freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

Commit 136c6c3 csrgen: Change to pure openssl config format (no script)

6 files Authored by benlipton a year ago , Committed by jcholast a year ago ,
csrgen: Change to pure openssl config format (no script)

https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

    
 1 @@ -66,7 +66,7 @@
 2       Class for processing a set of CSR generation rules into a template.
 3   
 4       The template can be rendered with user and database data to produce a
 5 -     script, which generates a CSR when run.
 6 +     config, which specifies how to build a CSR.
 7   
 8       Subclasses of Formatter should set the value of base_template_name to the
 9       filename of a base template with spaces for the processed rules.
10 @@ -214,7 +214,7 @@
11   
12   
13   class OpenSSLFormatter(Formatter):
14 -     """Formatter class supporting the openssl command-line tool."""
15 +     """Formatter class generating the openssl config-file format."""
16   
17       base_template_name = 'openssl_base.tmpl'
18   
19 @@ -359,17 +359,17 @@
20           self.rule_provider = rule_provider
21           self.formatter = formatter_class()
22   
23 -     def csr_script(self, principal, config, profile_id):
24 +     def csr_config(self, principal, config, profile_id):
25           render_data = {'subject': principal, 'config': config}
26   
27           rules = self.rule_provider.rules_for_profile(profile_id)
28           template = self.formatter.build_template(rules)
29   
30           try:
31 -             script = template.render(render_data)
32 +             config = template.render(render_data)
33           except jinja2.UndefinedError:
34               logger.debug(traceback.format_exc())
35               raise errors.CSRTemplateError(reason=_(
36                   'Template error when formatting certificate data'))
37   
38 -         return script
39 +         return config
 1 @@ -1,21 +1,6 @@
 2   {% raw -%}
 3   {% import "openssl_macros.tmpl" as openssl -%}
 4 - {%- endraw %}
 5 - #!/bin/bash -e
 6 - 
 7 - if [[ $# -lt 2 ]]; then
 8 - echo "Usage: $0 <outfile> <keyfile> <other openssl arguments>"
 9 - echo "Called as: $0 $@"
10 - exit 1
11 - fi
12 - 
13 - CONFIG="$(mktemp)"
14 - CSR="$1"
15 - KEYFILE="$2"
16 - shift; shift
17 - 
18 - echo \
19 - {% raw %}{% filter quote %}{% endraw -%}
20 + {% endraw -%}
21   [ req ]
22   prompt = no
23   encrypt_key = no
24 @@ -29,7 +14,4 @@
25   req_extensions = {% call openssl.section() %}{{ rendered_extensions }}{% endcall %}
26   {% endif %}
27   {{ openssl.openssl_sections|join('\n\n') }}
28 - {% endfilter %}{%- endraw %} > "$CONFIG"
29 - 
30 - openssl req -new -config "$CONFIG" -out "$CSR" -key "$KEYFILE" "$@"
31 - rm "$CONFIG"
32 + {%- endraw %}
 1 @@ -105,8 +105,7 @@
 2   
 3           generator = CSRGenerator(FileRuleProvider())
 4   
 5 -         script = generator.csr_script(
 6 -             principal_obj, config, profile_id)
 7 +         script = generator.csr_config(principal_obj, config, profile_id)
 8   
 9           result = {}
10           if 'out' in options:
 1 @@ -1,18 +1,4 @@
 2 - #!/bin/bash -e
 3 - 
 4 - if [[ $# -lt 2 ]]; then
 5 - echo "Usage: $0 <outfile> <keyfile> <other openssl arguments>"
 6 - echo "Called as: $0 $@"
 7 - exit 1
 8 - fi
 9 - 
10 - CONFIG="$(mktemp)"
11 - CSR="$1"
12 - KEYFILE="$2"
13 - shift; shift
14 - 
15 - echo \
16 - '[ req ]
17 + [ req ]
18   prompt = no
19   encrypt_key = no
20   
21 @@ -28,7 +14,3 @@
22   
23   [ sec2 ]
24   subjectAltName = @sec1
25 - ' > "$CONFIG"
26 - 
27 - openssl req -new -config "$CONFIG" -out "$CSR" -key "$KEYFILE" "$@"
28 - rm "$CONFIG"
 1 @@ -1,18 +1,4 @@
 2 - #!/bin/bash -e
 3 - 
 4 - if [[ $# -lt 2 ]]; then
 5 - echo "Usage: $0 <outfile> <keyfile> <other openssl arguments>"
 6 - echo "Called as: $0 $@"
 7 - exit 1
 8 - fi
 9 - 
10 - CONFIG="$(mktemp)"
11 - CSR="$1"
12 - KEYFILE="$2"
13 - shift; shift
14 - 
15 - echo \
16 - '[ req ]
17 + [ req ]
18   prompt = no
19   encrypt_key = no
20   
21 @@ -28,7 +14,3 @@
22   
23   [ sec2 ]
24   subjectAltName = @sec1
25 - ' > "$CONFIG"
26 - 
27 - openssl req -new -config "$CONFIG" -out "$CSR" -key "$KEYFILE" "$@"
28 - rm "$CONFIG"
 1 @@ -176,7 +176,7 @@
 2               ],
 3           }
 4   
 5 -         script = generator.csr_script(principal, config, 'userCert')
 6 +         script = generator.csr_config(principal, config, 'userCert')
 7           with open(os.path.join(
 8                   CSR_DATA_DIR, 'configs', 'userCert.conf')) as f:
 9               expected_script = f.read()
10 @@ -194,7 +194,7 @@
11               ],
12           }
13   
14 -         script = generator.csr_script(
15 +         script = generator.csr_config(
16               principal, config, 'caIPAserviceCert')
17           with open(os.path.join(
18                   CSR_DATA_DIR, 'configs', 'caIPAserviceCert.conf')) as f:
19 @@ -211,7 +211,7 @@
20           generator = csrgen.CSRGenerator(
21               rule_provider, formatter_class=IdentityFormatter)
22   
23 -         script = generator.csr_script(
24 +         script = generator.csr_config(
25               principal, {}, 'example')
26           assert script == '\n'
27   
28 @@ -225,7 +225,7 @@
29           generator = csrgen.CSRGenerator(
30               rule_provider, formatter_class=IdentityFormatter)
31   
32 -         script = generator.csr_script(principal, {}, 'example')
33 +         script = generator.csr_config(principal, {}, 'example')
34           assert script == ',testuser\n'
35   
36       def test_requiredAttributeMissing(self):
37 @@ -238,5 +238,5 @@
38               rule_provider, formatter_class=IdentityFormatter)
39   
40           with pytest.raises(errors.CSRTemplateError):
41 -             _script = generator.csr_script(
42 +             _script = generator.csr_config(
43                   principal, {}, 'example')