def get_testcert(subject, principal):
"""Get the certificate, creating it if it doesn't exist"""
reqdir = tempfile.mkdtemp(prefix="tmp-")
try:
_testcert = makecert(reqdir, subject, principal)
finally:
shutil.rmtree(reqdir)
return x509.strip_header(_testcert)
def forward(self, *args, **options):
if self.api.env.context == 'cli':
if 'certificate' in options and 'file' in options:
raise errors.MutuallyExclusiveError(
reason=_("cannot specify both raw certificate and file"))
if 'certificate' not in options and 'file' in options:
options['certificate'] = x509.strip_header(options.pop('file'))
return super(cert_find, self).forward(*args, **options)
def forward(self, *args, **options):
if self.api.env.context == 'cli':
if 'certificate' in options and 'file' in options:
raise errors.MutuallyExclusiveError(
reason=_("cannot specify both raw certificate and file"))
if 'certificate' not in options and 'file' in options:
options['certificate'] = x509.strip_header(options.pop('file'))
return super(cert_find, self).forward(*args, **options)
def nssdb_cert_to_basecertificate(cert_text):
from ipapython import certdb
from ipalib import x509
cert, _ = certdb.find_cert_from_txt(cert_text, start=0)
cert = x509.strip_header(cert)
cert = base64.b64decode(cert)
cert = x509.load_certificate(cert, x509.DER)
return cert
def get_testcert(subject, principal):
"""Get the certificate, creating it if it doesn't exist"""
reqdir = tempfile.mkdtemp(prefix="tmp-")
try:
_testcert = makecert(reqdir, subject,
principal)
finally:
shutil.rmtree(reqdir)
return x509.strip_header(_testcert)
def get_testcert():
"""Get the certificate, creating it if it doesn't exist"""
global _testcert
if _testcert is None:
reqdir = tempfile.mkdtemp(prefix="tmp-")
try:
_testcert = makecert(reqdir)
finally:
shutil.rmtree(reqdir)
return x509.strip_header(_testcert)
def get_testcert():
"""Get the certificate, creating it if it doesn't exist"""
global _testcert
if _testcert is None:
reqdir = tempfile.mkdtemp(prefix="tmp-")
try:
_testcert = makecert(reqdir)
finally:
shutil.rmtree(reqdir)
return x509.strip_header(_testcert)
def get_cert(self, nickname, pem=False):
args = ['-L', '-n', nickname, '-a']
try:
result = self.run_certutil(args, capture_output=True)
except ipautil.CalledProcessError:
raise RuntimeError("Failed to get %s" % nickname)
cert = result.output
if not pem:
cert, _start = find_cert_from_txt(cert, start=0)
cert = x509.strip_header(cert)
cert = base64.b64decode(cert)
return cert
def get_cert(self, nickname, pem=False):
args = ['-L', '-n', nickname, '-a']
try:
result = self.run_certutil(args, capture_output=True)
except ipautil.CalledProcessError:
raise RuntimeError("Failed to get %s" % nickname)
cert = result.output
if not pem:
(cert, start) = find_cert_from_txt(cert, start=0)
cert = x509.strip_header(cert)
cert = base64.b64decode(cert)
return cert
def forward(self, *args, **options):
if self.api.env.context == 'cli':
if args and 'certificate' in options:
raise errors.MutuallyExclusiveError(
reason=_("cannot specify both raw certificate and file"))
if args:
args = [x509.strip_header(args[0])]
elif 'certificate' in options:
args = [options.pop('certificate')]
else:
args = []
return super(certmap_match, self).forward(*args, **options)
def forward(self, *args, **options):
if self.api.env.context == 'cli':
if args and 'certificate' in options:
raise errors.MutuallyExclusiveError(
reason=_("cannot specify both raw certificate and file"))
if args:
args = [x509.strip_header(args[0])]
elif 'certificate' in options:
args = [options.pop('certificate')]
else:
args = []
return super(certmap_match, self).forward(*args, **options)
def get_cert_from_db(self, nickname, pem=True):
"""
Retrieve a certificate from the current NSS database for nickname.
pem controls whether the value returned PEM or DER-encoded. The
default is the data straight from certutil -a.
"""
try:
args = ["-L", "-n", nickname, "-a"]
(cert, err, returncode) = self.run_certutil(args)
if pem:
return cert
else:
(cert, start) = find_cert_from_txt(cert, start=0)
cert = x509.strip_header(cert)
dercert = base64.b64decode(cert)
return dercert
except ipautil.CalledProcessError:
return ''
def get_cert_from_db(self, nickname, pem=True):
"""
Retrieve a certificate from the current NSS database for nickname.
pem controls whether the value returned PEM or DER-encoded. The
default is the data straight from certutil -a.
"""
try:
args = ["-L", "-n", nickname, "-a"]
(cert, err, returncode) = self.run_certutil(args)
if pem:
return cert
else:
(cert, start) = find_cert_from_txt(cert, start=0)
cert = x509.strip_header(cert)
dercert = base64.b64decode(cert)
return dercert
except ipautil.CalledProcessError:
return ''
dn2 = DN(('fqdn',fqdn2),('cn','computers'),('cn','accounts'),
api.env.basedn)
fqdn3 = u'testhost2.%s' % api.env.domain
short3 = u'testhost2'
dn3 = DN(('fqdn',fqdn3),('cn','computers'),('cn','accounts'),
api.env.basedn)
fqdn4 = u'testhost2.lab.%s' % api.env.domain
dn4 = DN(('fqdn',fqdn4),('cn','computers'),('cn','accounts'),
api.env.basedn)
invalidfqdn1 = u'foo_bar.lab.%s' % api.env.domain
# We can use the same cert we generated for the service tests
fd = open('ipatests/test_xmlrpc/service.crt', 'r')
servercert = fd.readlines()
servercert = ''.join(servercert)
servercert = x509.strip_header(servercert)
fd.close()
sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test'
sshpubkeyfp = u'13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)'
class test_host(Declarative):
cleanup_commands = [
('host_del', [fqdn1], {}),
('host_del', [fqdn2], {}),
('host_del', [fqdn3], {}),
('host_del', [fqdn4], {}),
('service_del', [service1], {}),
]
dn2 = DN(('fqdn', fqdn2), ('cn', 'computers'), ('cn', 'accounts'),
api.env.basedn)
fqdn3 = u'testhost2.%s' % api.env.domain
short3 = u'testhost2'
dn3 = DN(('fqdn', fqdn3), ('cn', 'computers'), ('cn', 'accounts'),
api.env.basedn)
fqdn4 = u'testhost2.lab.%s' % api.env.domain
dn4 = DN(('fqdn', fqdn4), ('cn', 'computers'), ('cn', 'accounts'),
api.env.basedn)
invalidfqdn1 = u'foo_bar.lab.%s' % api.env.domain
# We can use the same cert we generated for the service tests
fd = open('tests/test_xmlrpc/service.crt', 'r')
servercert = fd.readlines()
servercert = ''.join(servercert)
servercert = x509.strip_header(servercert)
fd.close()
sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test'
sshpubkeyfp = u'13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)'
class test_host(Declarative):
cleanup_commands = [
('host_del', [fqdn1], {}),
('host_del', [fqdn2], {}),
('host_del', [fqdn3], {}),
('host_del', [fqdn4], {}),
('service_del', [service1], {}),
]
