IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use consistent, specific nickname for the IPA CA certificate.

Browse Source 
Also fix some imports for sha. We have a compat module for it, use it.

ticket 181
This commit is contained in:
Rob Crittenden 2010-09-28 23:10:25 -04:00
parent 3127df2aee
commit 3703062ab2
5 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ipapython/certdb.py
View File

@ -21,10 +21,12 @@ from ipapython import ipautil
from ipapython import nsslib from ipapython import nsslib
from ipalib import pkcs10 from ipalib import pkcs10
import tempfile import tempfile
import sha from ipalib.compat import sha1
import shutil import shutil
import os import os
CA_NICKNAME = "IPA CA"
class CertDB(object): class CertDB(object):
""" """
To be used for temporary NSS databases only. If temporary is set then To be used for temporary NSS databases only. If temporary is set then
@ -64,7 +66,7 @@ class CertDB(object):
return ipautil.run(new_args, stdin) return ipautil.run(new_args, stdin)
def generate_random(self): def generate_random(self):
return sha.sha(ipautil.ipa_generate_password()).hexdigest() return sha1(ipautil.ipa_generate_password()).hexdigest()
def create_noise_file(self): def create_noise_file(self):
""" """

3
ipaserver/install/cainstance.py
View File

@ -36,6 +36,7 @@ import urllib
import xml.dom.minidom import xml.dom.minidom
import stat import stat
from ipapython import dogtag from ipapython import dogtag
from ipapython.certdb import CA_NICKNAME
from ipalib import pkcs10 from ipalib import pkcs10
import subprocess import subprocess
@ -381,7 +382,7 @@ class CAInstance(service.Service):
# The same database is used for mod_nss because the NSS context # The same database is used for mod_nss because the NSS context
# will already have been initialized by Apache by the time # will already have been initialized by Apache by the time
# mod_python wants to do things. # mod_python wants to do things.
self.canickname = "CA certificate" self.canickname = CA_NICKNAME
self.basedn = "o=ipaca" self.basedn = "o=ipaca"
self.ca_agent_db = tempfile.mkdtemp(prefix = "tmp-") self.ca_agent_db = tempfile.mkdtemp(prefix = "tmp-")
self.ra_agent_db = "/etc/httpd/alias" self.ra_agent_db = "/etc/httpd/alias"

14
ipaserver/install/certs.py
View File

@ -33,6 +33,7 @@ from ipapython import dogtag
from ipapython import sysrestore from ipapython import sysrestore
from ipapython import ipautil from ipapython import ipautil
from ipapython import certmonger from ipapython import certmonger
from ipapython.certdb import CA_NICKNAME
from ipalib import pkcs10 from ipalib import pkcs10
from ConfigParser import RawConfigParser, MissingSectionHeaderError from ConfigParser import RawConfigParser, MissingSectionHeaderError
import service import service
@ -44,12 +45,7 @@ import nss.nss as nss
from ipalib import api from ipalib import api
# The sha module is deprecated in Python 2.6, replaced by hashlib. Try from ipalib.compat import sha1
# that first and fall back to sha.sha if it isn't available.
try:
from hashlib import sha256 as sha
except ImportError:
from sha import sha
CA_SERIALNO="/var/lib/ipa/ca_serialno" CA_SERIALNO="/var/lib/ipa/ca_serialno"
@ -195,7 +191,7 @@ class CertDB(object):
else: else:
self.subject_format = "CN=%s,O=IPA" self.subject_format = "CN=%s,O=IPA"
self.cacert_name = "CA certificate" self.cacert_name = CA_NICKNAME
self.valid_months = "120" self.valid_months = "120"
self.keysize = "1024" self.keysize = "1024"
@ -268,7 +264,7 @@ class CertDB(object):
os.chmod(fname, perms) os.chmod(fname, perms)
def gen_password(self): def gen_password(self):
return sha(ipautil.ipa_generate_password()).hexdigest() return sha1(ipautil.ipa_generate_password()).hexdigest()
def run_certutil(self, args, stdin=None): def run_certutil(self, args, stdin=None):
new_args = ["/usr/bin/certutil", "-d", self.secdir] new_args = ["/usr/bin/certutil", "-d", self.secdir]
@ -857,7 +853,7 @@ class CertDB(object):
else: else:
raise RuntimeError("unknown error import pkcs#12 file") raise RuntimeError("unknown error import pkcs#12 file")
def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname="CA certificate"): def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname=CA_NICKNAME):
ipautil.run(["/usr/bin/pk12util", "-d", self.secdir, ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
"-o", pkcs12_fname, "-o", pkcs12_fname,
"-n", nickname, "-n", nickname,

2
ipaserver/install/dsinstance.py
View File

@ -522,7 +522,7 @@ class DsInstance(service.Service):
first have to shut down the directory server in case it has first have to shut down the directory server in case it has
opened the cert db read-only. Then we use the CertDB class opened the cert db read-only. Then we use the CertDB class
to add the CA cert. We have to provide a nickname, and we to add the CA cert. We have to provide a nickname, and we
do not use 'CA certificate' since that's the default, so do not use 'IPA CA' since that's the default, so
we use 'Imported CA' if none specified. Then we restart we use 'Imported CA' if none specified. Then we restart
the server.""" the server."""
# first make sure we have a valid cacert_fname # first make sure we have a valid cacert_fname

3
ipaserver/plugins/selfsign.py
View File

@ -39,6 +39,7 @@ from ipalib import Backend
from ipalib import errors from ipalib import errors
from ipalib import x509 from ipalib import x509
from ipalib import pkcs10 from ipalib import pkcs10
from ipapython.certdb import CA_NICKNAME
import subprocess import subprocess
import os import os
import re import re
@ -156,7 +157,7 @@ class ra(rabase.rabase):
"/usr/bin/certutil", "/usr/bin/certutil",
"-C", "-C",
"-d", self.sec_dir, "-d", self.sec_dir,
"-c", "CA certificate", "-c", CA_NICKNAME,
"-i", csr_name, "-i", csr_name,
"-o", cert_name, "-o", cert_name,
"-m", str(serialno), "-m", str(serialno),