IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
fdd471d55c
freeipa/ipaserver/plugins/rabase.py
Florence Blanc-Renaud 0d23fa9278 CRL generation master: new utility to enable|disable 
Implement a new command ipa-clrgen-manage to enable, disable, or check
the status of CRL generation on the localhost.
The command automates the manual steps described in the wiki
https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master

Fixes: https://pagure.io/freeipa/issue/5803
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2019-03-14 09:39:55 +01:00

135 lines
4.5 KiB
Python
Raw Blame History

# Authors:
# Rob Crittenden <rcritten@@redhat.com>
#
# Copyright (C) 2009 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Backend plugin for RA activities.
The `ra` plugin provides access to the CA to issue, retrieve, and revoke
certificates via the following methods:
* `ra.check_request_status()` - check certificate request status.
* `ra.get_certificate()` - retrieve an existing certificate.
* `ra.request_certificate()` - request a new certificate.
* `ra.revoke_certificate()` - revoke a certificate.
* `ra.take_certificate_off_hold()` - take a certificate off hold.
"""
from __future__ import absolute_import
from ipalib import Backend
from ipalib import errors
import os
from ipaplatform.paths import paths
class rabase(Backend):
"""
Request Authority backend plugin.
"""
def __init__(self, api):
self.ca_cert = api.env.tls_ca_cert
if api.env.in_tree:
self.client_certfile = os.path.join(
api.env.dot_ipa, 'ra-agent.pem')
self.client_keyfile = os.path.join(api.env.dot_ipa, 'ra-agent.key')
else:
self.client_certfile = paths.RA_AGENT_PEM
self.client_keyfile = paths.RA_AGENT_KEY
super(rabase, self).__init__(api)
def check_request_status(self, request_id):
"""
Check status of a certificate signing request.
:param request_id: request ID
"""
raise errors.NotImplementedError(name='%s.check_request_status' % self.name)
def get_certificate(self, serial_number):
"""
Retrieve an existing certificate.
:param serial_number: certificate serial number
"""
raise errors.NotImplementedError(name='%s.get_certificate' % self.name)
def request_certificate(
self, csr, profile_id, ca_id, request_type='pkcs10'):
"""
Submit certificate signing request.
:param csr: The certificate signing request.
:param profile_id: Profile to use for this request.
:param ca_id: The Authority ID to send request to. ``None`` is allowed.
:param request_type: The request type (defaults to ``'pkcs10'``).
"""
raise errors.NotImplementedError(name='%s.request_certificate' % self.name)
def revoke_certificate(self, serial_number, revocation_reason=0):
"""
Revoke a certificate.
The integer ``revocation_reason`` code must have one of these values:
* ``0`` - unspecified
* ``1`` - keyCompromise
* ``2`` - cACompromise
* ``3`` - affiliationChanged
* ``4`` - superseded
* ``5`` - cessationOfOperation
* ``6`` - certificateHold
* ``8`` - removeFromCRL
* ``9`` - privilegeWithdrawn
* ``10`` - aACompromise
Note that reason code ``7`` is not used. See RFC 5280 for more details:
http://www.ietf.org/rfc/rfc5280.txt
:param serial_number: Certificate serial number.
:param revocation_reason: Integer code of revocation reason.
"""
raise errors.NotImplementedError(name='%s.revoke_certificate' % self.name)
def take_certificate_off_hold(self, serial_number):
"""
Take revoked certificate off hold.
:param serial_number: Certificate serial number.
"""
raise errors.NotImplementedError(name='%s.take_certificate_off_hold' % self.name)
def find(self, options):
"""
Search for certificates
:param options: dictionary of search options
"""
raise errors.NotImplementedError(name='%s.find' % self.name)
def updateCRL(self, wait='false'):
"""
Force update of the CRL
:param wait: if true, the call will be synchronous and return only
when the CRL has been generated
"""
raise errors.NotImplementedError(name='%s.updateCRL' % self.name)
Reference in New Issue View Git Blame Copy Permalink