ipaserver.plugins.cert.certreq

class ipaserver.plugins.cert.certreq(api)[source]

Bases: ipaserver.plugins.cert.BaseCertObject

Public Data Attributes:

takes_params

Inherited from BaseCertObject

takes_params

Inherited from Object

backend_name

takes_params

json_friendly_attributes

Inherited from HasParam

NO_CLI

context

Inherited from Plugin

version

name

full_name

bases

doc

summary

api

Return API instance passed to __init__().

env

Backend

Command

Public Methods:

Inherited from Object

backend

methods

params

primary_key

params_minus_pk

params_minus(*names)

Yield all Param whose name is not in names.

get_dn(*args, **kwargs)

Construct an LDAP DN.

get_params()

This method gets called by HasParam._create_param_namespace().

__json__()

Inherited from Plugin

__init__(api)

finalize()

Finalize plugin initialization.

ensure_finalized()

Finalize plugin initialization if it has not yet been finalized.

__repr__()

Return 'module_name.class_name()' representation.

Inherited from ReadOnly

__lock__()

Put this instance into a read-only state.

__islocked__()

Return True if instance is locked, otherwise False.

__setattr__(name, value)

If unlocked, set attribute named name to value.

__delattr__(name)

If unlocked, delete attribute named name.

Private Data Attributes:

Inherited from ReadOnly

_ReadOnly__locked

Private Methods:

Inherited from BaseCertObject

_parse(obj[, full])

Extract certificate-specific data into a result object.

_add_san_attribute(obj, full, gn)

Inherited from Object

_on_finalize()

Do custom finalization.

_Object__get_attrs(name)

Inherited from HasParam

_get_param_iterable(name[, verb])

Return an iterable of params defined by the attribute named name.

_filter_param_by_context(name[, env])

Filter params on attribute named name by environment env.

_create_param_namespace(name[, env])

Inherited from Plugin

_Plugin__name_getter()

_Plugin__full_name_getter()

_Plugin__bases_getter()

_Plugin__doc_getter()

_Plugin__summary_getter()

_on_finalize()

Do custom finalization.


property Backend
property Command
NO_CLI = False
__annotations__ = {}
__delattr__(name)

If unlocked, delete attribute named name.

If this instance is locked, an AttributeError will be raised.

Parameters

name – Name of attribute to delete.

__dict__ = mappingproxy({'__module__': 'ipaserver.plugins.cert', 'takes_params': (Str('cacn?', autofill=True, cli_name='ca', default=u'ipa', doc=Gettext('Name of issuing CA', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Issuing CA', domain='ipa', localedir=None)), Certificate('certificate', doc=Gettext('Base-64 encoded certificate.', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Certificate', domain='ipa', localedir=None)), Bytes('certificate_chain*', doc=Gettext('X.509 certificate chain', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Certificate chain', domain='ipa', localedir=None)), DNParam('subject', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject', domain='ipa', localedir=None)), Str('san_rfc822name*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject email address', domain='ipa', localedir=None)), DNSNameParam('san_dnsname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject DNS name', domain='ipa', localedir=None)), Str('san_x400address*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject X.400 address', domain='ipa', localedir=None)), DNParam('san_directoryname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject directory name', domain='ipa', localedir=None)), Str('san_edipartyname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject EDI Party name', domain='ipa', localedir=None)), Str('san_uri*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject URI', domain='ipa', localedir=None)), Str('san_ipaddress*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject IP Address', domain='ipa', localedir=None)), Str('san_oid*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject OID', domain='ipa', localedir=None)), Principal('san_other_upn*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject UPN', domain='ipa', localedir=None)), Principal('san_other_kpn*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject Kerberos principal name', domain='ipa', localedir=None)), Str('san_other*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject Other Name', domain='ipa', localedir=None)), DNParam('issuer', doc=Gettext('Issuer DN', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Issuer', domain='ipa', localedir=None)), DateTime('valid_not_before', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Not Before', domain='ipa', localedir=None)), DateTime('valid_not_after', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Not After', domain='ipa', localedir=None)), Str('sha1_fingerprint', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Fingerprint (SHA1)', domain='ipa', localedir=None)), Str('sha256_fingerprint', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Fingerprint (SHA256)', domain='ipa', localedir=None)), SerialNumber('serial_number', doc=Gettext('Serial number in decimal or if prefixed with 0x in hexadecimal', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number), Str('serial_number_hex', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Serial number (hex)', domain='ipa', localedir=None)), Str('request_type', autofill=True, default=u'pkcs10', flags=[u'no_update', u'no_search', u'no_option']), Str('profile_id?', validate_profile_id, doc=Gettext('Certificate Profile to use', domain='ipa', localedir=None), flags=[u'no_update', u'no_search'], label=Gettext('Profile ID', domain='ipa', localedir=None)), Str('cert_request_status', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Request status', domain='ipa', localedir=None)), Str('request_id', flags=[u'no_update', u'no_create', u'no_search', u'no_output'], label=Gettext('Request id', domain='ipa', localedir=None), primary_key=True)), '__doc__': None, '__annotations__': {}})
__init__(api)
__islocked__()

Return True if instance is locked, otherwise False.

__json__()
__lock__()

Put this instance into a read-only state.

After the instance has been locked, attempting to set or delete an attribute will raise an AttributeError.

__module__ = 'ipaserver.plugins.cert'
__repr__()

Return ‘module_name.class_name()’ representation.

This representation could be used to instantiate this Plugin instance given the appropriate environment.

__setattr__(name, value)

If unlocked, set attribute named name to value.

If this instance is locked, an AttributeError will be raised.

Parameters
  • name – Name of attribute to set.

  • value – Value to assign to attribute.

__weakref__

list of weak references to the object (if defined)

_add_san_attribute(obj, full, gn)
_create_param_namespace(name, env=None)
_filter_param_by_context(name, env=None)

Filter params on attribute named name by environment env.

For example:

>>> from ipalib.config import Env
>>> class Example(HasParam):
...
...     takes_args = (
...         Str('foo_only', include=['foo']),
...         Str('not_bar', exclude=['bar']),
...         'both',
...     )
...
...     def get_args(self):
...         return self._get_param_iterable('args')
...
...
>>> eg = Example()
>>> foo = Env(context='foo')
>>> bar = Env(context='bar')
>>> another = Env(context='another')
>>> (foo.context, bar.context, another.context)
(u'foo', u'bar', u'another')
>>> list(eg._filter_param_by_context('args', foo))
[Str('foo_only', include=['foo']), Str('not_bar', exclude=['bar']), Str('both')]
>>> list(eg._filter_param_by_context('args', bar))
[Str('both')]
>>> list(eg._filter_param_by_context('args', another))
[Str('not_bar', exclude=['bar']), Str('both')]
_get_param_iterable(name, verb='takes')

Return an iterable of params defined by the attribute named name.

A sequence of params can be defined one of three ways: as a tuple; as a callable that returns an iterable; or as a param spec (a Param or str instance). This method returns a uniform iterable regardless of how the param sequence was defined.

For example, when defined with a tuple:

>>> class ByTuple(HasParam):
...     takes_args = (Param('foo'), Param('bar'))
...
>>> by_tuple = ByTuple()
>>> list(by_tuple._get_param_iterable('args'))
[Param('foo'), Param('bar')]

Or you can define your param sequence with a callable when you need to reference attributes on your plugin instance (for validation rules, etc.). For example:

>>> class ByCallable(HasParam):
...     def takes_args(self):
...         yield Param('foo', self.validate_foo)
...         yield Param('bar', self.validate_bar)
...
...     def validate_foo(self, _, value, **kw):
...         if value != 'Foo':
...             return _("must be 'Foo'")
...
...     def validate_bar(self, _, value, **kw):
...         if value != 'Bar':
...             return _("must be 'Bar'")
...
>>> by_callable = ByCallable()
>>> list(by_callable._get_param_iterable('args'))
[Param('foo', validate_foo), Param('bar', validate_bar)]

Lastly, as a convenience for when a param sequence contains a single param, your defining attribute may a param spec (either a Param or an str instance). For example:

>>> class BySpec(HasParam):
...     takes_args = Param('foo')
...     takes_options = 'bar?'
...
>>> by_spec = BySpec()
>>> list(by_spec._get_param_iterable('args'))
[Param('foo')]
>>> list(by_spec._get_param_iterable('options'))
['bar?']

For information on how an str param spec is interpreted, see the create_param() and parse_param_spec() functions in the ipalib.parameters module.

Also see HasParam._filter_param_by_context().

_on_finalize()

Do custom finalization.

This method is called from finalize(). Subclasses can override this method in order to add custom finalization.

_parse(obj, full=True)

Extract certificate-specific data into a result object.

obj

Result object containing certificate, into which extracted data will be inserted.

full

Whether to include all fields, or only the ones we guess people want to see most of the time. Also add recognised otherNames to the generic san_other attribute when True in addition to the specialised attribute.

Raise ValueError if the certificate is malformed. (Note: only the main certificate structure and Subject Alt Name extension are examined.)

property api

Return API instance passed to __init__().

backend = None
backend_name = None
bases = (<class 'ipaserver.plugins.cert.BaseCertObject'>,)
property context
doc = None
ensure_finalized()

Finalize plugin initialization if it has not yet been finalized.

property env
finalize()

Finalize plugin initialization.

This method calls _on_finalize() and locks the plugin object.

Subclasses should not override this method. Custom finalization is done in _on_finalize().

class finalize_attr(name, value=None)

Bases: object

Create a stub object for plugin attribute that isn’t set until the finalization of the plugin initialization.

When the stub object is accessed, it calls ensure_finalized() to make sure the plugin initialization is finalized. The stub object is expected to be replaced with the actual attribute value during the finalization (preferably in _on_finalize()), otherwise an AttributeError is raised.

This is used to implement on-demand finalization of plugin initialization.

__annotations__ = {}
__get__(obj, cls)
__init__(name, value=None)
__module__ = 'ipalib.plugable'
__slots__ = ('name', 'value')
name
value
full_name = 'certreq/1'
get_dn(*args, **kwargs)

Construct an LDAP DN.

get_params()

This method gets called by HasParam._create_param_namespace().

json_friendly_attributes = ('name', 'takes_params')
methods = None
name = 'certreq'
params = None
params_minus(*names)

Yield all Param whose name is not in names.

params_minus_pk = None
primary_key = None
summary = '<ipaserver.plugins.cert.certreq>'
takes_params = (Str('cacn?', autofill=True, cli_name='ca', default=u'ipa', doc=Gettext('Name of issuing CA', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Issuing CA', domain='ipa', localedir=None)), Certificate('certificate', doc=Gettext('Base-64 encoded certificate.', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Certificate', domain='ipa', localedir=None)), Bytes('certificate_chain*', doc=Gettext('X.509 certificate chain', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Certificate chain', domain='ipa', localedir=None)), DNParam('subject', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject', domain='ipa', localedir=None)), Str('san_rfc822name*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject email address', domain='ipa', localedir=None)), DNSNameParam('san_dnsname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject DNS name', domain='ipa', localedir=None)), Str('san_x400address*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject X.400 address', domain='ipa', localedir=None)), DNParam('san_directoryname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject directory name', domain='ipa', localedir=None)), Str('san_edipartyname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject EDI Party name', domain='ipa', localedir=None)), Str('san_uri*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject URI', domain='ipa', localedir=None)), Str('san_ipaddress*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject IP Address', domain='ipa', localedir=None)), Str('san_oid*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject OID', domain='ipa', localedir=None)), Principal('san_other_upn*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject UPN', domain='ipa', localedir=None)), Principal('san_other_kpn*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject Kerberos principal name', domain='ipa', localedir=None)), Str('san_other*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject Other Name', domain='ipa', localedir=None)), DNParam('issuer', doc=Gettext('Issuer DN', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Issuer', domain='ipa', localedir=None)), DateTime('valid_not_before', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Not Before', domain='ipa', localedir=None)), DateTime('valid_not_after', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Not After', domain='ipa', localedir=None)), Str('sha1_fingerprint', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Fingerprint (SHA1)', domain='ipa', localedir=None)), Str('sha256_fingerprint', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Fingerprint (SHA256)', domain='ipa', localedir=None)), SerialNumber('serial_number', doc=Gettext('Serial number in decimal or if prefixed with 0x in hexadecimal', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number), Str('serial_number_hex', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Serial number (hex)', domain='ipa', localedir=None)), Str('request_type', autofill=True, default=u'pkcs10', flags=[u'no_update', u'no_search', u'no_option']), Str('profile_id?', validate_profile_id, doc=Gettext('Certificate Profile to use', domain='ipa', localedir=None), flags=[u'no_update', u'no_search'], label=Gettext('Profile ID', domain='ipa', localedir=None)), Str('cert_request_status', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Request status', domain='ipa', localedir=None)), Str('request_id', flags=[u'no_update', u'no_create', u'no_search', u'no_output'], label=Gettext('Request id', domain='ipa', localedir=None), primary_key=True))
version = '1'