2016-07-05 13:19:35 -05:00
|
|
|
#
|
|
|
|
# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
|
|
|
|
#
|
|
|
|
|
2017-01-06 10:19:19 -06:00
|
|
|
import base64
|
|
|
|
|
2016-07-05 13:19:35 -05:00
|
|
|
import six
|
|
|
|
|
|
|
|
from ipalib import api
|
|
|
|
from ipalib import errors
|
|
|
|
from ipalib import output
|
|
|
|
from ipalib import util
|
|
|
|
from ipalib.frontend import Local, Str
|
2017-09-20 04:50:26 -05:00
|
|
|
from ipalib.parameters import Bytes, Principal
|
2016-07-05 13:19:35 -05:00
|
|
|
from ipalib.plugable import Registry
|
|
|
|
from ipalib.text import _
|
2016-08-22 09:46:02 -05:00
|
|
|
from ipapython import dogtag
|
2016-07-05 13:19:35 -05:00
|
|
|
|
2017-03-29 04:20:21 -05:00
|
|
|
|
2016-07-05 13:19:35 -05:00
|
|
|
if six.PY3:
|
|
|
|
unicode = str
|
|
|
|
|
|
|
|
register = Registry()
|
|
|
|
|
|
|
|
__doc__ = _("""
|
|
|
|
Commands to build certificate requests automatically
|
|
|
|
""")
|
|
|
|
|
|
|
|
|
|
|
|
@register()
|
|
|
|
class cert_get_requestdata(Local):
|
|
|
|
__doc__ = _('Gather data for a certificate signing request.')
|
|
|
|
|
2017-03-14 01:25:19 -05:00
|
|
|
NO_CLI = True
|
|
|
|
|
2016-07-05 13:19:35 -05:00
|
|
|
takes_options = (
|
|
|
|
Principal(
|
|
|
|
'principal',
|
|
|
|
label=_('Principal'),
|
|
|
|
doc=_('Principal for this certificate (e.g.'
|
|
|
|
' HTTP/test.example.com)'),
|
|
|
|
),
|
|
|
|
Str(
|
2016-08-22 09:46:02 -05:00
|
|
|
'profile_id?',
|
2016-07-05 13:19:35 -05:00
|
|
|
label=_('Profile ID'),
|
|
|
|
doc=_('CSR Generation Profile to use'),
|
|
|
|
),
|
2017-09-20 04:50:26 -05:00
|
|
|
Bytes(
|
2017-01-06 10:19:19 -06:00
|
|
|
'public_key_info',
|
|
|
|
label=_('Subject Public Key Info'),
|
|
|
|
doc=_('DER-encoded SubjectPublicKeyInfo structure'),
|
2016-07-05 13:19:35 -05:00
|
|
|
),
|
|
|
|
Str(
|
|
|
|
'out?',
|
2017-01-06 10:19:19 -06:00
|
|
|
doc=_('Write CertificationRequestInfo to file'),
|
2016-07-05 13:19:35 -05:00
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
has_output = (
|
|
|
|
output.Output(
|
|
|
|
'result',
|
|
|
|
type=dict,
|
|
|
|
doc=_('Dictionary mapping variable name to value'),
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
has_output_params = (
|
|
|
|
Str(
|
2017-01-06 10:19:19 -06:00
|
|
|
'request_info',
|
|
|
|
label=_('CertificationRequestInfo structure'),
|
2016-07-05 13:19:35 -05:00
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
def execute(self, *args, **options):
|
2018-04-05 01:35:15 -05:00
|
|
|
# Deferred import, ipaclient.csrgen is expensive to load.
|
|
|
|
# see https://pagure.io/freeipa/issue/7484
|
|
|
|
from ipaclient import csrgen
|
|
|
|
from ipaclient import csrgen_ffi
|
|
|
|
|
2016-07-05 13:19:35 -05:00
|
|
|
if 'out' in options:
|
|
|
|
util.check_writable_file(options['out'])
|
|
|
|
|
|
|
|
principal = options.get('principal')
|
|
|
|
profile_id = options.get('profile_id')
|
2016-08-22 09:46:02 -05:00
|
|
|
if profile_id is None:
|
|
|
|
profile_id = dogtag.DEFAULT_PROFILE
|
2017-01-06 10:19:19 -06:00
|
|
|
public_key_info = options.get('public_key_info')
|
|
|
|
public_key_info = base64.b64decode(public_key_info)
|
2016-07-05 13:19:35 -05:00
|
|
|
|
|
|
|
if self.api.env.in_server:
|
|
|
|
backend = self.api.Backend.ldap2
|
|
|
|
else:
|
|
|
|
backend = self.api.Backend.rpcclient
|
|
|
|
if not backend.isconnected():
|
|
|
|
backend.connect()
|
|
|
|
|
|
|
|
try:
|
|
|
|
if principal.is_host:
|
|
|
|
principal_obj = api.Command.host_show(
|
|
|
|
principal.hostname, all=True)
|
|
|
|
elif principal.is_service:
|
|
|
|
principal_obj = api.Command.service_show(
|
|
|
|
unicode(principal), all=True)
|
|
|
|
elif principal.is_user:
|
|
|
|
principal_obj = api.Command.user_show(
|
|
|
|
principal.username, all=True)
|
|
|
|
except errors.NotFound:
|
|
|
|
raise errors.NotFound(
|
|
|
|
reason=_("The principal for this request doesn't exist."))
|
|
|
|
principal_obj = principal_obj['result']
|
2016-09-08 17:29:46 -05:00
|
|
|
config = api.Command.config_show()['result']
|
2016-07-05 13:19:35 -05:00
|
|
|
|
2017-01-06 10:19:19 -06:00
|
|
|
generator = csrgen.CSRGenerator(csrgen.FileRuleProvider())
|
2016-07-05 13:19:35 -05:00
|
|
|
|
2017-01-06 10:19:19 -06:00
|
|
|
csr_config = generator.csr_config(principal_obj, config, profile_id)
|
|
|
|
request_info = base64.b64encode(csrgen_ffi.build_requestinfo(
|
|
|
|
csr_config.encode('utf8'), public_key_info))
|
2016-07-05 13:19:35 -05:00
|
|
|
|
|
|
|
result = {}
|
|
|
|
if 'out' in options:
|
|
|
|
with open(options['out'], 'wb') as f:
|
2017-01-06 10:19:19 -06:00
|
|
|
f.write(request_info)
|
2016-07-05 13:19:35 -05:00
|
|
|
else:
|
2017-01-06 10:19:19 -06:00
|
|
|
result = dict(request_info=request_info)
|
2016-07-05 13:19:35 -05:00
|
|
|
|
|
|
|
return dict(
|
|
|
|
result=result
|
|
|
|
)
|