mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Remove md5_fingerprints from IPA
MD5 is a grandpa and FIPS does not like it at all. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
This commit is contained in:
Stanislav Laznicka
committed by
Martin Basti
Martin Basti
parent
dcb6181525
commit
e2d1b21c50
@@ -361,7 +361,6 @@ IPA.cert.view_dialog = function(spec) {
|
||||
that.issuer = IPA.cert.parse_dn(spec.certificate.issuer);
|
||||
that.issued_on = spec.certificate.valid_not_before || '';
|
||||
that.expires_on = spec.certificate.valid_not_after || '';
|
||||
that.md5_fingerprint = spec.certificate.md5_fingerprint || '';
|
||||
that.sha1_fingerprint = spec.certificate.sha1_fingerprint || '';
|
||||
that.sha256_fingerprint = spec.certificate.sha256_fingerprint || '';
|
||||
|
||||
@@ -427,8 +426,6 @@ IPA.cert.view_dialog = function(spec) {
|
||||
|
||||
table_layout = that.create_layout().appendTo(that.container);
|
||||
|
||||
new_row('@i18n:objects.cert.md5_fingerprint', that.md5_fingerprint)
|
||||
.appendTo(table_layout);
|
||||
new_row('@i18n:objects.cert.sha1_fingerprint', that.sha1_fingerprint)
|
||||
.appendTo(table_layout);
|
||||
new_row('@i18n:objects.cert.sha256_fingerprint', that.sha256_fingerprint)
|
||||
@@ -570,7 +567,6 @@ IPA.cert.loader = function(spec) {
|
||||
var certificate = {
|
||||
issuer: result.issuer,
|
||||
certificate: result.certificate,
|
||||
md5_fingerprint: result.md5_fingerprint,
|
||||
revocation_reason: result.revocation_reason,
|
||||
serial_number: result.serial_number,
|
||||
serial_number_hex: result.serial_number_hex,
|
||||
@@ -1579,9 +1575,6 @@ exp.create_cert_metadata = function() {
|
||||
add_param('valid_not_after',
|
||||
text.get('@i18n:objects.cert.expires_on'),
|
||||
text.get('@i18n:objects.cert.expires_on'));
|
||||
add_param('md5_fingerprint',
|
||||
text.get('@i18n:objects.cert.md5_fingerprint'),
|
||||
text.get('@i18n:objects.cert.md5_fingerprint'));
|
||||
add_param('sha1_fingerprint',
|
||||
text.get('@i18n:objects.cert.sha1_fingerprint'),
|
||||
text.get('@i18n:objects.cert.sha1_fingerprint'));
|
||||
@@ -1762,7 +1755,6 @@ return {
|
||||
'valid_not_before',
|
||||
'valid_not_after',
|
||||
'sha1_fingerprint',
|
||||
'md5_fingerprint',
|
||||
{
|
||||
$type: 'revocation_reason',
|
||||
name: 'revocation_reason'
|
||||
|
||||
@@ -5,7 +5,6 @@
|
||||
"result": {
|
||||
"certificate": "MIICAjCCAWugAwIBAgICBAswDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTAwNzIzMzk0NFoXDTE1MTAwNzIzMzk0NFowKDEMMAoGA1UECgwDSVBBMRgwFgYDVQQDDA9kZXYuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOTXyj8grVB7Rj95RFawgdwn9OYZ03LWHZ+HMYggu2/xCCrUrdThP14YBlVqZumjVJSclj6T4ACjjdPJq9JTTmx7gMizDTReus7IPlS6fCxb5v5whQJZsEksXL04OxUMl25euPRFkYcTK1rdW47+AkG10j1qeNW+B6CpdQGR6eM/AgMBAAGjOjA4MBEGCWCGSAGG+EIBAQQEAwIGQDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEASIhq723VL5xP0q51MYXFlGU1boD7pPD1pIQspD/MjCIEupcbH2kAo4wf+EiKsXR0rs+WZkaSgvFqaM4OQ2kWSFTiqmFXFDBEi6EFr68yLg7IpQpNTzVBXERd8B4GwNL9wrRw60jPXlUK29DPBsdGq8fDgX18l39wKkWXv7p1to4=",
|
||||
"issuer": "CN=Certificate Authority,O=EXAMPLE.COM",
|
||||
"md5_fingerprint": "08:86:a9:f9:87:af:0d:d7:42:01:e0:5f:12:9b:32:7f",
|
||||
"request_id": "1",
|
||||
"serial_number": "1",
|
||||
"sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc",
|
||||
|
||||
@@ -5,7 +5,6 @@
|
||||
"result": {
|
||||
"certificate": "MIICAjCCAWugAwIBAgICBAswDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTAwNzIzMzk0NFoXDTE1MTAwNzIzMzk0NFowKDEMMAoGA1UECgwDSVBBMRgwFgYDVQQDDA9kZXYuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOTXyj8grVB7Rj95RFawgdwn9OYZ03LWHZ+HMYggu2/xCCrUrdThP14YBlVqZumjVJSclj6T4ACjjdPJq9JTTmx7gMizDTReus7IPlS6fCxb5v5whQJZsEksXL04OxUMl25euPRFkYcTK1rdW47+AkG10j1qeNW+B6CpdQGR6eM/AgMBAAGjOjA4MBEGCWCGSAGG+EIBAQQEAwIGQDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEASIhq723VL5xP0q51MYXFlGU1boD7pPD1pIQspD/MjCIEupcbH2kAo4wf+EiKsXR0rs+WZkaSgvFqaM4OQ2kWSFTiqmFXFDBEi6EFr68yLg7IpQpNTzVBXERd8B4GwNL9wrRw60jPXlUK29DPBsdGq8fDgX18l39wKkWXv7p1to4=",
|
||||
"issuer": "CN=Certificate Authority,O=EXAMPLE.COM",
|
||||
"md5_fingerprint": "08:86:a9:f9:87:af:0d:d7:42:01:e0:5f:12:9b:32:7f",
|
||||
"serial_number": "1",
|
||||
"sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc",
|
||||
"subject": "CN=dev.example.com,O=EXAMPLE.COM",
|
||||
|
||||
@@ -277,7 +277,6 @@
|
||||
"issued_on": "Issued On",
|
||||
"issued_to": "Issued To",
|
||||
"key_compromise": "Key Compromise",
|
||||
"md5_fingerprint": "MD5 Fingerprint",
|
||||
"missing": "No Valid Certificate",
|
||||
"new_certificate": "New Certificate",
|
||||
"new_cert_format": "Certificate in base64 or PEM format",
|
||||
|
||||
@@ -47,7 +47,6 @@
|
||||
"managedby_host": [
|
||||
"dev.example.com"
|
||||
],
|
||||
"md5_fingerprint": "08:86:a9:f9:87:af:0d:d7:42:01:e0:5f:12:9b:32:7f",
|
||||
"serial_number": "1",
|
||||
"serial_number_hex": "0x1",
|
||||
"sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc",
|
||||
|
||||
@@ -345,11 +345,6 @@ class BaseCertObject(Object):
|
||||
label=_('Not After'),
|
||||
flags={'no_create', 'no_update', 'no_search'},
|
||||
),
|
||||
Str(
|
||||
'md5_fingerprint',
|
||||
label=_('Fingerprint (MD5)'),
|
||||
flags={'no_create', 'no_update', 'no_search'},
|
||||
),
|
||||
Str(
|
||||
'sha1_fingerprint',
|
||||
label=_('Fingerprint (SHA1)'),
|
||||
@@ -393,8 +388,6 @@ class BaseCertObject(Object):
|
||||
obj['valid_not_after'] = x509.format_datetime(
|
||||
cert.not_valid_after)
|
||||
if full:
|
||||
obj['md5_fingerprint'] = x509.to_hex_with_colons(
|
||||
cert.fingerprint(hashes.MD5()))
|
||||
obj['sha1_fingerprint'] = x509.to_hex_with_colons(
|
||||
cert.fingerprint(hashes.SHA1()))
|
||||
|
||||
|
||||
@@ -510,10 +510,6 @@ class host(LDAPObject):
|
||||
label=_('Not After'),
|
||||
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
|
||||
),
|
||||
Str('md5_fingerprint',
|
||||
label=_('Fingerprint (MD5)'),
|
||||
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
|
||||
),
|
||||
Str('sha1_fingerprint',
|
||||
label=_('Fingerprint (SHA1)'),
|
||||
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
|
||||
|
||||
@@ -427,7 +427,6 @@ class i18n_messages(Command):
|
||||
"issued_on": _("Issued On"),
|
||||
"issued_to": _("Issued To"),
|
||||
"key_compromise": _("Key Compromise"),
|
||||
"md5_fingerprint": _("MD5 Fingerprint"),
|
||||
"missing": _("No Valid Certificate"),
|
||||
"new_certificate": _("New Certificate"),
|
||||
"new_cert_format": _("Certificate in base64 or PEM format"),
|
||||
|
||||
@@ -274,8 +274,6 @@ def set_certificate_attrs(entry_attrs):
|
||||
entry_attrs['valid_not_before'] = x509.format_datetime(
|
||||
cert.not_valid_before)
|
||||
entry_attrs['valid_not_after'] = x509.format_datetime(cert.not_valid_after)
|
||||
entry_attrs['md5_fingerprint'] = x509.to_hex_with_colons(
|
||||
cert.fingerprint(hashes.MD5()))
|
||||
entry_attrs['sha1_fingerprint'] = x509.to_hex_with_colons(
|
||||
cert.fingerprint(hashes.SHA1()))
|
||||
|
||||
@@ -504,10 +502,6 @@ class service(LDAPObject):
|
||||
label=_('Not After'),
|
||||
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
|
||||
),
|
||||
Str('md5_fingerprint',
|
||||
label=_('Fingerprint (MD5)'),
|
||||
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
|
||||
),
|
||||
Str('sha1_fingerprint',
|
||||
label=_('Fingerprint (SHA1)'),
|
||||
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
|
||||
|
||||
@@ -232,7 +232,6 @@ class TestCRUD(XMLRPC_test):
|
||||
description=[u'Updated host 1'],
|
||||
usercertificate=[base64.b64decode(host_cert)],
|
||||
issuer=fuzzy_issuer,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
|
||||
@@ -465,7 +465,6 @@ class test_service(Declarative):
|
||||
subject=randomissuer,
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
issuer=fuzzy_issuer,
|
||||
),
|
||||
@@ -488,7 +487,6 @@ class test_service(Declarative):
|
||||
subject=DN(('CN',api.env.host),x509.subject_base()),
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
issuer=fuzzy_issuer,
|
||||
),
|
||||
@@ -525,7 +523,6 @@ class test_service(Declarative):
|
||||
subject=DN(('CN',api.env.host),x509.subject_base()),
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
issuer=fuzzy_issuer,
|
||||
),
|
||||
@@ -554,7 +551,6 @@ class test_service(Declarative):
|
||||
subject=DN(('CN',api.env.host),x509.subject_base()),
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
issuer=fuzzy_issuer,
|
||||
),
|
||||
@@ -579,7 +575,6 @@ class test_service(Declarative):
|
||||
subject=DN(('CN',api.env.host),x509.subject_base()),
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
issuer=fuzzy_issuer,
|
||||
krbticketflags=[u'1048704'],
|
||||
@@ -607,7 +602,6 @@ class test_service(Declarative):
|
||||
subject=DN(('CN',api.env.host),x509.subject_base()),
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
issuer=fuzzy_issuer,
|
||||
krbticketflags=[u'1048577'],
|
||||
@@ -633,7 +627,6 @@ class test_service(Declarative):
|
||||
subject=DN(('CN',api.env.host),x509.subject_base()),
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
issuer=fuzzy_issuer,
|
||||
krbticketflags=[u'1'],
|
||||
|
||||
@@ -25,7 +25,7 @@ class HostTracker(KerberosAliasMixin, Tracker):
|
||||
retrieve_keys = {
|
||||
'dn', 'fqdn', 'description', 'l', 'krbcanonicalname',
|
||||
'krbprincipalname', 'managedby_host',
|
||||
'has_keytab', 'has_password', 'issuer', 'md5_fingerprint',
|
||||
'has_keytab', 'has_password', 'issuer',
|
||||
'serial_number', 'serial_number_hex', 'sha1_fingerprint',
|
||||
'subject', 'usercertificate', 'valid_not_after', 'valid_not_before',
|
||||
'macaddress', 'sshpubkeyfp', 'ipaallowedtoperform_read_keys_user',
|
||||
|
||||
@@ -37,7 +37,7 @@ class ServiceTracker(KerberosAliasMixin, Tracker):
|
||||
u'dn', u'krbprincipalname', u'usercertificate', u'has_keytab',
|
||||
u'ipakrbauthzdata', u'ipaallowedtoperform', u'subject',
|
||||
u'managedby', u'serial_number', u'serial_number_hex', u'issuer',
|
||||
u'valid_not_before', u'valid_not_after', u'md5_fingerprint',
|
||||
u'valid_not_before', u'valid_not_after',
|
||||
u'sha1_fingerprint', u'krbprincipalauthind', u'managedby_host',
|
||||
u'krbcanonicalname'}
|
||||
retrieve_all_keys = retrieve_keys | {
|
||||
|
||||
Reference in New Issue
Block a user