subject:"\[Freeipa\-devel\] \[freeipa PR#10\] Client\-side CSR autogeneration \(synchronize\)"

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

2016-09-14 Thread LiptonB

LiptonB's pull request #10: "Client-side CSR autogeneration" was synchronize

See the full pull-request at https://github.com/freeipa/freeipa/pull/10
... or pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/10/head:pr10
git checkout pr10
From eeeb57fa9ff1642dbd1e32fbfe435052de2541ee Mon Sep 17 00:00:00 2001
From: Ben Lipton 
Date: Tue, 5 Jul 2016 14:19:35 -0400
Subject: [PATCH 01/10] Add code to generate scripts that generate CSRs

Adds a library that uses jinja2 to format a script that, when run, will
build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses
this library and builds the script for a given principal. The rules are
read from json files in /usr/share/ipa/csr, but the rule provider is a
separate class so that it can be replaced easily.

https://fedorahosted.org/freeipa/ticket/4899
---
 freeipa.spec.in |   8 +
 install/configure.ac|   1 +
 install/share/Makefile.am   |   1 +
 install/share/csr/Makefile.am   |  27 +++
 install/share/csr/templates/certutil_base.tmpl  |  14 ++
 install/share/csr/templates/ipa_macros.tmpl |  42 
 install/share/csr/templates/openssl_base.tmpl   |  35 +++
 install/share/csr/templates/openssl_macros.tmpl |  29 +++
 ipaclient/plugins/certmapping.py| 105 +
 ipalib/certmapping.py   | 285 
 ipalib/errors.py|   9 +
 ipapython/templating.py |  31 +++
 12 files changed, 587 insertions(+)
 create mode 100644 install/share/csr/Makefile.am
 create mode 100644 install/share/csr/templates/certutil_base.tmpl
 create mode 100644 install/share/csr/templates/ipa_macros.tmpl
 create mode 100644 install/share/csr/templates/openssl_base.tmpl
 create mode 100644 install/share/csr/templates/openssl_macros.tmpl
 create mode 100644 ipaclient/plugins/certmapping.py
 create mode 100644 ipalib/certmapping.py
 create mode 100644 ipapython/templating.py

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e3ad5b6..ab8e8e6 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -507,6 +507,7 @@ Requires: python-custodia
 Requires: python-dns >= 1.11.1
 Requires: python-netifaces >= 0.10.4
 Requires: pyusb
+Requires: python-jinja2
 
 Conflicts: %{alt_name}-python < %{version}
 
@@ -1178,6 +1179,13 @@ fi
 %{_usr}/share/ipa/advise/legacy/*.template
 %dir %{_usr}/share/ipa/profiles
 %{_usr}/share/ipa/profiles/*.cfg
+%dir %{_usr}/share/ipa/csr
+%dir %{_usr}/share/ipa/csr/templates
+%{_usr}/share/ipa/csr/templates/*.tmpl
+%dir %{_usr}/share/ipa/csr/profiles
+%{_usr}/share/ipa/csr/profiles/*.json
+%dir %{_usr}/share/ipa/csr/rules
+%{_usr}/share/ipa/csr/rules/*.json
 %dir %{_usr}/share/ipa/ffextension
 %{_usr}/share/ipa/ffextension/bootstrap.js
 %{_usr}/share/ipa/ffextension/install.rdf
diff --git a/install/configure.ac b/install/configure.ac
index 81f17b9..365f0e9 100644
--- a/install/configure.ac
+++ b/install/configure.ac
@@ -87,6 +87,7 @@ AC_CONFIG_FILES([
 share/Makefile
 share/advise/Makefile
 share/advise/legacy/Makefile
+share/csr/Makefile
 share/profiles/Makefile
 share/schema.d/Makefile
 ui/Makefile
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index d8845ee..0a15635 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -2,6 +2,7 @@ NULL =
 
 SUBDIRS =  \
 	advise\
+	csr\
 	profiles			\
 	schema.d			\
 	$(NULL)
diff --git a/install/share/csr/Makefile.am b/install/share/csr/Makefile.am
new file mode 100644
index 000..5a8ef5c
--- /dev/null
+++ b/install/share/csr/Makefile.am
@@ -0,0 +1,27 @@
+NULL =
+
+profiledir = $(IPA_DATA_DIR)/csr/profiles
+profile_DATA =\
+	$(NULL)
+
+ruledir = $(IPA_DATA_DIR)/csr/rules
+rule_DATA =\
+	$(NULL)
+
+templatedir = $(IPA_DATA_DIR)/csr/templates
+template_DATA =			\
+	templates/certutil_base.tmpl	\
+	templates/openssl_base.tmpl	\
+	templates/openssl_macros.tmpl	\
+	templates/ipa_macros.tmpl	\
+	$(NULL)
+
+EXTRA_DIST =\
+	$(profile_DATA)			\
+	$(rule_DATA)			\
+	$(template_DATA)		\
+	$(NULL)
+
+MAINTAINERCLEANFILES =			\
+	*~\
+	Makefile.in
diff --git a/install/share/csr/templates/certutil_base.tmpl b/install/share/csr/templates/certutil_base.tmpl
new file mode 100644
index 000..6c6425f
--- /dev/null
+++ b/install/share/csr/templates/certutil_base.tmpl
@@ -0,0 +1,14 @@
+{% raw -%}
+{% import "ipa_macros.tmpl" as ipa -%}
+{%- endraw %}
+#!/bin/bash -e
+
+if [[ $# -lt 1 ]]; then
+echo "Usage: $0  [  ]"
+echo "Called as: $0 $@"
+exit 1
+fi
+
+CSR="$1"
+shift
+certutil -R -a -z <(head -c 4096 /dev/urandom) -o "$CSR" {{ options|join(' ') }} "$@"
diff --git a/install/share/csr/templates/ipa_macros.tmpl b/install/share/csr/templates/ipa_macros.tmpl
new file mode 100644
index 000..e790d4e
--- /dev/null
+++

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

2016-09-07 Thread LiptonB

LiptonB's pull request #10: "Client-side CSR autogeneration" was synchronize

See the full pull-request at https://github.com/freeipa/freeipa/pull/10
... or pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/10/head:pr10
git checkout pr10
From eeeb57fa9ff1642dbd1e32fbfe435052de2541ee Mon Sep 17 00:00:00 2001
From: Ben Lipton 
Date: Tue, 5 Jul 2016 14:19:35 -0400
Subject: [PATCH 1/8] Add code to generate scripts that generate CSRs

Adds a library that uses jinja2 to format a script that, when run, will
build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses
this library and builds the script for a given principal. The rules are
read from json files in /usr/share/ipa/csr, but the rule provider is a
separate class so that it can be replaced easily.

https://fedorahosted.org/freeipa/ticket/4899
---
 freeipa.spec.in |   8 +
 install/configure.ac|   1 +
 install/share/Makefile.am   |   1 +
 install/share/csr/Makefile.am   |  27 +++
 install/share/csr/templates/certutil_base.tmpl  |  14 ++
 install/share/csr/templates/ipa_macros.tmpl |  42 
 install/share/csr/templates/openssl_base.tmpl   |  35 +++
 install/share/csr/templates/openssl_macros.tmpl |  29 +++
 ipaclient/plugins/certmapping.py| 105 +
 ipalib/certmapping.py   | 285 
 ipalib/errors.py|   9 +
 ipapython/templating.py |  31 +++
 12 files changed, 587 insertions(+)
 create mode 100644 install/share/csr/Makefile.am
 create mode 100644 install/share/csr/templates/certutil_base.tmpl
 create mode 100644 install/share/csr/templates/ipa_macros.tmpl
 create mode 100644 install/share/csr/templates/openssl_base.tmpl
 create mode 100644 install/share/csr/templates/openssl_macros.tmpl
 create mode 100644 ipaclient/plugins/certmapping.py
 create mode 100644 ipalib/certmapping.py
 create mode 100644 ipapython/templating.py

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e3ad5b6..ab8e8e6 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -507,6 +507,7 @@ Requires: python-custodia
 Requires: python-dns >= 1.11.1
 Requires: python-netifaces >= 0.10.4
 Requires: pyusb
+Requires: python-jinja2
 
 Conflicts: %{alt_name}-python < %{version}
 
@@ -1178,6 +1179,13 @@ fi
 %{_usr}/share/ipa/advise/legacy/*.template
 %dir %{_usr}/share/ipa/profiles
 %{_usr}/share/ipa/profiles/*.cfg
+%dir %{_usr}/share/ipa/csr
+%dir %{_usr}/share/ipa/csr/templates
+%{_usr}/share/ipa/csr/templates/*.tmpl
+%dir %{_usr}/share/ipa/csr/profiles
+%{_usr}/share/ipa/csr/profiles/*.json
+%dir %{_usr}/share/ipa/csr/rules
+%{_usr}/share/ipa/csr/rules/*.json
 %dir %{_usr}/share/ipa/ffextension
 %{_usr}/share/ipa/ffextension/bootstrap.js
 %{_usr}/share/ipa/ffextension/install.rdf
diff --git a/install/configure.ac b/install/configure.ac
index 81f17b9..365f0e9 100644
--- a/install/configure.ac
+++ b/install/configure.ac
@@ -87,6 +87,7 @@ AC_CONFIG_FILES([
 share/Makefile
 share/advise/Makefile
 share/advise/legacy/Makefile
+share/csr/Makefile
 share/profiles/Makefile
 share/schema.d/Makefile
 ui/Makefile
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index d8845ee..0a15635 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -2,6 +2,7 @@ NULL =
 
 SUBDIRS =  \
 	advise\
+	csr\
 	profiles			\
 	schema.d			\
 	$(NULL)
diff --git a/install/share/csr/Makefile.am b/install/share/csr/Makefile.am
new file mode 100644
index 000..5a8ef5c
--- /dev/null
+++ b/install/share/csr/Makefile.am
@@ -0,0 +1,27 @@
+NULL =
+
+profiledir = $(IPA_DATA_DIR)/csr/profiles
+profile_DATA =\
+	$(NULL)
+
+ruledir = $(IPA_DATA_DIR)/csr/rules
+rule_DATA =\
+	$(NULL)
+
+templatedir = $(IPA_DATA_DIR)/csr/templates
+template_DATA =			\
+	templates/certutil_base.tmpl	\
+	templates/openssl_base.tmpl	\
+	templates/openssl_macros.tmpl	\
+	templates/ipa_macros.tmpl	\
+	$(NULL)
+
+EXTRA_DIST =\
+	$(profile_DATA)			\
+	$(rule_DATA)			\
+	$(template_DATA)		\
+	$(NULL)
+
+MAINTAINERCLEANFILES =			\
+	*~\
+	Makefile.in
diff --git a/install/share/csr/templates/certutil_base.tmpl b/install/share/csr/templates/certutil_base.tmpl
new file mode 100644
index 000..6c6425f
--- /dev/null
+++ b/install/share/csr/templates/certutil_base.tmpl
@@ -0,0 +1,14 @@
+{% raw -%}
+{% import "ipa_macros.tmpl" as ipa -%}
+{%- endraw %}
+#!/bin/bash -e
+
+if [[ $# -lt 1 ]]; then
+echo "Usage: $0  [  ]"
+echo "Called as: $0 $@"
+exit 1
+fi
+
+CSR="$1"
+shift
+certutil -R -a -z <(head -c 4096 /dev/urandom) -o "$CSR" {{ options|join(' ') }} "$@"
diff --git a/install/share/csr/templates/ipa_macros.tmpl b/install/share/csr/templates/ipa_macros.tmpl
new file mode 100644
index 000..e790d4e
--- /dev/null
+++

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

2016-09-06 Thread LiptonB

LiptonB's pull request #10: "Client-side CSR autogeneration" was synchronize

See the full pull-request at https://github.com/freeipa/freeipa/pull/10
... or pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/10/head:pr10
git checkout pr10
From eeeb57fa9ff1642dbd1e32fbfe435052de2541ee Mon Sep 17 00:00:00 2001
From: Ben Lipton 
Date: Tue, 5 Jul 2016 14:19:35 -0400
Subject: [PATCH 1/6] Add code to generate scripts that generate CSRs

Adds a library that uses jinja2 to format a script that, when run, will
build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses
this library and builds the script for a given principal. The rules are
read from json files in /usr/share/ipa/csr, but the rule provider is a
separate class so that it can be replaced easily.

https://fedorahosted.org/freeipa/ticket/4899
---
 freeipa.spec.in |   8 +
 install/configure.ac|   1 +
 install/share/Makefile.am   |   1 +
 install/share/csr/Makefile.am   |  27 +++
 install/share/csr/templates/certutil_base.tmpl  |  14 ++
 install/share/csr/templates/ipa_macros.tmpl |  42 
 install/share/csr/templates/openssl_base.tmpl   |  35 +++
 install/share/csr/templates/openssl_macros.tmpl |  29 +++
 ipaclient/plugins/certmapping.py| 105 +
 ipalib/certmapping.py   | 285 
 ipalib/errors.py|   9 +
 ipapython/templating.py |  31 +++
 12 files changed, 587 insertions(+)
 create mode 100644 install/share/csr/Makefile.am
 create mode 100644 install/share/csr/templates/certutil_base.tmpl
 create mode 100644 install/share/csr/templates/ipa_macros.tmpl
 create mode 100644 install/share/csr/templates/openssl_base.tmpl
 create mode 100644 install/share/csr/templates/openssl_macros.tmpl
 create mode 100644 ipaclient/plugins/certmapping.py
 create mode 100644 ipalib/certmapping.py
 create mode 100644 ipapython/templating.py

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e3ad5b6..ab8e8e6 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -507,6 +507,7 @@ Requires: python-custodia
 Requires: python-dns >= 1.11.1
 Requires: python-netifaces >= 0.10.4
 Requires: pyusb
+Requires: python-jinja2
 
 Conflicts: %{alt_name}-python < %{version}
 
@@ -1178,6 +1179,13 @@ fi
 %{_usr}/share/ipa/advise/legacy/*.template
 %dir %{_usr}/share/ipa/profiles
 %{_usr}/share/ipa/profiles/*.cfg
+%dir %{_usr}/share/ipa/csr
+%dir %{_usr}/share/ipa/csr/templates
+%{_usr}/share/ipa/csr/templates/*.tmpl
+%dir %{_usr}/share/ipa/csr/profiles
+%{_usr}/share/ipa/csr/profiles/*.json
+%dir %{_usr}/share/ipa/csr/rules
+%{_usr}/share/ipa/csr/rules/*.json
 %dir %{_usr}/share/ipa/ffextension
 %{_usr}/share/ipa/ffextension/bootstrap.js
 %{_usr}/share/ipa/ffextension/install.rdf
diff --git a/install/configure.ac b/install/configure.ac
index 81f17b9..365f0e9 100644
--- a/install/configure.ac
+++ b/install/configure.ac
@@ -87,6 +87,7 @@ AC_CONFIG_FILES([
 share/Makefile
 share/advise/Makefile
 share/advise/legacy/Makefile
+share/csr/Makefile
 share/profiles/Makefile
 share/schema.d/Makefile
 ui/Makefile
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index d8845ee..0a15635 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -2,6 +2,7 @@ NULL =
 
 SUBDIRS =  \
 	advise\
+	csr\
 	profiles			\
 	schema.d			\
 	$(NULL)
diff --git a/install/share/csr/Makefile.am b/install/share/csr/Makefile.am
new file mode 100644
index 000..5a8ef5c
--- /dev/null
+++ b/install/share/csr/Makefile.am
@@ -0,0 +1,27 @@
+NULL =
+
+profiledir = $(IPA_DATA_DIR)/csr/profiles
+profile_DATA =\
+	$(NULL)
+
+ruledir = $(IPA_DATA_DIR)/csr/rules
+rule_DATA =\
+	$(NULL)
+
+templatedir = $(IPA_DATA_DIR)/csr/templates
+template_DATA =			\
+	templates/certutil_base.tmpl	\
+	templates/openssl_base.tmpl	\
+	templates/openssl_macros.tmpl	\
+	templates/ipa_macros.tmpl	\
+	$(NULL)
+
+EXTRA_DIST =\
+	$(profile_DATA)			\
+	$(rule_DATA)			\
+	$(template_DATA)		\
+	$(NULL)
+
+MAINTAINERCLEANFILES =			\
+	*~\
+	Makefile.in
diff --git a/install/share/csr/templates/certutil_base.tmpl b/install/share/csr/templates/certutil_base.tmpl
new file mode 100644
index 000..6c6425f
--- /dev/null
+++ b/install/share/csr/templates/certutil_base.tmpl
@@ -0,0 +1,14 @@
+{% raw -%}
+{% import "ipa_macros.tmpl" as ipa -%}
+{%- endraw %}
+#!/bin/bash -e
+
+if [[ $# -lt 1 ]]; then
+echo "Usage: $0  [  ]"
+echo "Called as: $0 $@"
+exit 1
+fi
+
+CSR="$1"
+shift
+certutil -R -a -z <(head -c 4096 /dev/urandom) -o "$CSR" {{ options|join(' ') }} "$@"
diff --git a/install/share/csr/templates/ipa_macros.tmpl b/install/share/csr/templates/ipa_macros.tmpl
new file mode 100644
index 000..e790d4e
--- /dev/null
+++

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

2016-08-26 Thread LiptonB

LiptonB's pull request #10: "Client-side CSR autogeneration" was synchronize

See the full pull-request at https://github.com/freeipa/freeipa/pull/10
... or pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/10/head:pr10
git checkout pr10


freeipa-pr-10.patch
Description: application/text/diff
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

2016-08-26 Thread LiptonB

LiptonB's pull request #10: "Client-side CSR autogeneration" was synchronize

See the full pull-request at https://github.com/freeipa/freeipa/pull/10
... or pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/10/head:pr10
git checkout pr10


freeipa-pr-10.patch
Description: application/text/diff
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

[Freeipa-devel] [freeipa PR#10] Client-side CSR autogeneration (synchronize)

5 matches

Site Navigation

Mail list logo

Footer information