ipaserver.plugins.cert.BaseCertObject¶
- class ipaserver.plugins.cert.BaseCertObject(api)[source]¶
Bases:
ipalib.frontend.Object
Public Data Attributes:
Inherited from
Object
Public Methods:
Inherited from
Object
params_minus
(*names)Yield all Param whose name is not in
names
.get_dn
(*args, **kwargs)Construct an LDAP DN.
This method gets called by HasParam._create_param_namespace().
__json__
()Inherited from
Plugin
__init__
(api)finalize
()Finalize plugin initialization.
Finalize plugin initialization if it has not yet been finalized.
__repr__
()Return 'module_name.class_name()' representation.
Inherited from
ReadOnly
__lock__
()Put this instance into a read-only state.
Return True if instance is locked, otherwise False.
__setattr__
(name, value)If unlocked, set attribute named
name
tovalue
.__delattr__
(name)If unlocked, delete attribute named
name
.Private Data Attributes:
Inherited from
ReadOnly
_ReadOnly__locked
Private Methods:
_parse
(obj[, full])Extract certificate-specific data into a result object.
_add_san_attribute
(obj, full, gn)Inherited from
Object
Do custom finalization.
_Object__get_attrs
(name)Inherited from
HasParam
_get_param_iterable
(name[, verb])Return an iterable of params defined by the attribute named
name
._filter_param_by_context
(name[, env])Filter params on attribute named
name
by environmentenv
._create_param_namespace
(name[, env])Inherited from
Plugin
_Plugin__name_getter
()_Plugin__full_name_getter
()_Plugin__bases_getter
()_Plugin__doc_getter
()_Plugin__summary_getter
()Do custom finalization.
- property Backend¶
- property Command¶
- NO_CLI = False¶
- __annotations__ = {}¶
- __delattr__(name)¶
If unlocked, delete attribute named
name
.If this instance is locked, an AttributeError will be raised.
- Parameters
name – Name of attribute to delete.
- __dict__ = mappingproxy({'__module__': 'ipaserver.plugins.cert', 'takes_params': (Str('cacn?', autofill=True, cli_name='ca', default=u'ipa', doc=Gettext('Name of issuing CA', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Issuing CA', domain='ipa', localedir=None)), Certificate('certificate', doc=Gettext('Base-64 encoded certificate.', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Certificate', domain='ipa', localedir=None)), Bytes('certificate_chain*', doc=Gettext('X.509 certificate chain', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Certificate chain', domain='ipa', localedir=None)), DNParam('subject', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject', domain='ipa', localedir=None)), Str('san_rfc822name*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject email address', domain='ipa', localedir=None)), DNSNameParam('san_dnsname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject DNS name', domain='ipa', localedir=None)), Str('san_x400address*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject X.400 address', domain='ipa', localedir=None)), DNParam('san_directoryname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject directory name', domain='ipa', localedir=None)), Str('san_edipartyname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject EDI Party name', domain='ipa', localedir=None)), Str('san_uri*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject URI', domain='ipa', localedir=None)), Str('san_ipaddress*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject IP Address', domain='ipa', localedir=None)), Str('san_oid*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject OID', domain='ipa', localedir=None)), Principal('san_other_upn*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject UPN', domain='ipa', localedir=None)), Principal('san_other_kpn*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject Kerberos principal name', domain='ipa', localedir=None)), Str('san_other*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject Other Name', domain='ipa', localedir=None)), DNParam('issuer', doc=Gettext('Issuer DN', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Issuer', domain='ipa', localedir=None)), DateTime('valid_not_before', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Not Before', domain='ipa', localedir=None)), DateTime('valid_not_after', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Not After', domain='ipa', localedir=None)), Str('sha1_fingerprint', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Fingerprint (SHA1)', domain='ipa', localedir=None)), Str('sha256_fingerprint', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Fingerprint (SHA256)', domain='ipa', localedir=None)), SerialNumber('serial_number', doc=Gettext('Serial number in decimal or if prefixed with 0x in hexadecimal', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number), Str('serial_number_hex', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Serial number (hex)', domain='ipa', localedir=None))), '_parse': <function BaseCertObject._parse>, '_add_san_attribute': <function BaseCertObject._add_san_attribute>, '__doc__': None, '__annotations__': {}})¶
- __init__(api)¶
- __islocked__()¶
Return True if instance is locked, otherwise False.
- __json__()¶
- __lock__()¶
Put this instance into a read-only state.
After the instance has been locked, attempting to set or delete an attribute will raise an AttributeError.
- __module__ = 'ipaserver.plugins.cert'¶
- __repr__()¶
Return ‘module_name.class_name()’ representation.
This representation could be used to instantiate this Plugin instance given the appropriate environment.
- __setattr__(name, value)¶
If unlocked, set attribute named
name
tovalue
.If this instance is locked, an AttributeError will be raised.
- Parameters
name – Name of attribute to set.
value – Value to assign to attribute.
- __weakref__¶
list of weak references to the object (if defined)
- _create_param_namespace(name, env=None)¶
- _filter_param_by_context(name, env=None)¶
Filter params on attribute named
name
by environmentenv
.For example:
>>> from ipalib.config import Env >>> class Example(HasParam): ... ... takes_args = ( ... Str('foo_only', include=['foo']), ... Str('not_bar', exclude=['bar']), ... 'both', ... ) ... ... def get_args(self): ... return self._get_param_iterable('args') ... ... >>> eg = Example() >>> foo = Env(context='foo') >>> bar = Env(context='bar') >>> another = Env(context='another') >>> (foo.context, bar.context, another.context) (u'foo', u'bar', u'another') >>> list(eg._filter_param_by_context('args', foo)) [Str('foo_only', include=['foo']), Str('not_bar', exclude=['bar']), Str('both')] >>> list(eg._filter_param_by_context('args', bar)) [Str('both')] >>> list(eg._filter_param_by_context('args', another)) [Str('not_bar', exclude=['bar']), Str('both')]
- _get_param_iterable(name, verb='takes')¶
Return an iterable of params defined by the attribute named
name
.A sequence of params can be defined one of three ways: as a
tuple
; as a callable that returns an iterable; or as a param spec (a Param orstr
instance). This method returns a uniform iterable regardless of how the param sequence was defined.For example, when defined with a tuple:
>>> class ByTuple(HasParam): ... takes_args = (Param('foo'), Param('bar')) ... >>> by_tuple = ByTuple() >>> list(by_tuple._get_param_iterable('args')) [Param('foo'), Param('bar')]
Or you can define your param sequence with a callable when you need to reference attributes on your plugin instance (for validation rules, etc.). For example:
>>> class ByCallable(HasParam): ... def takes_args(self): ... yield Param('foo', self.validate_foo) ... yield Param('bar', self.validate_bar) ... ... def validate_foo(self, _, value, **kw): ... if value != 'Foo': ... return _("must be 'Foo'") ... ... def validate_bar(self, _, value, **kw): ... if value != 'Bar': ... return _("must be 'Bar'") ... >>> by_callable = ByCallable() >>> list(by_callable._get_param_iterable('args')) [Param('foo', validate_foo), Param('bar', validate_bar)]
Lastly, as a convenience for when a param sequence contains a single param, your defining attribute may a param spec (either a Param or an
str
instance). For example:>>> class BySpec(HasParam): ... takes_args = Param('foo') ... takes_options = 'bar?' ... >>> by_spec = BySpec() >>> list(by_spec._get_param_iterable('args')) [Param('foo')] >>> list(by_spec._get_param_iterable('options')) ['bar?']
For information on how an
str
param spec is interpreted, see the create_param() and parse_param_spec() functions in the ipalib.parameters module.Also see HasParam._filter_param_by_context().
- _on_finalize()¶
Do custom finalization.
This method is called from finalize(). Subclasses can override this method in order to add custom finalization.
- _parse(obj, full=True)[source]¶
Extract certificate-specific data into a result object.
obj
Result object containing certificate, into which extracted data will be inserted.
full
Whether to include all fields, or only the ones we guess people want to see most of the time. Also add recognised otherNames to the generic
san_other
attribute whenTrue
in addition to the specialised attribute.
Raise
ValueError
if the certificate is malformed. (Note: only the main certificate structure and Subject Alt Name extension are examined.)
- property api¶
Return API instance passed to __init__().
- backend = None¶
- backend_name = None¶
- bases = (<class 'ipalib.frontend.Object'>,)¶
- property context¶
- doc = None¶
- ensure_finalized()¶
Finalize plugin initialization if it has not yet been finalized.
- property env¶
- finalize()¶
Finalize plugin initialization.
This method calls _on_finalize() and locks the plugin object.
Subclasses should not override this method. Custom finalization is done in _on_finalize().
- class finalize_attr(name, value=None)¶
Bases:
object
Create a stub object for plugin attribute that isn’t set until the finalization of the plugin initialization.
When the stub object is accessed, it calls ensure_finalized() to make sure the plugin initialization is finalized. The stub object is expected to be replaced with the actual attribute value during the finalization (preferably in _on_finalize()), otherwise an AttributeError is raised.
This is used to implement on-demand finalization of plugin initialization.
- __annotations__ = {}¶
- __get__(obj, cls)¶
- __init__(name, value=None)¶
- __module__ = 'ipalib.plugable'¶
- __slots__ = ('name', 'value')¶
- name¶
- value¶
- full_name = 'BaseCertObject/1'¶
- get_dn(*args, **kwargs)¶
Construct an LDAP DN.
- get_params()¶
This method gets called by HasParam._create_param_namespace().
- json_friendly_attributes = ('name', 'takes_params')¶
- methods = None¶
- name = 'BaseCertObject'¶
- params = None¶
- params_minus(*names)¶
Yield all Param whose name is not in
names
.
- params_minus_pk = None¶
- primary_key = None¶
- summary = '<ipaserver.plugins.cert.BaseCertObject>'¶
- takes_params = (Str('cacn?', autofill=True, cli_name='ca', default=u'ipa', doc=Gettext('Name of issuing CA', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Issuing CA', domain='ipa', localedir=None)), Certificate('certificate', doc=Gettext('Base-64 encoded certificate.', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Certificate', domain='ipa', localedir=None)), Bytes('certificate_chain*', doc=Gettext('X.509 certificate chain', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Certificate chain', domain='ipa', localedir=None)), DNParam('subject', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject', domain='ipa', localedir=None)), Str('san_rfc822name*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject email address', domain='ipa', localedir=None)), DNSNameParam('san_dnsname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject DNS name', domain='ipa', localedir=None)), Str('san_x400address*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject X.400 address', domain='ipa', localedir=None)), DNParam('san_directoryname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject directory name', domain='ipa', localedir=None)), Str('san_edipartyname*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject EDI Party name', domain='ipa', localedir=None)), Str('san_uri*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject URI', domain='ipa', localedir=None)), Str('san_ipaddress*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject IP Address', domain='ipa', localedir=None)), Str('san_oid*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject OID', domain='ipa', localedir=None)), Principal('san_other_upn*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject UPN', domain='ipa', localedir=None)), Principal('san_other_kpn*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject Kerberos principal name', domain='ipa', localedir=None)), Str('san_other*', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Subject Other Name', domain='ipa', localedir=None)), DNParam('issuer', doc=Gettext('Issuer DN', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Issuer', domain='ipa', localedir=None)), DateTime('valid_not_before', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Not Before', domain='ipa', localedir=None)), DateTime('valid_not_after', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Not After', domain='ipa', localedir=None)), Str('sha1_fingerprint', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Fingerprint (SHA1)', domain='ipa', localedir=None)), Str('sha256_fingerprint', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Fingerprint (SHA256)', domain='ipa', localedir=None)), SerialNumber('serial_number', doc=Gettext('Serial number in decimal or if prefixed with 0x in hexadecimal', domain='ipa', localedir=None), flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Serial number', domain='ipa', localedir=None), normalizer=normalize_serial_number), Str('serial_number_hex', flags=[u'no_update', u'no_create', u'no_search'], label=Gettext('Serial number (hex)', domain='ipa', localedir=None)))¶
- version = '1'¶