IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

User provided certs.

Browse Source
This commit is contained in:
Karl MacMillan
-
parent 8792559f74
commit 1c3849eb57
6 changed files with 224 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
ipa-server/ipaserver/certs.py
View File

@@ -17,7 +17,7 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import os, stat, subprocess
import os, stat, subprocess, re
import sha
from ipa import ipautil
@@ -196,6 +196,50 @@ class CertDB(object):
f.close()
self.set_perms(self.pin_fname)
def trust_root_cert(self, nickname):
p = subprocess.Popen(["/usr/bin/certutil", "-d", self.secdir,
"-O", "-n", nickname], stdout=subprocess.PIPE)
chain = p.stdout.read()
chain = chain.split("\n")
root_nickname = re.match('\ *"(.*)".*', chain[0]).groups()[0]
self.run_certutil(["-M", "-n", root_nickname,
"-t", "CT,CT,"])
def find_server_certs(self):
p = subprocess.Popen(["/usr/bin/certutil", "-d", self.secdir,
"-L"], stdout=subprocess.PIPE)
certs = p.stdout.read()
certs = certs.split("\n")
server_certs = []
for cert in certs:
fields = cert.split()
if not len(fields):
continue
flags = fields[-1]
if 'u' in flags:
name = " ".join(fields[0:-1])
server_certs.append((name, flags))
return server_certs
def import_pkcs12(self, pkcs12_fname):
try:
ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
"-i", pkcs12_fname])
except ipautil.CalledProcessError, e:
if e.returncode == 17:
raise RuntimeError("incorrect password")
else:
raise RuntimeError("unknown error import pkcs#12 file")
def create_self_signed(self, passwd=True):
self.create_noise_file()
self.create_passwd_file(passwd)
@@ -208,6 +252,3 @@ class CertDB(object):
self.create_passwd_file(passwd)
self.create_certdbs()
self.load_cacert(cacert_fname)

2
ipa-server/ipaserver/dsinstance.py
View File

@@ -322,7 +322,7 @@ class DsInstance(service.Service):
conn.addEntry(entry)
conn.unbind()
def __add_default_layout(self):
self.step("adding default layout")
txt = ipautil.template_file(ipautil.SHARE_DIR + "bootstrap-template.ldif", self.sub_dict)

18
ipa-server/ipaserver/httpinstance.py
View File

@@ -29,6 +29,7 @@ import time
import service
import certs
import dsinstance
import installutils
from ipa.ipautil import *
HTTPD_DIR = "/etc/httpd"
@@ -43,21 +44,6 @@ successfully change with the command:
Try updating the policycoreutils and selinux-policy packages.
"""
def update_file(filename, orig, subst):
if os.path.exists(filename):
pattern = "%s" % re.escape(orig)
p = re.compile(pattern)
for line in fileinput.input(filename, inplace=1):
if not p.search(line):
sys.stdout.write(line)
else:
sys.stdout.write(p.sub(subst, line))
fileinput.close()
return 0
else:
print "File %s doesn't exist." % filename
return 1
class HTTPInstance(service.Service):
def __init__(self):
service.Service.__init__(self, "httpd")
@@ -145,7 +131,7 @@ class HTTPInstance(service.Service):
def __set_mod_nss_port(self):
self.step("Setting mod_nss port to 443")
if update_file(NSS_CONF, '8443', '443') != 0:
if installutils.update_file(NSS_CONF, '8443', '443') != 0:
print "Updating %s failed." % NSS_CONF
def __setup_ssl(self):

19
ipa-server/ipaserver/installutils.py
View File

@@ -21,6 +21,10 @@ import logging
import socket
import errno
import getpass
import os
import re
import fileinput
import sys
def get_fqdn():
fqdn = ""
@@ -105,4 +109,19 @@ def read_password(user):
print ""
return pwd
def update_file(filename, orig, subst):
if os.path.exists(filename):
pattern = "%s" % re.escape(orig)
p = re.compile(pattern)
for line in fileinput.input(filename, inplace=1):
if not p.search(line):
sys.stdout.write(line)
else:
sys.stdout.write(p.sub(subst, line))
fileinput.close()
return 0
else:
print "File %s doesn't exist." % filename
return 1