From 17266e99274ea6dfe8cb3f8a001f17d019e5e4df Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Mar 18 2013 14:06:14 +0000 Subject: Web UI:Certificate pages Following pages were added to Web UI: * certificated details * certificate search Certificate is not regular object so it gets no metadata. Therefore artificial metadata were created for it to allow usage of search and details facet. Search and details facet were modified to allow removing of add/remove/update/ reset buttons - certificates have no mod operation and they are not added by standard means. User can revoke and restore certificated in details facet. https://fedorahosted.org/freeipa/ticket/3419 --- diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js index f7bc843..84cff41 100755 --- a/install/ui/src/freeipa/certificate.js +++ b/install/ui/src/freeipa/certificate.js @@ -19,7 +19,7 @@ * along with this program. If not, see . */ -define(['./ipa', './jquery', './dialog'], function(IPA, $) { +define(['./ipa', './jquery','dojo/_base/lang', './dialog'], function(IPA, $, lang) { IPA.cert = {}; @@ -486,6 +486,7 @@ IPA.cert.load_policy = function(spec) { var that = IPA.facet_policy(); that.loader = IPA.build(spec.loader); + that.has_reason = spec.has_reason; that.post_load = function(data) { @@ -499,7 +500,8 @@ IPA.cert.load_policy = function(spec) { // initialize another load of certificate because current entity // show commands don't contain revocation_reason so previous data // might be slightly incorrect - if (certificate && certificate.certificate && !IPA.cert.is_selfsign()) { + if (!that.has_reason && certificate && certificate.certificate && + !IPA.cert.is_selfsign()) { that.load_revocation_reason(certificate.serial_number); } }; @@ -639,6 +641,7 @@ IPA.cert.request_action = function(spec) { on_success: function(data, text_status, xhr) { facet.refresh(); IPA.notify_success(IPA.messages.objects.cert.requested); + facet.certificate_updated.notify([], that.facet); } }).execute(); } @@ -672,9 +675,12 @@ IPA.cert.revoke_action = function(spec) { var entity_label = that.entity_label || facet.entity.metadata.label_singular; var entity_name = certificate.entity_info.name; - var title = IPA.messages.objects.cert.revoke_certificate; - title = title.replace('${entity}', entity_label); - title = title.replace('${primary_key}', entity_name); + var title = IPA.messages.objects.cert.revoke_certificate_simple; + if (entity_name && entity_label) { + title = IPA.messages.objects.cert.revoke_certificate; + title = title.replace('${entity}', entity_label); + title = title.replace('${primary_key}', entity_name); + } that.dialog.title = title; that.dialog.message = that.get_confirm_message(facet); @@ -694,6 +700,7 @@ IPA.cert.revoke_action = function(spec) { on_success: function(data, text_status, xhr) { facet.refresh(); IPA.notify_success(IPA.messages.objects.cert.revoked); + facet.certificate_updated.notify([], that.facet); } }).execute(); }; @@ -725,9 +732,12 @@ IPA.cert.restore_action = function(spec) { var entity_label = that.entity_label || facet.entity.metadata.label_singular; var entity_name = certificate.entity_info.name; - var title = IPA.messages.objects.cert.restore_certificate; - title = title.replace('${entity}', entity_label); - title = title.replace('${primary_key}', entity_name); + var title = IPA.messages.objects.cert.restore_certificate_simple; + if (entity_name && entity_label) { + title = IPA.messages.objects.cert.restore_certificate; + title = title.replace('${entity}', entity_label); + title = title.replace('${primary_key}', entity_name); + } that.dialog.title = title; that.dialog.message = that.get_confirm_message(facet); @@ -744,6 +754,7 @@ IPA.cert.restore_action = function(spec) { on_success: function(data, text_status, xhr) { facet.refresh(); IPA.notify_success(IPA.messages.objects.cert.restored); + facet.certificate_updated.notify([], that.facet); } }).execute(); }; @@ -923,5 +934,275 @@ IPA.cert.status_field = function(spec) { IPA.widget_factories['certificate_status'] = IPA.cert.status_widget; IPA.field_factories['certificate_status'] = IPA.cert.status_field; +IPA.cert.entity = function(spec) { + + spec = spec || {}; + + spec.policies = spec.policies || [ + IPA.search_facet_update_policy(), + IPA.details_facet_update_policy(), + IPA.cert.cert_update_policy({ + source_facet: 'details', + dest_facet: 'search' + }), + IPA.cert.cert_update_policy({ + source_facet: 'details', + dest_entity: 'host', + dest_facet: 'details' + }), + IPA.cert.cert_update_policy({ + source_facet: 'details', + dest_entity: 'service', + dest_facet: 'details' + }) + ]; + + var that = IPA.entity(spec); + + that.get_default_metadata = function() { + + var add_param = function(name, label, doc, primary_key) { + entity.takes_params.push({ + name: name, + label: label, + doc: doc, + primary_key: !!primary_key, + flags: ['no_update'] + }); + }; + + var get_param = function(params, name) { + + for (var i=0;i
  • Create a certificate database or use an existing one. To create a new database:
    # certutil -N -d <database path>
  • Create a CSR with subject CN=<hostname>,O=<realm>, for example:
    # certutil -R -d <database path> -a -g <key size> -s 'CN=${hostname},O=${realm}'
  • Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below:
    • ", "requested": "Certificate requested", "restore_certificate": "Restore Certificate for ${entity} ${primary_key}", + "restore_certificate_simple": "Restore Certificate", "restore_confirmation": "To confirm your intention to restore this certificate, click the \"Restore\" button.", "restored": "Certificate restored", + "revocation_reason": "Revocation reason", "revoke_certificate": "Revoke Certificate for ${entity} ${primary_key}", + "revoke_certificate_simple": "Revoke Certificate", "revoke_confirmation": "To confirm your intention to revoke this certificate, select a reason from the pull-down list, and click the \"Revoke\" button.", "revoked": "Certificate Revoked", "serial_number": "Serial Number", "serial_number_hex": "Serial Number (hex)", "sha1_fingerprint": "SHA1 Fingerprint", + "status": "Status", "superseded": "Superseded", "unspecified": "Unspecified", "valid": "Valid Certificate Present", @@ -510,6 +516,7 @@ "audit": "Audit", "automember": "Automember", "automount": "Automount", + "cert": "Certificates", "dns": "DNS", "hbac": "Host Based Access Control", "identity": "Identity", diff --git a/install/ui/test/data/ipa_init_commands.json b/install/ui/test/data/ipa_init_commands.json index 2c128f7..a7e00ba 100644 --- a/install/ui/test/data/ipa_init_commands.json +++ b/install/ui/test/data/ipa_init_commands.json @@ -1825,6 +1825,153 @@ ], "takes_options": [] }, + "cert_find": { + "name": "cert_find", + "takes_args": [], + "takes_options": [ + { + "class": "Str", + "doc": "Subject", + "flags": [], + "label": "Subject", + "name": "subject", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Int", + "doc": "Reason for revoking the certificate (0-10)", + "flags": [], + "label": "Reason", + "maxvalue": 10, + "minvalue": 0, + "name": "revocation_reason", + "type": "int" + }, + { + "class": "Int", + "doc": "minimum serial number", + "flags": [], + "label": "", + "maxvalue": 2147483647, + "minvalue": 0, + "name": "min_serial_number", + "type": "int" + }, + { + "class": "Int", + "doc": "maximum serial number", + "flags": [], + "label": "", + "maxvalue": 2147483647, + "minvalue": -2147483648, + "name": "max_serial_number", + "type": "int" + }, + { + "class": "Flag", + "doc": "match the common name exactly", + "flags": [], + "label": "", + "name": "exactly", + "type": "bool" + }, + { + "class": "Str", + "doc": "Valid not after from this date (YYYY-mm-dd)", + "flags": [], + "label": "", + "name": "validnotafter_from", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Valid not after to this date (YYYY-mm-dd)", + "flags": [], + "label": "", + "name": "validnotafter_to", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Valid not before from this date (YYYY-mm-dd)", + "flags": [], + "label": "", + "name": "validnotbefore_from", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Valid not before to this date (YYYY-mm-dd)", + "flags": [], + "label": "", + "name": "validnotbefore_to", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Issued on from this date (YYYY-mm-dd)", + "flags": [], + "label": "", + "name": "issuedon_from", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Issued on to this date (YYYY-mm-dd)", + "flags": [], + "label": "", + "name": "issuedon_to", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Revoked on from this date (YYYY-mm-dd)", + "flags": [], + "label": "", + "name": "revokedon_from", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Revoked on to this date (YYYY-mm-dd)", + "flags": [], + "label": "", + "name": "revokedon_to", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Int", + "default": 100, + "doc": "Maximum number of certs returned", + "flags": [ + "no_display" + ], + "label": "Size Limit", + "maxvalue": 2147483647, + "minvalue": 0, + "name": "sizelimit", + "type": "int" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, "cert_remove_hold": { "name": "cert_remove_hold", "takes_args": { diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index 2ca112e..cc0bf99 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -312,6 +312,8 @@ class i18n_messages(Command): "aa_compromise": _("AA Compromise"), "affiliation_changed": _("Affiliation Changed"), "ca_compromise": _("CA Compromise"), + "certificate": _("Certificate"), + "certificates": _("Certificates"), "certificate_hold": _("Certificate Hold"), "cessation_of_operation": _("Cessation of Operation"), "common_name": _("Common Name"), @@ -334,14 +336,18 @@ class i18n_messages(Command): "request_message": _("
    1. Create a certificate database or use an existing one. To create a new database:
      # certutil -N -d <database path>
    2. Create a CSR with subject CN=<hostname>,O=<realm>, for example:
      # certutil -R -d <database path> -a -g <key size> -s 'CN=${hostname},O=${realm}'
    3. Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below:
    "), "requested": _("Certificate requested"), "restore_certificate": _("Restore Certificate for ${entity} ${primary_key}"), + "restore_certificate_simple": _("Restore Certificate"), "restore_confirmation": _("To confirm your intention to restore this certificate, click the \"Restore\" button."), "restored": _("Certificate restored"), + "revocation_reason": _("Revocation reason"), "revoke_certificate": _("Revoke Certificate for ${entity} ${primary_key}"), + "revoke_certificate_simple": _("Revoke Certificate"), "revoke_confirmation": _("To confirm your intention to revoke this certificate, select a reason from the pull-down list, and click the \"Revoke\" button."), "revoked": _("Certificate Revoked"), "serial_number": _("Serial Number"), "serial_number_hex": _("Serial Number (hex)"), "sha1_fingerprint": _("SHA1 Fingerprint"), + "status": _("Status"), "superseded": _("Superseded"), "unspecified": _("Unspecified"), "valid": _("Valid Certificate Present"), @@ -649,6 +655,7 @@ class i18n_messages(Command): "audit": _("Audit"), "automember": _("Automember"), "automount": _("Automount"), + "cert": _("Certificates"), "dns": _("DNS"), "hbac": _("Host Based Access Control"), "identity": _("Identity"),