class certmap_match(MethodOverride):
takes_args = (File(
'file?',
label=_("Input file"),
doc=_("File to load the certificate from"),
include='cli',
), )
def get_args(self):
for arg in super(certmap_match, self).get_args():
if arg.name != 'certificate' or self.api.env.context != 'cli':
yield arg
def get_options(self):
for arg in super(certmap_match, self).get_args():
if arg.name == 'certificate' and self.api.env.context == 'cli':
yield arg.clone(required=False)
for option in super(certmap_match, self).get_options():
yield option
def forward(self, *args, **options):
if self.api.env.context == 'cli':
if args and 'certificate' in options:
raise errors.MutuallyExclusiveError(
reason=_("cannot specify both raw certificate and file"))
if args:
args = [x509.load_unknown_x509_certificate(args[0])]
elif 'certificate' in options:
args = [options.pop('certificate')]
else:
args = []
return super(certmap_match, self).forward(*args, **options)
class cert_find(MethodOverride):
takes_options = (File(
'file?',
label=_("Input filename"),
doc=_('File to load the certificate from.'),
include='cli',
), )
def forward(self, *args, **options):
if self.api.env.context == 'cli':
if 'certificate' in options and 'file' in options:
raise errors.MutuallyExclusiveError(
reason=_("cannot specify both raw certificate and file"))
if 'certificate' not in options and 'file' in options:
options['certificate'] = x509.strip_header(options.pop('file'))
return super(cert_find, self).forward(*args, **options)
class cert_get_requestdata(Local):
__doc__ = _('Gather data for a certificate signing request.')
NO_CLI = True
takes_options = (
Principal(
'principal',
label=_('Principal'),
doc=_('Principal for this certificate (e.g.'
' HTTP/test.example.com)'),
),
Str(
'profile_id?',
label=_('Profile ID'),
doc=_('CSR Generation Profile to use'),
),
File(
'public_key_info',
label=_('Subject Public Key Info'),
doc=_('DER-encoded SubjectPublicKeyInfo structure'),
),
Str(
'out?',
doc=_('Write CertificationRequestInfo to file'),
),
)
has_output = (output.Output(
'result',
type=dict,
doc=_('Dictionary mapping variable name to value'),
), )
has_output_params = (Str(
'request_info',
label=_('CertificationRequestInfo structure'),
))
def execute(self, *args, **options):
if 'out' in options:
util.check_writable_file(options['out'])
principal = options.get('principal')
profile_id = options.get('profile_id')
if profile_id is None:
profile_id = dogtag.DEFAULT_PROFILE
public_key_info = options.get('public_key_info')
public_key_info = base64.b64decode(public_key_info)
if self.api.env.in_server:
backend = self.api.Backend.ldap2
else:
backend = self.api.Backend.rpcclient
if not backend.isconnected():
backend.connect()
try:
if principal.is_host:
principal_obj = api.Command.host_show(principal.hostname,
all=True)
elif principal.is_service:
principal_obj = api.Command.service_show(unicode(principal),
all=True)
elif principal.is_user:
principal_obj = api.Command.user_show(principal.username,
all=True)
except errors.NotFound:
raise errors.NotFound(
reason=_("The principal for this request doesn't exist."))
principal_obj = principal_obj['result']
config = api.Command.config_show()['result']
generator = csrgen.CSRGenerator(csrgen.FileRuleProvider())
csr_config = generator.csr_config(principal_obj, config, profile_id)
request_info = base64.b64encode(
csrgen_ffi.build_requestinfo(csr_config.encode('utf8'),
public_key_info))
result = {}
if 'out' in options:
with open(options['out'], 'wb') as f:
f.write(request_info)
else:
result = dict(request_info=request_info)
return dict(result=result)