IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 16:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add SHA256 fingerprints for certs

Browse Source 
https://fedorahosted.org/freeipa/ticket/6701

Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Tomas Krizek 2017-02-23 17:03:01 +01:00
parent 3ba0375c83
commit a06c71b126
No known key found for this signature in database
GPG Key ID: 22A2A94B5E49415A
8 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
install/ui/src/freeipa/certificate.js
View File

@ -571,6 +571,7 @@ IPA.cert.loader = function(spec) {
serial_number: result.serial_number,
serial_number_hex: result.serial_number_hex,
sha1_fingerprint: result.sha1_fingerprint,
sha256_fingerprint: result.sha256_fingerprint,
subject: result.subject,
valid_not_after: result.valid_not_after,
valid_not_before: result.valid_not_before
@ -1578,6 +1579,9 @@ exp.create_cert_metadata = function() {
add_param('sha1_fingerprint',
text.get('@i18n:objects.cert.sha1_fingerprint'),
text.get('@i18n:objects.cert.sha1_fingerprint'));
add_param('sha256_fingerprint',
text.get('@i18n:objects.cert.sha256_fingerprint'),
text.get('@i18n:objects.cert.sha256_fingerprint'));
add_param('certificate',
text.get('@i18n:objects.cert.certificate'),
text.get('@i18n:objects.cert.certificate'));
@ -1755,6 +1759,7 @@ return {
'valid_not_before',
'valid_not_after',
'sha1_fingerprint',
'sha256_fingerprint',
{
$type: 'revocation_reason',
name: 'revocation_reason'
@ -1871,7 +1876,6 @@ IPA.cert.details_facet = function(spec, no_init) {
that.create_refresh_command = function() {
var command = that.details_facet_create_refresh_command();
delete command.options.all;
delete command.options.rights;
command.options = command.options || {};

7
ipaserver/plugins/cert.py
View File

@ -348,6 +348,11 @@ class BaseCertObject(Object):
label=_('Fingerprint (SHA1)'),
flags={'no_create', 'no_update', 'no_search'},
),
Str(
'sha256_fingerprint',
label=_('Fingerprint (SHA256)'),
flags={'no_create', 'no_update', 'no_search'},
),
Int(
'serial_number',
label=_('Serial number'),
@ -388,6 +393,8 @@ class BaseCertObject(Object):
if full:
obj['sha1_fingerprint'] = x509.to_hex_with_colons(
cert.fingerprint(hashes.SHA1()))
obj['sha256_fingerprint'] = x509.to_hex_with_colons(
cert.fingerprint(hashes.SHA256()))
general_names = x509.process_othernames(
x509.get_san_general_names(cert))

4
ipaserver/plugins/host.py
View File

@ -514,6 +514,10 @@ class host(LDAPObject):
label=_('Fingerprint (SHA1)'),
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
),
Str('sha256_fingerprint',
label=_('Fingerprint (SHA256)'),
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
),
Str('revocation_reason?',
label=_('Revocation reason'),
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},

6
ipaserver/plugins/service.py
View File

@ -276,6 +276,8 @@ def set_certificate_attrs(entry_attrs):
entry_attrs['valid_not_after'] = x509.format_datetime(cert.not_valid_after)
entry_attrs['sha1_fingerprint'] = x509.to_hex_with_colons(
cert.fingerprint(hashes.SHA1()))
entry_attrs['sha256_fingerprint'] = x509.to_hex_with_colons(
cert.fingerprint(hashes.SHA256()))
def check_required_principal(ldap, principal):
"""
@ -506,6 +508,10 @@ class service(LDAPObject):
label=_('Fingerprint (SHA1)'),
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
),
Str('sha256_fingerprint',
label=_('Fingerprint (SHA256)'),
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
),
Str('revocation_reason?',
label=_('Revocation reason'),
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},

1
ipatests/test_xmlrpc/test_host_plugin.py
View File

@ -235,6 +235,7 @@ class TestCRUD(XMLRPC_test):
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
subject=DN(('CN', api.env.host), x509.subject_base()),
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,

7
ipatests/test_xmlrpc/test_service_plugin.py
View File

@ -466,6 +466,7 @@ class test_service(Declarative):
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
),
),
@ -488,6 +489,7 @@ class test_service(Declarative):
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
),
),
@ -524,6 +526,7 @@ class test_service(Declarative):
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
),
),
@ -552,6 +555,7 @@ class test_service(Declarative):
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
),
),
@ -576,6 +580,7 @@ class test_service(Declarative):
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
krbticketflags=[u'1048704'],
ipakrbokasdelegate=True,
@ -603,6 +608,7 @@ class test_service(Declarative):
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
krbticketflags=[u'1048577'],
),
@ -628,6 +634,7 @@ class test_service(Declarative):
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
krbticketflags=[u'1'],
ipakrbokasdelegate=False,

1
ipatests/test_xmlrpc/tracker/host_plugin.py
View File

@ -27,6 +27,7 @@ class HostTracker(KerberosAliasMixin, Tracker):
'krbprincipalname', 'managedby_host',
'has_keytab', 'has_password', 'issuer',
'serial_number', 'serial_number_hex', 'sha1_fingerprint',
'sha256_fingerprint',
'subject', 'usercertificate', 'valid_not_after', 'valid_not_before',
'macaddress', 'sshpubkeyfp', 'ipaallowedtoperform_read_keys_user',
'memberof_hostgroup', 'memberofindirect_hostgroup',

4
ipatests/test_xmlrpc/tracker/service_plugin.py
View File

@ -37,8 +37,8 @@ class ServiceTracker(KerberosAliasMixin, Tracker):
u'dn', u'krbprincipalname', u'usercertificate', u'has_keytab',
u'ipakrbauthzdata', u'ipaallowedtoperform', u'subject',
u'managedby', u'serial_number', u'serial_number_hex', u'issuer',
u'valid_not_before', u'valid_not_after',
u'sha1_fingerprint', u'krbprincipalauthind', u'managedby_host',
u'valid_not_before', u'valid_not_after', u'sha1_fingerprint',
u'sha256_fingerprint', u'krbprincipalauthind', u'managedby_host',
u'krbcanonicalname'}
retrieve_all_keys = retrieve_keys | {
u'ipaKrbPrincipalAlias', u'ipaUniqueID', u'krbExtraData',