freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

Commit fc58eff csrgen: Add CSR generation profile for caIPAserviceCert

6 files Authored by benlipton a year ago , Committed by jcholast a year ago ,
csrgen: Add CSR generation profile for caIPAserviceCert

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

    
 1 @@ -2,10 +2,15 @@
 2   
 3   profiledir = $(IPA_DATA_DIR)/csrgen/profiles
 4   profile_DATA =»       »       »       »       \
 5 + »       profiles/caIPAserviceCert.json»       \
 6   »       $(NULL)
 7   
 8   ruledir = $(IPA_DATA_DIR)/csrgen/rules
 9   rule_DATA =»       »       »       »       \
10 + »       rules/dataDNS.json»       »       \
11 + »       rules/dataHostCN.json»       »       \
12 + »       rules/syntaxSAN.json»       »       \
13 + »       rules/syntaxSubject.json»       \
14   »       $(NULL)
15   
16   templatedir = $(IPA_DATA_DIR)/csrgen/templates
 1 @@ -0,0 +1,14 @@
 2 + [
 3 +     {
 4 +         "syntax": "syntaxSubject",
 5 +         "data": [
 6 +             "dataHostCN"
 7 +         ]
 8 +     },
 9 +     {
10 +         "syntax": "syntaxSAN",
11 +         "data": [
12 +             "dataDNS"
13 +         ]
14 +     }
15 + ]
 1 @@ -0,0 +1,12 @@
 2 + {
 3 +   "rules": [
 4 +     {
 5 +       "helper": "openssl",
 6 +       "template": "DNS = {{ipa.datafield(subject.krbprincipalname.0.partition('/')[2].partition('@')[0])}}"
 7 +     },
 8 +     {
 9 +       "helper": "certutil",
10 +       "template": "dns:{{ipa.datafield(subject.krbprincipalname.0.partition('/')[2].partition('@')[0])|quote}}"
11 +     }
12 +   ]
13 + }
 1 @@ -0,0 +1,12 @@
 2 + {
 3 +   "rules": [
 4 +     {
 5 +       "helper": "openssl",
 6 +       "template": "{{ipa.datafield(config.ipacertificatesubjectbase.0)}}\nCN={{ipa.datafield(subject.krbprincipalname.0.partition('/')[2].partition('@')[0])}}"
 7 +     },
 8 +     {
 9 +       "helper": "certutil",
10 +       "template": "CN={{ipa.datafield(subject.krbprincipalname.0.partition('/')[2].partition('@')[0])|quote}},{{ipa.datafield(config.ipacertificatesubjectbase.0)|quote}}"
11 +     }
12 +   ]
13 + }
 1 @@ -0,0 +1,15 @@
 2 + {
 3 +   "rules": [
 4 +     {
 5 +       "helper": "openssl",
 6 +       "template": "subjectAltName = @{% call openssl.section() %}{{ datarules|join('\n') }}{% endcall %}",
 7 +       "options": {
 8 +         "extension": true
 9 +       }
10 +     },
11 +     {
12 +       "helper": "certutil",
13 +       "template": "--extSAN {{ datarules|join(',') }}"
14 +     }
15 +   ]
16 + }
 1 @@ -0,0 +1,15 @@
 2 + {
 3 +   "rules": [
 4 +     {
 5 +       "helper": "openssl",
 6 +       "template": "distinguished_name = {% call openssl.section() %}{{ datarules|first }}{% endcall %}"
 7 +     },
 8 +     {
 9 +       "helper": "certutil",
10 +       "template": "-s {{ datarules|first }}"
11 +     }
12 +   ],
13 +   "options": {
14 +     "required": true
15 +   }
16 + }