1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
# Authors:
# Andrew Wnuk <awnuk@redhat.com>
# Jason Gerard DeRose <jderose@redhat.com>
# John Dennis <jdennis@redhat.com>
#
# Copyright (C) 2009 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import base64
from ipaclient.frontend import MethodOverride
from ipalib import errors
from ipalib import x509
from ipalib import util
from ipalib.parameters import BinaryFile, File, Flag, Str
from ipalib.plugable import Registry
from ipalib.text import _
register = Registry()
class CertRetrieveOverride(MethodOverride):
takes_options = (
Str(
'certificate_out?',
doc=_('Write certificate (chain if --chain used) to file'),
include='cli',
cli_metavar='FILE',
),
)
def forward(self, *args, **options):
filename = None
if 'certificate_out' in options:
filename = options.pop('certificate_out')
result = super(CertRetrieveOverride, self).forward(*args, **options)
if filename is not None:
try:
util.check_writable_file(filename)
except errors.FileError as e:
raise errors.ValidationError(name='certificate-out',
error=str(e))
if options.get('chain', False):
certs = result['result']['certificate_chain']
else:
certs = [base64.b64decode(result['result']['certificate'])]
certs = (x509.load_der_x509_certificate(cert) for cert in certs)
x509.write_certificate_list(certs, filename)
return result
@register(override=True, no_fail=True)
class cert_request(CertRetrieveOverride):
def get_args(self):
for arg in super(cert_request, self).get_args():
if arg.name == 'csr':
arg = arg.clone_retype(arg.name, File, required=False)
yield arg
@register(override=True, no_fail=True)
class cert_show(CertRetrieveOverride):
def get_options(self):
for option in super(cert_show, self).get_options():
if option.name == 'out':
# skip server-defined --out
continue
if option.name == 'certificate_out':
# add --out as a deprecated alias of --certificate-out
option = option.clone_rename(
'out',
cli_name='certificate_out',
deprecated_cli_aliases={'out'},
)
yield option
def forward(self, *args, **options):
try:
options['certificate_out'] = options.pop('out')
except KeyError:
pass
return super(cert_show, self).forward(*args, **options)
@register(override=True, no_fail=True)
class cert_remove_hold(MethodOverride):
has_output_params = (
Flag('unrevoked',
label=_('Unrevoked'),
),
Str('error_string',
label=_('Error'),
),
)
@register(override=True, no_fail=True)
class cert_find(MethodOverride):
takes_options = (
BinaryFile(
'file?',
label=_("Input filename"),
doc=_('File to load the certificate from.'),
include='cli',
),
)
def forward(self, *args, **options):
if self.api.env.context == 'cli':
if 'certificate' in options and 'file' in options:
raise errors.MutuallyExclusiveError(
reason=_("cannot specify both raw certificate and file"))
if 'certificate' not in options and 'file' in options:
options['certificate'] = x509.load_unknown_x509_certificate(
options.pop('file'))
return super(cert_find, self).forward(*args, **options)
|
