From 40a019b676c7fe193b6f7c2813150165737c7b59 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Jan 23 2013 19:21:12 +0000 Subject: Update plugin to upload CA certificate to LDAP Define post-update plugin to upload public CA certificate to IPA LDAP server. The plugin includes also update file that creates default container for the certificate. --- diff --git a/ipaserver/install/plugins/upload_cacrt.py b/ipaserver/install/plugins/upload_cacrt.py new file mode 100644 index 0000000..d60247b --- /dev/null +++ b/ipaserver/install/plugins/upload_cacrt.py @@ -0,0 +1,56 @@ +# Authors: +# Alexander Bokovoy +# +# Copyright (C) 2012 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from ipaserver.install.plugins import MIDDLE +from ipaserver.install.plugins.baseupdate import PostUpdate +from ipaserver.install.dsinstance import realm_to_serverid, config_dirname +from ipaserver.install import certs +from ipalib import api +from ipapython.dn import DN +import base64 + +class update_upload_cacrt(PostUpdate): + """ + Upload public CA certificate to LDAP + """ + order=MIDDLE + + def execute(self, **options): + ldap = self.obj.backend + (cdn, ipa_config) = ldap.get_ipa_config() + subject_base = ipa_config.get('ipacertificatesubjectbase', [None])[0] + dirname = config_dirname(realm_to_serverid(api.env.realm)) + certdb = certs.CertDB(api.env.realm, nssdir=dirname, subject_base=subject_base) + + dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False) + cadercert = base64.b64encode(dercert) + + updates = {} + dn = DN(('cn', 'CACert'), ('cn', 'ipa'), ('cn','etc'), api.env.basedn) + + cacrt_entry = ['objectclass:nsContainer', + 'objectclass:pkiCA', + 'cn:CAcert', + 'cACertificate;binary:%s' % cadercert, + ] + updates[dn] = {'dn': dn, 'default': cacrt_entry} + + return (False, True, [updates]) + +api.register(update_upload_cacrt)