IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Optimize cert remove case

Browse Source 
The cert_remove and mod subcommands for service and host now pass in the
name to cert_find() to benefit from special cases.

See: https://pagure.io/freeipa/issue/7835
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes
2019-01-25 16:18:59 +01:00
parent ae74d348c3
commit 6cd37542e6
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ipaserver/plugins/host.py
View File

@@ -899,7 +899,9 @@ class host_mod(LDAPUpdate):
old_certs = entry_attrs_old.get('usercertificate', [])
removed_certs = set(old_certs) - set(certs)
for cert in removed_certs:
rm_certs = api.Command.cert_find(certificate=cert)['result']
rm_certs = api.Command.cert_find(
certificate=cert,
host=keys)['result']
revoke_certs(rm_certs)
if certs:
@@ -1335,7 +1337,9 @@ class host_remove_cert(LDAPRemoveAttributeViaOption):
assert isinstance(dn, DN)
for cert in options.get('usercertificate', []):
revoke_certs(api.Command.cert_find(certificate=cert)['result'])
revoke_certs(api.Command.cert_find(
certificate=cert,
host=keys)['result'])
return dn

7
ipaserver/plugins/service.py
View File

@@ -713,7 +713,8 @@ class service_mod(LDAPUpdate):
removed_certs = set(old_certs) - set(certs)
for cert in removed_certs:
rm_certs = api.Command.cert_find(
certificate=cert.public_bytes(x509.Encoding.DER))['result']
certificate=cert.public_bytes(x509.Encoding.DER),
service=keys)['result']
revoke_certs(rm_certs)
if certs:
@@ -993,7 +994,9 @@ class service_remove_cert(LDAPRemoveAttributeViaOption):
assert isinstance(dn, DN)
for cert in options.get('usercertificate', []):
revoke_certs(api.Command.cert_find(certificate=cert)['result'])
revoke_certs(api.Command.cert_find(
certificate=cert,
service=keys)['result'])
return dn