def get_testcert(subject, principal): """Get the certificate, creating it if it doesn't exist""" reqdir = tempfile.mkdtemp(prefix="tmp-") try: _testcert = makecert(reqdir, subject, principal) finally: shutil.rmtree(reqdir) return x509.strip_header(_testcert)
def forward(self, *args, **options): if self.api.env.context == 'cli': if 'certificate' in options and 'file' in options: raise errors.MutuallyExclusiveError( reason=_("cannot specify both raw certificate and file")) if 'certificate' not in options and 'file' in options: options['certificate'] = x509.strip_header(options.pop('file')) return super(cert_find, self).forward(*args, **options)
def nssdb_cert_to_basecertificate(cert_text): from ipapython import certdb from ipalib import x509 cert, _ = certdb.find_cert_from_txt(cert_text, start=0) cert = x509.strip_header(cert) cert = base64.b64decode(cert) cert = x509.load_certificate(cert, x509.DER) return cert
def get_testcert(): """Get the certificate, creating it if it doesn't exist""" global _testcert if _testcert is None: reqdir = tempfile.mkdtemp(prefix="tmp-") try: _testcert = makecert(reqdir) finally: shutil.rmtree(reqdir) return x509.strip_header(_testcert)
def get_cert(self, nickname, pem=False): args = ['-L', '-n', nickname, '-a'] try: result = self.run_certutil(args, capture_output=True) except ipautil.CalledProcessError: raise RuntimeError("Failed to get %s" % nickname) cert = result.output if not pem: cert, _start = find_cert_from_txt(cert, start=0) cert = x509.strip_header(cert) cert = base64.b64decode(cert) return cert
def get_cert(self, nickname, pem=False): args = ['-L', '-n', nickname, '-a'] try: result = self.run_certutil(args, capture_output=True) except ipautil.CalledProcessError: raise RuntimeError("Failed to get %s" % nickname) cert = result.output if not pem: (cert, start) = find_cert_from_txt(cert, start=0) cert = x509.strip_header(cert) cert = base64.b64decode(cert) return cert
def forward(self, *args, **options): if self.api.env.context == 'cli': if args and 'certificate' in options: raise errors.MutuallyExclusiveError( reason=_("cannot specify both raw certificate and file")) if args: args = [x509.strip_header(args[0])] elif 'certificate' in options: args = [options.pop('certificate')] else: args = [] return super(certmap_match, self).forward(*args, **options)
def get_cert_from_db(self, nickname, pem=True): """ Retrieve a certificate from the current NSS database for nickname. pem controls whether the value returned PEM or DER-encoded. The default is the data straight from certutil -a. """ try: args = ["-L", "-n", nickname, "-a"] (cert, err, returncode) = self.run_certutil(args) if pem: return cert else: (cert, start) = find_cert_from_txt(cert, start=0) cert = x509.strip_header(cert) dercert = base64.b64decode(cert) return dercert except ipautil.CalledProcessError: return ''
dn2 = DN(('fqdn',fqdn2),('cn','computers'),('cn','accounts'), api.env.basedn) fqdn3 = u'testhost2.%s' % api.env.domain short3 = u'testhost2' dn3 = DN(('fqdn',fqdn3),('cn','computers'),('cn','accounts'), api.env.basedn) fqdn4 = u'testhost2.lab.%s' % api.env.domain dn4 = DN(('fqdn',fqdn4),('cn','computers'),('cn','accounts'), api.env.basedn) invalidfqdn1 = u'foo_bar.lab.%s' % api.env.domain # We can use the same cert we generated for the service tests fd = open('ipatests/test_xmlrpc/service.crt', 'r') servercert = fd.readlines() servercert = ''.join(servercert) servercert = x509.strip_header(servercert) fd.close() sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test' sshpubkeyfp = u'13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)' class test_host(Declarative): cleanup_commands = [ ('host_del', [fqdn1], {}), ('host_del', [fqdn2], {}), ('host_del', [fqdn3], {}), ('host_del', [fqdn4], {}), ('service_del', [service1], {}), ]
dn2 = DN(('fqdn', fqdn2), ('cn', 'computers'), ('cn', 'accounts'), api.env.basedn) fqdn3 = u'testhost2.%s' % api.env.domain short3 = u'testhost2' dn3 = DN(('fqdn', fqdn3), ('cn', 'computers'), ('cn', 'accounts'), api.env.basedn) fqdn4 = u'testhost2.lab.%s' % api.env.domain dn4 = DN(('fqdn', fqdn4), ('cn', 'computers'), ('cn', 'accounts'), api.env.basedn) invalidfqdn1 = u'foo_bar.lab.%s' % api.env.domain # We can use the same cert we generated for the service tests fd = open('tests/test_xmlrpc/service.crt', 'r') servercert = fd.readlines() servercert = ''.join(servercert) servercert = x509.strip_header(servercert) fd.close() sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test' sshpubkeyfp = u'13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)' class test_host(Declarative): cleanup_commands = [ ('host_del', [fqdn1], {}), ('host_del', [fqdn2], {}), ('host_del', [fqdn3], {}), ('host_del', [fqdn4], {}), ('service_del', [service1], {}), ]