def revoke_certificate(self, serial_number, revocation_reason=0):
"""
Revoke a certificate.
The integer ``revocation_reason`` code must have one of these values:
* ``0`` - unspecified
* ``1`` - keyCompromise
* ``2`` - cACompromise
* ``3`` - affiliationChanged
* ``4`` - superseded
* ``5`` - cessationOfOperation
* ``6`` - certificateHold
* ``8`` - removeFromCRL
* ``9`` - privilegeWithdrawn
* ``10`` - aACompromise
Note that reason code ``7`` is not used. See RFC 5280 for more details:
http://www.ietf.org/rfc/rfc5280.txt
:param serial_number: Certificate serial number.
:param revocation_reason: Integer code of revocation reason.
"""
raise errors.NotImplementedError(name='%s.revoke_certificate' %
self.name)
def find(self, options):
"""
Search for certificates
:param options: dictionary of search options
"""
raise errors.NotImplementedError(name='%s.find' % self.name)
def get_certificate(self, serial_number=None):
"""
Retrieve an existing certificate.
:param serial_number: certificate serial number
"""
raise errors.NotImplementedError(name='%s.get_certificate' % self.name)
def check_request_status(self, request_id):
"""
Check status of a certificate signing request.
:param request_id: request ID
"""
raise errors.NotImplementedError(name='%s.check_request_status' % self.name)
def take_certificate_off_hold(self, serial_number):
"""
Take revoked certificate off hold.
:param serial_number: Certificate serial number.
"""
raise errors.NotImplementedError(name='%s.take_certificate_off_hold' % self.name)
def request_certificate(self, csr, request_type='pkcs10'):
"""
Submit certificate signing request.
:param csr: The certificate signing request.
:param request_type: The request type (defaults to ``'pkcs10'``).
"""
raise errors.NotImplementedError(name='%s.request_certificate' % self.name)
def updateCRL(self, wait='false'):
"""
Force update of the CRL
:param wait: if true, the call will be synchronous and return only
when the CRL has been generated
"""
raise errors.NotImplementedError(name='%s.updateCRL' % self.name)
def request_certificate(
self, csr, profile_id, ca_id, request_type='pkcs10'):
"""
Submit certificate signing request.
:param csr: The certificate signing request.
:param profile_id: Profile to use for this request.
:param ca_id: The Authority ID to send request to. ``None`` is allowed.
:param request_type: The request type (defaults to ``'pkcs10'``).
"""
raise errors.NotImplementedError(name='%s.request_certificate' % self.name)
def get_dn(self, *keys, **options):
"""
Generates vault DN from parameters.
"""
service = options.get('service')
shared = options.get('shared')
user = options.get('username')
count = (bool(service) + bool(shared) + bool(user))
if count > 1:
raise errors.MutuallyExclusiveError(
reason=_('Service, shared, and user options ' +
'cannot be specified simultaneously'))
# TODO: create container_dn after object initialization then reuse it
container_dn = DN(self.container_dn, self.api.env.basedn)
dn = super(vault, self).get_dn(*keys, **options)
assert dn.endswith(container_dn)
rdns = DN(*dn[:-len(container_dn)])
if not count:
principal = kerberos.Principal(getattr(context, 'principal'))
if principal.is_host:
raise errors.NotImplementedError(
reason=_('Host is not supported'))
elif principal.is_service:
service = unicode(principal)
else:
user = principal.username
if service:
parent_dn = DN(('cn', service), ('cn', 'services'), container_dn)
elif shared:
parent_dn = DN(('cn', 'shared'), container_dn)
elif user:
parent_dn = DN(('cn', user), ('cn', 'users'), container_dn)
else:
raise RuntimeError
return DN(rdns, parent_dn)
def get_dn(self, *keys, **options):
"""
Generates vault DN from parameters.
"""
service = options.get('service')
shared = options.get('shared')
user = options.get('username')
count = (bool(service) + bool(shared) + bool(user))
if count > 1:
raise errors.MutuallyExclusiveError(
reason=_('Service, shared and user options ' +
'cannot be specified simultaneously'))
parent_dn = super(vaultcontainer, self).get_dn(*keys, **options)
if not count:
principal = kerberos.Principal(getattr(context, 'principal'))
if principal.is_host:
raise errors.NotImplementedError(
reason=_('Host is not supported'))
elif principal.is_service:
service = unicode(principal)
else:
user = principal.username
if service:
dn = DN(('cn', service), ('cn', 'services'), parent_dn)
elif shared:
dn = DN(('cn', 'shared'), parent_dn)
elif user:
dn = DN(('cn', user), ('cn', 'users'), parent_dn)
else:
raise RuntimeError
return dn
