freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

Commit a53e178 csrgen: Beginnings of NSS database support

1 file Authored by benlipton a year ago , Committed by jcholast a year ago ,
csrgen: Beginnings of NSS database support

https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

    
 1 @@ -2,9 +2,11 @@
 2   # Copyright (C) 2016  FreeIPA Contributors see COPYING for license
 3   #
 4   
 5 + import base64
 6   import collections
 7   import errno
 8   import json
 9 + import os
10   import os.path
11   import pipes
12   import subprocess
13 @@ -17,6 +19,7 @@
14   from cryptography.hazmat.primitives import hashes
15   from cryptography.hazmat.primitives.serialization import (
16       load_pem_private_key, Encoding, PublicFormat)
17 + from cryptography.x509 import load_pem_x509_certificate
18   import jinja2
19   import jinja2.ext
20   import jinja2.sandbox
21 @@ -441,8 +444,30 @@
22   
23   
24   class NSSAdaptor(object):
25 +     def __init__(self, database, password_filename):
26 +         self.database = database
27 +         self.password_filename = password_filename
28 +         self.nickname = base64.b32encode(os.urandom(40))
29 + 
30       def get_subject_public_key_info(self):
31 -         raise NotImplementedError('NSS is not yet supported')
32 +         temp_cn = base64.b32encode(os.urandom(40))
33 + 
34 +         password_args = []
35 +         if self.password_filename is not None:
36 +             password_args = ['-f', self.password_filename]
37 + 
38 +         subprocess.check_call(
39 +             ['certutil', '-S', '-n', self.nickname, '-s', 'CN=%s' % temp_cn,
40 +              '-x', '-t', ',,', '-d', self.database] + password_args)
41 +         cert_pem = subprocess.check_output(
42 +             ['certutil', '-L', '-n', self.nickname, '-a',
43 +              '-d', self.database] + password_args)
44 + 
45 +         cert = load_pem_x509_certificate(cert_pem, default_backend())
46 +         pubkey_info = cert.public_key().public_bytes(
47 +             Encoding.DER, PublicFormat.SubjectPublicKeyInfo)
48 + 
49 +         return pubkey_info
50   
51       def sign_csr(self, certification_request_info):
52           raise NotImplementedError('NSS is not yet supported')