freeipa/ipaclient/plugins/certmap.py

#
# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
#

from ipaclient.frontend import MethodOverride
from ipalib import errors, x509
from ipalib.parameters import BinaryFile
from ipalib.plugable import Registry
from ipalib.text import _

register = Registry()


@register(override=True, no_fail=True)
class certmap_match(MethodOverride):
    takes_args = (
        BinaryFile(
            'file?',
            label=_("Input file"),
            doc=_("File to load the certificate from"),
            include='cli',
        ),
    )

    def get_args(self):
        for arg in super(certmap_match, self).get_args():
            if arg.name != 'certificate' or self.api.env.context != 'cli':
                yield arg

    def get_options(self):
        for arg in super(certmap_match, self).get_args():
            if arg.name == 'certificate' and self.api.env.context == 'cli':
                yield arg.clone(required=False)
        for option in super(certmap_match, self).get_options():
            yield option

    def forward(self, *args, **options):
        if self.api.env.context == 'cli':
            if args and 'certificate' in options:
                raise errors.MutuallyExclusiveError(
                    reason=_("cannot specify both raw certificate and file"))
            if args:
                args = [x509.load_unknown_x509_certificate(args[0])]
            elif 'certificate' in options:
                args = [options.pop('certificate')]
            else:
                args = []

        return super(certmap_match, self).forward(*args, **options)
certmap: load certificate from file in certmap-match CLI Load the certificate from a file specified in the first argument. Raw certificate value can be specified using --certificate. https://pagure.io/freeipa/issue/6646 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2017-03-09 00:19:26 -06:00			`#`
			`# Copyright (C) 2017 FreeIPA Contributors see COPYING for license`
			`#`

			`from ipaclient.frontend import MethodOverride`
			`from ipalib import errors, x509`
Load certificate files as binary data In Python 3, cryptography requires certificate data to be binary. Even PEM encoded files are treated as binary content. certmap-match and cert-find were loading certificates as text files. A new BinaryFile type loads files as binary content. Fixes: https://pagure.io/freeipa/issue/7520 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2018-04-27 05:29:17 -05:00			`from ipalib.parameters import BinaryFile`
certmap: load certificate from file in certmap-match CLI Load the certificate from a file specified in the first argument. Raw certificate value can be specified using --certificate. https://pagure.io/freeipa/issue/6646 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2017-03-09 00:19:26 -06:00			`from ipalib.plugable import Registry`
			`from ipalib.text import _`

			`register = Registry()`


			`@register(override=True, no_fail=True)`
			`class certmap_match(MethodOverride):`
			`takes_args = (`
Load certificate files as binary data In Python 3, cryptography requires certificate data to be binary. Even PEM encoded files are treated as binary content. certmap-match and cert-find were loading certificates as text files. A new BinaryFile type loads files as binary content. Fixes: https://pagure.io/freeipa/issue/7520 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2018-04-27 05:29:17 -05:00			`BinaryFile(`
certmap: load certificate from file in certmap-match CLI Load the certificate from a file specified in the first argument. Raw certificate value can be specified using --certificate. https://pagure.io/freeipa/issue/6646 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2017-03-09 00:19:26 -06:00			`'file?',`
			`label=_("Input file"),`
			`doc=_("File to load the certificate from"),`
			`include='cli',`
			`),`
			`)`

			`def get_args(self):`
			`for arg in super(certmap_match, self).get_args():`
			`if arg.name != 'certificate' or self.api.env.context != 'cli':`
			`yield arg`

			`def get_options(self):`
			`for arg in super(certmap_match, self).get_args():`
			`if arg.name == 'certificate' and self.api.env.context == 'cli':`
			`yield arg.clone(required=False)`
			`for option in super(certmap_match, self).get_options():`
			`yield option`

			`def forward(self, args, *options):`
			`if self.api.env.context == 'cli':`
			`if args and 'certificate' in options:`
			`raise errors.MutuallyExclusiveError(`
			`reason=_("cannot specify both raw certificate and file"))`
			`if args:`
x509: remove the strip_header() function We don't need the strip_header() function, to load an unknown x509 certificate, load_unknown_x509_certificate() should be used. Reviewed-By: Tibor Dudlak <tdudlak@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 2017-09-25 02:54:53 -05:00			`args = [x509.load_unknown_x509_certificate(args[0])]`
certmap: load certificate from file in certmap-match CLI Load the certificate from a file specified in the first argument. Raw certificate value can be specified using --certificate. https://pagure.io/freeipa/issue/6646 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2017-03-09 00:19:26 -06:00			`elif 'certificate' in options:`
			`args = [options.pop('certificate')]`
			`else:`
			`args = []`

			`return super(certmap_match, self).forward(args, *options)`