mirror of
				https://salsa.debian.org/freeipa-team/freeipa.git
				synced 2025-02-25 18:55:28 -06:00 
			
		
		
		
	Add the optional 'ca_id' argument to ra.request_certificate(), for passing an Authority ID to Dogtag. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
		
			
				
	
	
		
			122 lines
		
	
	
		
			4.1 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			122 lines
		
	
	
		
			4.1 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| # Authors:
 | |
| #   Rob Crittenden <rcritten@@redhat.com>
 | |
| #
 | |
| # Copyright (C) 2009  Red Hat
 | |
| # see file 'COPYING' for use and warranty information
 | |
| #
 | |
| # This program is free software; you can redistribute it and/or modify
 | |
| # it under the terms of the GNU General Public License as published by
 | |
| # the Free Software Foundation, either version 3 of the License, or
 | |
| # (at your option) any later version.
 | |
| #
 | |
| # This program is distributed in the hope that it will be useful,
 | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
| # GNU General Public License for more details.
 | |
| #
 | |
| # You should have received a copy of the GNU General Public License
 | |
| # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 | |
| 
 | |
| """
 | |
| Backend plugin for RA activities.
 | |
| 
 | |
| The `ra` plugin provides access to the CA to issue, retrieve, and revoke
 | |
| certificates via the following methods:
 | |
| 
 | |
|     * `ra.check_request_status()` - check certificate request status.
 | |
|     * `ra.get_certificate()` - retrieve an existing certificate.
 | |
|     * `ra.request_certificate()` - request a new certificate.
 | |
|     * `ra.revoke_certificate()` - revoke a certificate.
 | |
|     * `ra.take_certificate_off_hold()` - take a certificate off hold.
 | |
| """
 | |
| 
 | |
| from ipalib import Backend
 | |
| from ipalib import errors
 | |
| import os
 | |
| from ipaplatform.paths import paths
 | |
| 
 | |
| class rabase(Backend):
 | |
|     """
 | |
|     Request Authority backend plugin.
 | |
|     """
 | |
|     def __init__(self, api):
 | |
|         if api.env.in_tree:
 | |
|             self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
 | |
|             self.pwd_file = self.sec_dir + os.sep + '.pwd'
 | |
|         else:
 | |
|             self.sec_dir = paths.HTTPD_ALIAS_DIR
 | |
|             self.pwd_file = paths.ALIAS_PWDFILE_TXT
 | |
|         super(rabase, self).__init__(api)
 | |
| 
 | |
| 
 | |
|     def check_request_status(self, request_id):
 | |
|         """
 | |
|         Check status of a certificate signing request.
 | |
| 
 | |
|         :param request_id: request ID
 | |
|         """
 | |
|         raise errors.NotImplementedError(name='%s.check_request_status' % self.name)
 | |
| 
 | |
|     def get_certificate(self, serial_number=None):
 | |
|         """
 | |
|         Retrieve an existing certificate.
 | |
| 
 | |
|         :param serial_number: certificate serial number
 | |
|         """
 | |
|         raise errors.NotImplementedError(name='%s.get_certificate' % self.name)
 | |
| 
 | |
|     def request_certificate(
 | |
|             self, csr, profile_id, ca_id, request_type='pkcs10'):
 | |
|         """
 | |
|         Submit certificate signing request.
 | |
| 
 | |
|         :param csr: The certificate signing request.
 | |
|         :param profile_id: Profile to use for this request.
 | |
|         :param ca_id: The Authority ID to send request to. ``None`` is allowed.
 | |
|         :param request_type: The request type (defaults to ``'pkcs10'``).
 | |
|         """
 | |
|         raise errors.NotImplementedError(name='%s.request_certificate' % self.name)
 | |
| 
 | |
|     def revoke_certificate(self, serial_number, revocation_reason=0):
 | |
|         """
 | |
|         Revoke a certificate.
 | |
| 
 | |
|         The integer ``revocation_reason`` code must have one of these values:
 | |
| 
 | |
|             * ``0`` - unspecified
 | |
|             * ``1`` - keyCompromise
 | |
|             * ``2`` - cACompromise
 | |
|             * ``3`` - affiliationChanged
 | |
|             * ``4`` - superseded
 | |
|             * ``5`` - cessationOfOperation
 | |
|             * ``6`` - certificateHold
 | |
|             * ``8`` - removeFromCRL
 | |
|             * ``9`` - privilegeWithdrawn
 | |
|             * ``10`` - aACompromise
 | |
| 
 | |
|         Note that reason code ``7`` is not used.  See RFC 5280 for more details:
 | |
| 
 | |
|             http://www.ietf.org/rfc/rfc5280.txt
 | |
| 
 | |
|         :param serial_number: Certificate serial number.
 | |
|         :param revocation_reason: Integer code of revocation reason.
 | |
|         """
 | |
|         raise errors.NotImplementedError(name='%s.revoke_certificate' % self.name)
 | |
| 
 | |
|     def take_certificate_off_hold(self, serial_number):
 | |
|         """
 | |
|         Take revoked certificate off hold.
 | |
| 
 | |
|         :param serial_number: Certificate serial number.
 | |
|         """
 | |
|         raise errors.NotImplementedError(name='%s.take_certificate_off_hold' % self.name)
 | |
| 
 | |
| 
 | |
|     def find(self, options):
 | |
|         """
 | |
|         Search for certificates
 | |
| 
 | |
|         :param options: dictionary of search options
 | |
|         """
 | |
|         raise errors.NotImplementedError(name='%s.find' % self.name)
 |