From 2ccd4da44b5d66298bf1d4938fa3dc6ce2dbfa84 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Jan 30 2019 07:08:44 +0000 Subject: Optimize cert remove case The cert_remove and mod subcommands for service and host now pass in the name to cert_find() to benefit from special cases. See: https://pagure.io/freeipa/issue/7835 Signed-off-by: Christian Heimes Reviewed-By: Alexander Bokovoy --- diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 306105d..c74a3e5 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -899,7 +899,9 @@ class host_mod(LDAPUpdate): old_certs = entry_attrs_old.get('usercertificate', []) removed_certs = set(old_certs) - set(certs) for cert in removed_certs: - rm_certs = api.Command.cert_find(certificate=cert)['result'] + rm_certs = api.Command.cert_find( + certificate=cert, + host=keys)['result'] revoke_certs(rm_certs) if certs: @@ -1335,7 +1337,9 @@ class host_remove_cert(LDAPRemoveAttributeViaOption): assert isinstance(dn, DN) for cert in options.get('usercertificate', []): - revoke_certs(api.Command.cert_find(certificate=cert)['result']) + revoke_certs(api.Command.cert_find( + certificate=cert, + host=keys)['result']) return dn diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index 30233f6..3c04599 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -713,7 +713,8 @@ class service_mod(LDAPUpdate): removed_certs = set(old_certs) - set(certs) for cert in removed_certs: rm_certs = api.Command.cert_find( - certificate=cert.public_bytes(x509.Encoding.DER))['result'] + certificate=cert.public_bytes(x509.Encoding.DER), + service=keys)['result'] revoke_certs(rm_certs) if certs: @@ -993,7 +994,9 @@ class service_remove_cert(LDAPRemoveAttributeViaOption): assert isinstance(dn, DN) for cert in options.get('usercertificate', []): - revoke_certs(api.Command.cert_find(certificate=cert)['result']) + revoke_certs(api.Command.cert_find( + certificate=cert, + service=keys)['result']) return dn