrs)s") % dict(attrs=", ".join(unknown_attrs)) ) # check for name collision before creating CA in Dogtag try: api.Object.ca.get_dn_if_exists(keys[-1]) self.obj.handle_duplicate_entry(*keys) except errors.NotFound: pass # check for subject collision before creating CA in Dogtag result = api.Command.ca_find(ipacasubjectdn=options['ipacasubjectdn']) if result['count'] > 0: raise errors.DuplicateEntry(message=_( "Subject DN is already used by CA '%s'" ) % result['result'][0]['cn'][0]) # Create the CA in Dogtag. with self.api.Backend.ra_lightweight_ca as ca_api: resp = ca_api.create_ca(options['ipacasubjectdn']) entry['ipacaid'] = [resp['id']] entry['ipacaissuerdn'] = [resp['issuerDN']] # In the event that the issued certificate's subject DN # differs from what was requested, record the actual DN. # entry['ipacasubjectdn'] = [resp['dn']] return dn
def pre_callback(self, ldap, dn, *keys, **options): ca_enabled_check() if keys[0] == IPA_CA_CN: raise errors.ProtectedEntryError( label=_("CA"), key=keys[0], reason=_("IPA CA cannot be deleted")) ca_id = self.api.Command.ca_show(keys[0])['result']['ipacaid'][0] with self.api.Backend.ra_lightweight_ca as ca_api: ca_api.disable_ca(ca_id) ca_api.delete_ca(ca_id) return dn
def execute(self, cn, **options): ca_enabled_check(self.api) ca_obj = self.api.Command.ca_show(cn)['result'] # ensure operator has permission to modify CAs if not self.api.Backend.ldap2.can_write(ca_obj['dn'], 'description'): raise errors.ACIError(info=_( "Insufficient privilege to modify a CA.")) with self.api.Backend.ra_lightweight_ca as ca_api: self.perform_action(ca_api, ca_obj['ipacaid'][0]) return dict( result=True, value=pkey_to_value(cn, options), )
def execute(self, cn, **options): ca_enabled_check(self.api) ca_obj = self.api.Command.ca_show(cn)['result'] # ensure operator has permission to modify CAs if not self.api.Backend.ldap2.can_write(ca_obj['dn'], 'description'): raise errors.ACIError( info=_("Insufficient privilege to modify a CA.")) with self.api.Backend.ra_lightweight_ca as ca_api: self.perform_action(ca_api, ca_obj['ipacaid'][0]) return dict( result=True, value=pkey_to_value(cn, options), )
def pre_callback(self, ldap, dn, *keys, **options): ca_enabled_check(self.api) # ensure operator has permission to delete CA # before contacting Dogtag if not ldap.can_delete(dn): raise errors.ACIError(info=_( "Insufficient privilege to delete a CA.")) if keys[0] == IPA_CA_CN: raise errors.ProtectedEntryError( label=_("CA"), key=keys[0], reason=_("IPA CA cannot be deleted")) ca_id = self.api.Command.ca_show(keys[0])['result']['ipacaid'][0] with self.api.Backend.ra_lightweight_ca as ca_api: ca_api.disable_ca(ca_id) ca_api.delete_ca(ca_id) return dn
def execute(self, *keys, **options): ca_enabled_check() result = super(ca_find, self).execute(*keys, **options) for entry in result['result']: set_certificate_attrs(entry, options, want_cert=False) return result
def execute(self, *args, **kwargs): ca_enabled_check() return super(ca_show, self).execute(*args, **kwargs)
def execute(self, *keys, **options): ca_enabled_check() return super(ca_find, self).execute(*keys, **options)
def execute(self, *keys, **options): ca_enabled_check(self.api) result = super(ca_show, self).execute(*keys, **options) set_certificate_attrs(result['result'], options) return result