Author: mcalmer
Date: Thu Jan 14 12:53:46 2010
New Revision: 60358
URL: http://svn.opensuse.org/viewcvs/yast?rev=60358&view=rev
Log:
implement export certificate key to file (fate#305490)
Modified:
trunk/ca-management/src/YaPI/CaManagement.pm
trunk/ca-management/src/new_cert_read_write.ycp
trunk/ca-management/src/util.ycp
Modified: trunk/ca-management/src/YaPI/CaManagement.pm
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/YaPI/CaManagement.pm?rev=60358&r1=60357&r2=60358&view=diff
==============================================================================
--- trunk/ca-management/src/YaPI/CaManagement.pm (original)
+++ trunk/ca-management/src/YaPI/CaManagement.pm Thu Jan 14 12:53:46 2010
@@ -14,21 +14,21 @@
# my $comp = new LIMAL::StringArray();
# $comp->push_back("*");
-
+
# my $cat = new LIMAL::StringArray();
# $cat->push_back("FATAL");
# $cat->push_back("ERROR");
# $cat->push_back("INFO");
-
+
# my $logref = LIMAL::Logger::createFileLogger("YaPI::CaManagement", $comp, $cat,
- # "[%d] %p %c %l - %m",
+ # "[%d] %p %c %l - %m",
# "/var/log/YaST2/limal-ca-mgm.log",
# 2048, 2);
# LIMAL::Logger::setDefaultLogger($logref);
#};
# ignore errors here; If we run as none root this happens
-
+
}
@@ -78,7 +78,7 @@
$name = AddRequest($valueMap)
create a request for a special CA and returns the name
-
+
$name = IssueCertificate($valueMap)
issue a certificate and returns the name of the new certificate
@@ -98,7 +98,7 @@
$cert = ReadCertificate($valueMap)
returns a certificate as plain text or parsed map
-
+
$bool = RevokeCertificate($valueMap)
revoke a certificate
@@ -204,7 +204,7 @@
=head1 COMMON PARAMETER
-Here is a list of common parameter which are often
+Here is a list of common parameter which are often
used in I<$valueMap>
=over 2
@@ -223,12 +223,12 @@
newCaName <directory Name>
=item *
-request => <filename>
+request => <filename>
(without suffix)
=item *
-certificate => <filename>
+certificate => <filename>
(without suffix)
@@ -239,7 +239,7 @@
caPasswd => <string>
=item *
-commonName => <String>
+commonName => <String>
(ascii)
@@ -278,9 +278,9 @@
=item *
crlReason => <value>
- allowed values are:
+ allowed values are:
- unspecified, keyCompromise, CACompromise, affiliationChanged,
+ unspecified, keyCompromise, CACompromise, affiliationChanged,
superseded, cessationOfOperation, certificateHold
=back
@@ -310,7 +310,7 @@
allowed values are:
- digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment,
+ digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment,
keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly
=item *
@@ -332,7 +332,7 @@
allowed values are:
- email:<email-address>, URI:<URL>, DNS:,
+ email:<email-address>, URI:<URL>, DNS:,
RID:, IP:, email:copy
=item *
@@ -340,7 +340,7 @@
allowed values are:
- email:<email-address>, URI:<URL>, DNS:,
+ email:<email-address>, URI:<URL>, DNS:,
RID:, IP:, issuer:copy
=item *
@@ -366,8 +366,8 @@
allowed values are:
- serverAuth, clientAuth, codeSigning, emailProtection, timeStamping,
- msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC,
+ serverAuth, clientAuth, codeSigning, emailProtection, timeStamping,
+ msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC,
a list of explanation:
@@ -389,7 +389,7 @@
accessOID can be: OCSP, caIssuers or a
- location can be: email:<email-address>, URI:<URL>, DNS:,
+ location can be: email:<email-address>, URI:<URL>, DNS:,
RID:, IP:
=item *
@@ -465,7 +465,7 @@
if(defined $repository) {
$list = LIMAL::CaMgm::CA::getCAList($repository);
-
+
} else {
$list = LIMAL::CaMgm::CA::getCAList();
@@ -478,7 +478,7 @@
}
};
if($@) {
- return $self->SetError( summary => __("Cannot read CA list."),
+ return $self->SetError( summary => __("Cannot read CA list."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
@@ -488,12 +488,12 @@
=item *
C<$caList = ReadCATree()>
-Returns a list of lists of the available CAs
+Returns a list of lists of the available CAs
containing the issuer caName.
* $caList->[$x]->[0] is the caName
-* $caList->[$x]->[1] is the issuer caName
+* $caList->[$x]->[1] is the issuer caName
If the issuer caName is empty caName is a root CA.
The list is sorted by the first element.
@@ -521,9 +521,9 @@
my $tree = undef;
if(defined $repository) {
-
+
$tree = LIMAL::CaMgm::CA::getCATree($repository);
-
+
} else {
$tree = LIMAL::CaMgm::CA::getCATree();
@@ -539,7 +539,7 @@
}
};
if($@) {
- return $self->SetError( summary => __("Cannot read CA tree."),
+ return $self->SetError( summary => __("Cannot read CA tree."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
@@ -615,7 +615,7 @@
* crlDistributionPoints
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
EXAMPLE:
@@ -634,7 +634,7 @@
my $res = YaPI::CaManagement->AddRootCA($data);
if( not defined $res ) {
- # error
+ # error
} else {
print "OK\n";
}
@@ -687,21 +687,21 @@
}
my $rgd = undef;
eval {
-
+
if( defined $data->{'repository'}) {
-
+
$rgd = LIMAL::CaMgm::CA::getRootCARequestDefaults($data->{'repository'});
-
+
} else {
-
+
$rgd = LIMAL::CaMgm::CA::getRootCARequestDefaults();
-
+
}
my $dnl = $rgd->getSubjectDN()->getDN();
my @DN_Values = ('countryName', 'stateOrProvinceName', 'localityName',
'organizationName', 'organizationalUnitName',
'commonName', 'emailAddress');
-
+
for(my $dnit = $dnl->begin();
!$dnl->iterator_equal($dnit, $dnl->end());
$dnl->iterator_incr($dnit))
@@ -711,7 +711,7 @@
if($dnl->iterator_value($dnit)->getType() =~ /^$v$/i) {
if(defined $data->{$v}) {
-
+
$dnl->iterator_value($dnit)->setRDNValue($data->{$v});
} else {
@@ -749,7 +749,7 @@
my $exts = $rgd->getExtensions();
- my $e = YaST::caUtils->transformBasicConstaints($exts,
+ my $e = YaST::caUtils->transformBasicConstaints($exts,
$data->{'basicConstraints'});
if(!defined $e) {
return undef;
@@ -759,24 +759,24 @@
};
if($@) {
-
+
return $self->SetError( summary => __("Modifying RequestGenerationData failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
-
-
+
+
my $cid = undef;
eval {
if( defined $data->{'repository'}) {
-
+
$cid = LIMAL::CaMgm::CA::getRootCAIssueDefaults($data->{'repository'});
-
+
} else {
-
+
$cid = LIMAL::CaMgm::CA::getRootCAIssueDefaults();
-
+
}
my $start = time();
@@ -785,56 +785,56 @@
$cid->setCertifyPeriode($start, $end);
my $exts = $cid->getExtensions();
-
- my $e = YaST::caUtils->transformBasicConstaints($exts,
+
+ my $e = YaST::caUtils->transformBasicConstaints($exts,
$data->{'basicConstraints'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsComment",
$data->{'nsComment'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsBaseUrl",
$data->{'nsBaseUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsRevocationUrl",
$data->{'nsRevocationUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsCaRevocationUrl",
$data->{'nsCaRevocationUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsRenewalUrl",
$data->{'nsRenewalUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsSslServerName",
$data->{'nsSslServerName'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsCaPolicyUrl",
$data->{'nsCaPolicyUrl'});
if(!defined $e) {
@@ -908,10 +908,10 @@
eval {
if( defined $data->{'repository'}) {
-
+
LIMAL::CaMgm::CA::createRootCA($data->{'caName'},
$data->{'keyPasswd'},
- $rgd, $cid,
+ $rgd, $cid,
$data->{'repository'});
} else {
@@ -987,11 +987,11 @@
* DN
-I<DN> is a hash which contains some values of the
+I<DN> is a hash which contains some values of the
subject of the CA Certificate (if caName is defined)
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
EXAMPLE:
@@ -1002,7 +1002,7 @@
'caName' => 'My_CA',
'certType' => 'client'
}
- $certValueMap = YaPI::CaManagement->ReadCertificateDefaults($data)
+ $certValueMap = YaPI::CaManagement->ReadCertificateDefaults($data)
if( not defined $certValueMap ) {
# error
} else {
@@ -1012,7 +1012,7 @@
=cut
BEGIN { $TYPEINFO{ReadCertificateDefaults} = [
- "function",
+ "function",
["map", "string", "any"],
["map", "string", "any"]
]; }
@@ -1029,7 +1029,7 @@
if (defined $data->{"caName"}) {
$caName = $data->{"caName"};
- }
+ }
if (defined $data->{"certType"}) {
$certType = $data->{"certType"};
} else {
@@ -1057,11 +1057,11 @@
'authorityInfoAccess' => undef,
'crlDistributionPoints' => undef
};
-
+
my $ca = undef;
my $rgd = undef;
my $cid = undef;
-
+
my $rType = 0;
my $cType = 0;
@@ -1079,16 +1079,16 @@
}
if(defined $data->{'caName'} && $data->{'caName'} ne "") {
-
+
if(defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'});
-
+
}
$rgd = $ca->getRequestDefaults($rType);
@@ -1097,15 +1097,15 @@
} else {
if( defined $data->{'repository'}) {
-
+
$rgd = LIMAL::CaMgm::CA::getRootCARequestDefaults($data->{'repository'});
$cid = LIMAL::CaMgm::CA::getRootCAIssueDefaults($data->{'repository'});
-
+
} else {
-
+
$rgd = LIMAL::CaMgm::CA::getRootCARequestDefaults();
$cid = LIMAL::CaMgm::CA::getRootCAIssueDefaults();
-
+
}
}
@@ -1118,19 +1118,19 @@
return undef;
}
- $e = YaST::caUtils->extractStringExtension($cext->getNsComment(),
+ $e = YaST::caUtils->extractStringExtension($cext->getNsComment(),
"nsComment", $ret);
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->extractStringExtension($cext->getNsBaseUrl(),
+ $e = YaST::caUtils->extractStringExtension($cext->getNsBaseUrl(),
"nsBaseUrl", $ret);
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->extractStringExtension($cext->getNsRevocationUrl(),
+ $e = YaST::caUtils->extractStringExtension($cext->getNsRevocationUrl(),
"nsRevocationUrl", $ret);
if(!defined $e) {
return undef;
@@ -1148,13 +1148,13 @@
return undef;
}
- $e = YaST::caUtils->extractStringExtension($cext->getNsSslServerName(),
+ $e = YaST::caUtils->extractStringExtension($cext->getNsSslServerName(),
"nsSslServerName", $ret);
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->extractStringExtension($cext->getNsCaPolicyUrl(),
+ $e = YaST::caUtils->extractStringExtension($cext->getNsCaPolicyUrl(),
"nsCaPolicyUrl", $ret);
if(!defined $e) {
return undef;
@@ -1221,7 +1221,7 @@
for(my $it = $list->begin();
!$list->iterator_equal($it, $list->end());
- $list->iterator_incr($it))
+ $list->iterator_incr($it))
{
my $type = $list->iterator_value($it)->getType();
my $value = $list->iterator_value($it)->getValue();
@@ -1299,7 +1299,7 @@
* keyLength
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error and "1" on success.
@@ -1332,7 +1332,7 @@
if (not defined YaST::caUtils->checkCommonValues($data)) {
return $self->SetError(%{YaST::caUtils->Error()});
}
-
+
# checking requires
if (!defined $data->{"caName"}) {
# parameter check failed
@@ -1340,7 +1340,7 @@
code => "CHECK_PARAM_FAILED");
}
$caName = $data->{"caName"};
-
+
if(! defined $data->{"certType"}) {
# parameter check failed
return $self->SetError( summary => __("Missing value 'certType'."),
@@ -1352,8 +1352,8 @@
eval {
if( defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{"caName"},
+
+ $ca = new LIMAL::CaMgm::CA($data->{"caName"},
$data->{'caPasswd'},
$data->{"repository"});
} else {
@@ -1363,7 +1363,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Initializing the CA failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -1394,58 +1394,58 @@
$cid->setCertifyPeriode($start, $end);
}
-
+
my $exts = $cid->getExtensions();
-
- my $e = YaST::caUtils->transformBasicConstaints($exts,
+
+ my $e = YaST::caUtils->transformBasicConstaints($exts,
$data->{'basicConstraints'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsComment",
$data->{'nsComment'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsBaseUrl",
$data->{'nsBaseUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsRevocationUrl",
$data->{'nsRevocationUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsCaRevocationUrl",
$data->{'nsCaRevocationUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsRenewalUrl",
$data->{'nsRenewalUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsSslServerName",
$data->{'nsSslServerName'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsCaPolicyUrl",
$data->{'nsCaPolicyUrl'});
if(!defined $e) {
@@ -1518,7 +1518,7 @@
my $rgd = undef;
eval {
-
+
$rgd = $ca->getRequestDefaults($rtype);
if( defined $data->{"keyLength"}) {
@@ -1528,20 +1528,20 @@
my $exts = $rgd->getExtensions();
- my $e = YaST::caUtils->transformBasicConstaints($exts,
+ my $e = YaST::caUtils->transformBasicConstaints($exts,
$data->{'basicConstraints'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsComment",
$data->{'nsComment'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsSslServerName",
$data->{'nsSslServerName'});
if(!defined $e) {
@@ -1582,7 +1582,7 @@
};
if($@) {
-
+
return $self->SetError( summary => __("Modifying RequestGenerationData failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -1613,12 +1613,12 @@
y2error($Varray->getitem($i));
}
}
-
+
return $self->SetError( summary => __("Writing the defaults failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
-
+
return 1;
}
@@ -1679,8 +1679,8 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{"caName"};
-
- if (! defined $data->{"type"} ||
+
+ if (! defined $data->{"type"} ||
!grep( ( $_ eq $data->{"type"}), ("parsed", "plain", "extended"))) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'type'."),
@@ -1691,22 +1691,22 @@
my $ca = undef;
eval {
if(defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
-
+
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'});
-
+
}
my $cert = $ca->getCA();
if ($type eq "parsed" || $type eq "extended") {
-
+
$ret = YaST::caUtils->getParsed($cert);
my $repos = "$CAM_ROOT";
if(defined $data->{repository}) {
@@ -1725,10 +1725,10 @@
} else {
$ret = $cert->getCertificateAsText();
}
-
+
};
if($@) {
-
+
return $self->SetError( summary => __("Parsing the CA failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -1783,7 +1783,7 @@
* extendedKeyUsage
-The return value is "undef" on an error and the
+The return value is "undef" on an error and the
filename(without suffix) of the request on success.
The syntax of these values are explained in the
@@ -1806,7 +1806,7 @@
};
my $res = YaPI::CaManagement->AddRequest($data);
if( not defined $res ) {
- # error
+ # error
} else {
print "OK Name of the request is: '$res'\n";
}
@@ -1854,8 +1854,8 @@
eval {
if( defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{"caName"},
+
+ $ca = new LIMAL::CaMgm::CA($data->{"caName"},
$data->{'caPasswd'},
$data->{"repository"});
} else {
@@ -1865,7 +1865,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Initializing the CA failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -1873,14 +1873,14 @@
my $rgd = undef;
eval {
-
+
$rgd = $ca->getRequestDefaults($LIMAL::CaMgm::E_Client_Req);
-
+
my $dnl = $rgd->getSubjectDN()->getDN();
my @DN_Values = ('countryName', 'stateOrProvinceName', 'localityName',
'organizationName', 'organizationalUnitName',
'commonName', 'emailAddress');
-
+
for(my $dnit = $dnl->begin();
!$dnl->iterator_equal($dnit, $dnl->end());
$dnl->iterator_incr($dnit))
@@ -1890,7 +1890,7 @@
if($dnl->iterator_value($dnit)->getType() =~ /^$v$/i) {
if(defined $data->{$v}) {
-
+
$dnl->iterator_value($dnit)->setRDNValue($data->{$v});
} else {
@@ -1928,20 +1928,20 @@
my $exts = $rgd->getExtensions();
- my $e = YaST::caUtils->transformBasicConstaints($exts,
+ my $e = YaST::caUtils->transformBasicConstaints($exts,
$data->{'basicConstraints'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsComment",
$data->{'nsComment'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsSslServerName",
$data->{'nsSslServerName'});
if(!defined $e) {
@@ -1982,7 +1982,7 @@
};
if($@) {
-
+
return $self->SetError( summary => __("Modifying RequestGenerationData failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -1996,7 +1996,7 @@
};
if($@) {
-
+
return $self->SetError( summary => __("Creating request failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -2010,7 +2010,7 @@
Issue a certificate and returns the name of the new certificate.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -2056,10 +2056,10 @@
* crlDistributionPoints
-The return value is "undef" on an error and the
+The return value is "undef" on an error and the
filename(without suffix) of the certificate on success.
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
EXAMPLE:
@@ -2134,7 +2134,7 @@
eval {
if( defined $data->{'repository'}) {
-
+
$ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'},
$data->{"repository"});
} else {
@@ -2144,7 +2144,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Initializing the CA failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -2170,56 +2170,56 @@
$cid->setCertifyPeriode($start, $end);
my $exts = $cid->getExtensions();
-
- my $e = YaST::caUtils->transformBasicConstaints($exts,
+
+ my $e = YaST::caUtils->transformBasicConstaints($exts,
$data->{'basicConstraints'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsComment",
$data->{'nsComment'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsBaseUrl",
$data->{'nsBaseUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsRevocationUrl",
$data->{'nsRevocationUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsCaRevocationUrl",
$data->{'nsCaRevocationUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsRenewalUrl",
$data->{'nsRenewalUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsSslServerName",
$data->{'nsSslServerName'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsCaPolicyUrl",
$data->{'nsCaPolicyUrl'});
if(!defined $e) {
@@ -2298,7 +2298,7 @@
};
if($@) {
-
+
return $self->SetError( summary => __("Signing certificate failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -2312,7 +2312,7 @@
Create a new Certificate and returns the name
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -2381,10 +2381,10 @@
* notext (optional - if set to "1" do not output the
text version in the PEM file)
-The return value is "undef" on an error and the
+The return value is "undef" on an error and the
filename(without suffix) of the certificate on success.
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
EXAMPLE:
@@ -2433,7 +2433,7 @@
if(defined $data->{'repository'}) {
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
@@ -2447,12 +2447,12 @@
$ca->deleteRequest($request);
};
if($@) {
-
+
# ignore error
}
return undef;
}
-
+
return $certificate;
}
@@ -2461,19 +2461,19 @@
Returns a list of maps with all certificates of the defined CA.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
* caPasswd (required)
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error.
-On success it returns an array of hashes with all
-certificates of this CA. @ret[0..X] can have the
+On success it returns an array of hashes with all
+certificates of this CA. @ret[0..X] can have the
following Hash keys:
* certificate (the name of the certificate)
@@ -2531,7 +2531,7 @@
}
if (! defined $data->{'caPasswd'} ) {
-
+
return $self->SetError(summary => __("Missing parameter 'caPasswd'."),
code => "PARAM_CHECK_FAILED");
}
@@ -2540,28 +2540,28 @@
eval {
if(defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
-
+
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'});
-
+
}
-
+
my $list = $ca->getCertificateList();
-
+
for(my $listIT = $list->begin();
!$list->iterator_equal($listIT, $list->end());
$list->iterator_incr($listIT))
{
-
+
my $hash = undef;
my $map = $list->iterator_value($listIT);
-
+
for(my $mapIT = $map->begin();
!$map->iterator_equal($mapIT, $map->end());
$map->iterator_incr($mapIT))
@@ -2579,7 +2579,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Getting the certificate list failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -2591,9 +2591,9 @@
=item *
C<$bool = UpdateDB($valueMap)>
-Update the internal openssl database.
+Update the internal openssl database.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -2601,7 +2601,7 @@
The return value is "undef" on an error and "1" on success.
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
EXAMPLE:
@@ -2624,7 +2624,7 @@
sub UpdateDB {
my $self = shift;
my $data = shift;
-
+
if (not defined YaST::caUtils->checkCommonValues($data)) {
return $self->SetError(%{YaST::caUtils->Error()});
}
@@ -2644,31 +2644,31 @@
my $ca = undef;
eval {
if(defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
-
+
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'});
-
+
}
-
+
my $list = $ca->updateDB();
};
if($@) {
-
+
if( (ref($@) eq "HASH" && $@->{code} == $LIMAL::CaMgm::E_INVALID_PASSWD) ||
- $@ =~ /invalid.*password/i)
+ $@ =~ /invalid.*password/i)
{
# error message; displayed in an popup dialog
return $self->SetError( summary => __("Invalid password."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
- else
+ else
{
# error message; displayed in an popup dialog
return $self->SetError( summary => __("UpdateDB failed."),
@@ -2676,7 +2676,7 @@
code => "LIMAL_CALL_FAILED");
}
}
-
+
return 1;
}
@@ -2685,15 +2685,15 @@
Returns a certificate as plain text or parsed map.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
* certificate (required - name without suffix)
-* type (required - allowed values: "parsed", "extended" or "plain")
+* type (required - allowed values: "parsed", "extended" or "plain")
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error.
@@ -2743,15 +2743,15 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{"caName"};
-
- if (! defined $data->{"type"} ||
+
+ if (! defined $data->{"type"} ||
!grep( ( $_ eq $data->{"type"}), ("parsed", "plain", "extended"))) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'type'."),
code => "PARAM_CHECK_FAILED");
}
$type = $data->{"type"};
-
+
if (! defined $data->{"certificate"}) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'certificate'."),
@@ -2762,22 +2762,22 @@
my $ca = undef;
eval {
if(defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
-
+
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'});
-
+
}
my $cert = $ca->getCertificate($certificate);
if ($type eq "parsed" || $type eq "extended") {
-
+
$ret = YaST::caUtils->getParsed($cert);
my $repos = "$CAM_ROOT";
if(defined $data->{repository}) {
@@ -2796,10 +2796,10 @@
} else {
$ret = $cert->getCertificateAsText();
}
-
+
};
if($@) {
-
+
return $self->SetError( summary => __("Parsing the certificate failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -2810,9 +2810,9 @@
=item *
C<$bool = RevokeCertificate($valueMap)>
-Revoke a certificate.
+Revoke a certificate.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -2822,7 +2822,7 @@
* crlReason
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error and "1" on success.
@@ -2863,7 +2863,7 @@
code => "CHECK_PARAM_FAILED");
}
$caName = $data->{"caName"};
-
+
if (!defined $data->{"caPasswd"} ) {
# parameter check failed
return $self->SetError( summary => __("Missing value 'caPasswd'."),
@@ -2880,16 +2880,16 @@
my $ca = undef;
eval {
if(defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
-
+
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'});
-
+
}
my $reason = new LIMAL::CaMgm::CRLReason();
@@ -2897,11 +2897,11 @@
if (defined $data->{'crlReason'}) {
$reason->setReason($data->{'crlReason'});
}
-
+
$ca->revokeCertificate($certificate, $reason);
};
if($@) {
-
+
return $self->SetError( summary => __("Revoking the certificate failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -2913,9 +2913,9 @@
=item *
C<$bool = AddCRL($valueMap)>
-Create a new CRL.
+Create a new CRL.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -2923,7 +2923,7 @@
* days (required)
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error and "1" on success.
@@ -2961,7 +2961,7 @@
code => "CHECK_PARAM_FAILED");
}
$caName = $data->{"caName"};
-
+
if (!defined $data->{"caPasswd"} ) {
return $self->SetError( summary => __("Missing value 'caPasswd'."),
code => "CHECK_PARAM_FAILED");
@@ -2975,7 +2975,7 @@
eval {
if( defined $data->{'repository'}) {
-
+
$ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'},
$data->{"repository"});
} else {
@@ -2985,7 +2985,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Initializing the CA failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3003,7 +3003,7 @@
###### we use only the default extensions
#
# my $exts = $cgd->getExtensions();
-
+
# my $e = YaST::caUtils->transformAuthorityKeyIdentifier($exts,
# $data->{'authorityKeyIdentifier'});
# if(!defined $e) {
@@ -3031,7 +3031,7 @@
};
if($@) {
-
+
return $self->SetError( summary => __("Creating the CRL failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3044,13 +3044,13 @@
Returns a CRL as plain text or parsed map.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
* type (required - allowed values: "parsed", "extended" or "plain")
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error.
@@ -3098,25 +3098,25 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{"caName"};
-
- if (! defined $data->{"type"} ||
+
+ if (! defined $data->{"type"} ||
!grep( ($_ eq $data->{"type"}), ("parsed", "plain", "extended"))) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'type'."),
code => "PARAM_CHECK_FAILED");
}
$type = $data->{"type"};
-
+
my $ca = undef;
eval {
if(defined $data->{'repository'}) {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
-
+
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'});
}
@@ -3142,26 +3142,26 @@
}
} else {
-
+
$ret = $crl->getCRLAsText();
-
+
}
};
if($@) {
-
+
if( (ref($@) eq "HASH" && $@->{code} == $LIMAL::CaMgm::E_FILE_NOT_FOUND) ||
$@ =~ /RuntimeException: File not found/i) {
-
+
return $self->SetError( summary => __("No CRL available."),
code => "LIMAL_CALL_FAILED");
} else {
-
+
return $self->SetError( summary => __("Parsing the CRL failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
}
-
+
return $ret;
}
@@ -3170,7 +3170,7 @@
Export a CA to a file or returns it in different formats.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -3180,6 +3180,10 @@
PEM_CERT (export only the Certificate im PEM format)
+ PEM_KEY (export the Key unencrypted in PEM Format)
+
+ PEM_ENCKEY (export the Key encrypted in PEM Format)
+
PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format)
PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format)
@@ -3196,7 +3200,7 @@
The return value is "undef" on an error and "1" on success if destinationFile is defined.
If destinationFile is not defined, the CA is directly returned. If the exportFormat is
-PEM_CERT_KEY or PEM_CERT_ENCKEY the certificate and the key are returned.
+PEM_CERT_KEY or PEM_CERT_ENCKEY the certificate and the key are returned.
Because of the PEM format it is easy to split them later.
@@ -3266,9 +3270,9 @@
$destinationFile = $data->{'destinationFile'};
}
- if (!defined $data->{"exportFormat"} ||
- !grep( ( $_ eq $data->{"exportFormat"}),
- ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY",
+ if (!defined $data->{"exportFormat"} ||
+ !grep( ( $_ eq $data->{"exportFormat"}),
+ ("PEM_CERT", "PEM_KEY", "PEM_ENCKEY", "PEM_CERT_KEY", "PEM_CERT_ENCKEY",
"DER_CERT", "PKCS12", "PKCS12_CHAIN"))) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'exportFormat'."),
@@ -3306,7 +3310,7 @@
if ($format eq "PEM_CERT") {
eval {
-
+
my $buffer = $ca->exportCACert($LIMAL::CaMgm::E_PEM);
if (defined $destinationFile) {
@@ -3319,33 +3323,78 @@
}
};
if($@) {
-
+
+ return $self->SetError( summary => __("Export failed."),
+ description => YaST::caUtils->exception2String($@),
+ code => "LIMAL_CALL_FAILED");
+ }
+ } elsif ($format eq "PEM_KEY") {
+
+ eval {
+
+ my $buffer1 = $ca->exportCAKeyAsPEM("");
+
+ if (defined $destinationFile) {
+
+ LIMAL::CaMgm::LocalManagement::writeFile($buffer1,
+ $destinationFile);
+ $ret = 1;
+ } else {
+
+ $ret = $buffer1->data();
+ }
+ };
+ if($@) {
+
+ return $self->SetError( summary => __("Export failed."),
+ description => YaST::caUtils->exception2String($@),
+ code => "LIMAL_CALL_FAILED");
+ }
+ } elsif ($format eq "PEM_ENCKEY") {
+
+ eval {
+
+ my $buffer1 = $ca->exportCAKeyAsPEM($data->{'caPasswd'});
+
+ if (defined $destinationFile) {
+
+ LIMAL::CaMgm::LocalManagement::writeFile($buffer1,
+ $destinationFile);
+ $ret = 1;
+ } else {
+
+ $ret = $buffer1->data();
+ }
+ };
+ if($@) {
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
+
} elsif ($format eq "PEM_CERT_KEY") {
eval {
-
+
my $buffer1 = $ca->exportCACert($LIMAL::CaMgm::E_PEM);
my $buffer2 = $ca->exportCAKeyAsPEM("");
$buffer1->append("\n", 1);
$buffer1->append($buffer2->data(), $buffer2->size());
-
+
if (defined $destinationFile) {
LIMAL::CaMgm::LocalManagement::writeFile($buffer1,
$destinationFile);
$ret = 1;
} else {
-
+
$ret = $buffer1->data();
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3353,10 +3402,10 @@
} elsif ($format eq "PEM_CERT_ENCKEY") {
eval {
-
+
my $buffer1 = $ca->exportCACert($LIMAL::CaMgm::E_PEM);
my $buffer2 = $ca->exportCAKeyAsPEM($data->{'caPasswd'});
-
+
$buffer1->append("\n", 1);
$buffer1->append($buffer2->data(), $buffer2->size());
@@ -3371,7 +3420,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3380,7 +3429,7 @@
} elsif ($format eq "DER_CERT") {
eval {
-
+
my $buffer = $ca->exportCACert($LIMAL::CaMgm::E_DER);
if (defined $destinationFile) {
@@ -3393,7 +3442,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3407,7 +3456,7 @@
}
eval {
-
+
my $buffer = $ca->exportCAasPKCS12($data->{'P12Password'},
0);
@@ -3421,7 +3470,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3437,7 +3486,7 @@
eval {
-
+
my $buffer = $ca->exportCAasPKCS12($data->{'P12Password'},
1);
@@ -3451,7 +3500,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3465,7 +3514,7 @@
Export a certificate to a file or returns it in different formats.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -3479,6 +3528,10 @@
PEM_CERT (export only the Certificate im PEM format)
+ PEM_KEY (export the Key unencrypted in PEM Format)
+
+ PEM_ENCKEY (export the Key encrypted in PEM Format)
+
PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format)
PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format)
@@ -3495,7 +3548,7 @@
The return value is "undef" on an error and "1" on success if destinationFile is defined.
If destinationFile is not defined, the certificate is directly returned. If the exportFormat is
-PEM_CERT_KEY or PEM_CERT_ENCKEY the certificate and the key are returned.
+PEM_CERT_KEY or PEM_CERT_ENCKEY the certificate and the key are returned.
Because of the PEM format it is easy to split them later.
@@ -3553,7 +3606,7 @@
return $self->SetError(summary => __("Invalid value for parameter 'caPasswd'."),
code => "PARAM_CHECK_FAILED");
}
-
+
if (! defined $data->{'certificate'}) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'certificate'."),
@@ -3579,9 +3632,9 @@
$destinationFile = $data->{'destinationFile'};
}
- if (! defined $data->{"exportFormat"} ||
+ if (! defined $data->{"exportFormat"} ||
!grep( ( $_ eq $data->{"exportFormat"}),
- ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY",
+ ("PEM_CERT", "PEM_KEY", "PEM_ENCKEY", "PEM_CERT_KEY", "PEM_CERT_ENCKEY",
"DER_CERT", "PKCS12", "PKCS12_CHAIN"))) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'exportFormat'."),
@@ -3619,7 +3672,7 @@
if ($format eq "PEM_CERT") {
eval {
-
+
my $buffer = $ca->exportCertificate($certificate,
$LIMAL::CaMgm::E_PEM);
@@ -3633,21 +3686,70 @@
}
};
if($@) {
-
+
+ return $self->SetError( summary => __("Export failed."),
+ description => YaST::caUtils->exception2String($@),
+ code => "LIMAL_CALL_FAILED");
+ }
+ } elsif ($format eq "PEM_KEY") {
+
+ eval {
+
+ my $buffer1 = $ca->exportCertificateKeyAsPEM($certificate,
+ $keyPasswd,
+ "");
+
+ if (defined $destinationFile) {
+
+ LIMAL::CaMgm::LocalManagement::writeFile($buffer1,
+ $destinationFile);
+ $ret = 1;
+ } else {
+
+ $ret = $buffer1->data();
+ }
+ };
+ if($@) {
+
+ return $self->SetError( summary => __("Export failed."),
+ description => YaST::caUtils->exception2String($@),
+ code => "LIMAL_CALL_FAILED");
+ }
+
+ } elsif ($format eq "PEM_ENCKEY") {
+
+ eval {
+
+ my $buffer1 = $ca->exportCertificateKeyAsPEM($certificate,
+ $keyPasswd,
+ $keyPasswd);
+
+ if (defined $destinationFile) {
+
+ LIMAL::CaMgm::LocalManagement::writeFile($buffer1,
+ $destinationFile);
+ $ret = 1;
+ } else {
+ $ret = $buffer1->data();
+ }
+ };
+ if($@) {
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
+
} elsif ($format eq "PEM_CERT_KEY") {
eval {
-
+
my $buffer1 = $ca->exportCertificate($certificate,
$LIMAL::CaMgm::E_PEM);
my $buffer2 = $ca->exportCertificateKeyAsPEM($certificate,
$keyPasswd,
"");
-
+
$buffer1->append("\n", 1);
$buffer1->append($buffer2->data(), $buffer2->size());
@@ -3662,7 +3764,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3671,13 +3773,13 @@
} elsif ($format eq "PEM_CERT_ENCKEY") {
eval {
-
+
my $buffer1 = $ca->exportCertificate($certificate,
$LIMAL::CaMgm::E_PEM);
my $buffer2 = $ca->exportCertificateKeyAsPEM($certificate,
$keyPasswd,
$keyPasswd);
-
+
$buffer1->append("\n", 1);
$buffer1->append($buffer2->data(), $buffer2->size());
@@ -3691,7 +3793,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3700,7 +3802,7 @@
} elsif ($format eq "DER_CERT") {
eval {
-
+
my $buffer = $ca->exportCACert($LIMAL::CaMgm::E_DER);
if (defined $destinationFile) {
@@ -3713,7 +3815,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3728,7 +3830,7 @@
}
eval {
-
+
my $buffer = $ca->exportCertificateAsPKCS12($certificate,
$keyPasswd,
$data->{'P12Password'},
@@ -3744,7 +3846,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3758,7 +3860,7 @@
}
eval {
-
+
my $buffer = $ca->exportCertificateAsPKCS12($certificate,
$keyPasswd,
$data->{'P12Password'},
@@ -3774,7 +3876,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3788,7 +3890,7 @@
Export a CRL to a file or returns it in different formats.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -3803,7 +3905,7 @@
* destinationFile (optional)
The return value is "undef" on an error and "1" on success,
-if 'destinationFile' is defined.
+if 'destinationFile' is defined.
If 'destinationFile' is not defined the CRL is returned.
EXAMPLE:
@@ -3814,7 +3916,7 @@
'caPasswd' => 'system',
'exportFormat' => $ef,
};
-
+
my $res = YaPI::CaManagement->ExportCRL($data);
if( not defined $res ) {
# error
@@ -3848,14 +3950,14 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{"caName"};
-
+
if (!defined $data->{'caPasswd'}) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'caPasswd'."),
code => "PARAM_CHECK_FAILED");
}
-
- if (!defined $data->{"exportFormat"} ||
+
+ if (!defined $data->{"exportFormat"} ||
!grep( ( $_ eq $data->{"exportFormat"}), ("PEM", "DER"))) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'exportFormat'."),
@@ -3906,7 +4008,7 @@
if ($format eq "PEM") {
eval {
-
+
my $buffer = $ca->exportCRL($LIMAL::CaMgm::E_PEM);
if (defined $destinationFile) {
@@ -3919,7 +4021,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3928,7 +4030,7 @@
} elsif ($format eq "DER") {
eval {
-
+
my $buffer = $ca->exportCRL($LIMAL::CaMgm::E_DER);
if (defined $destinationFile) {
@@ -3941,7 +4043,7 @@
}
};
if($@) {
-
+
return $self->SetError( summary => __("Export failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -3960,7 +4062,7 @@
Verify a certificate.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -3988,7 +4090,7 @@
* ocsphelper (OCSP helper)
-The syntax of the other values are explained in the
+The syntax of the other values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" if the verification failed.
@@ -4047,7 +4149,7 @@
if( defined $data->{'repository'}) {
- $ca = new LIMAL::CaMgm::CA($data->{"caName"},
+ $ca = new LIMAL::CaMgm::CA($data->{"caName"},
$data->{'caPasswd'},
$data->{"repository"});
} else {
@@ -4058,7 +4160,7 @@
my $purpose = "any";
if(defined $data->{'purpose'} && $data->{'purpose'} ne "") {
- if(!grep( ($_ eq $data->{'purpose'}),
+ if(!grep( ($_ eq $data->{'purpose'}),
("sslclient", "sslserver", "nssslserver",
"smimesign", "smimeencrypt", "crlsign",
"any", "ocsphelper"))) {
@@ -4090,7 +4192,7 @@
create a new CA signed by another CA.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* newCaName (required - the name of the new CA)
@@ -4156,10 +4258,10 @@
* crlDistributionPoints
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
-The return value is "undef" on an the
+The return value is "undef" on an the
filename(without suffix) of the certificate on success.
EXAMPLE:
@@ -4182,7 +4284,7 @@
my $res = YaPI::CaManagement->AddSubCA($data);
if( not defined $res ) {
- # error
+ # error
} else {
print "OK '$res'\n";
}
@@ -4196,7 +4298,7 @@
my @dn = ();
my $caName = "";
my $newCaName = "";
-
+
if (not defined YaST::caUtils->checkCommonValues($data)) {
return $self->SetError(%{YaST::caUtils->Error()});
}
@@ -4213,7 +4315,7 @@
code => "CHECK_PARAM_FAILED");
}
$newCaName = $data->{"newCaName"};
-
+
if (!defined $data->{"keyPasswd"}) {
return $self->SetError( summary => __("Missing value 'keyPasswd'."),
code => "CHECK_PARAM_FAILED");
@@ -4248,19 +4350,19 @@
eval {
if( defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{"caName"},
+
+ $ca = new LIMAL::CaMgm::CA($data->{"caName"},
$data->{"caPasswd"},
$data->{"repository"});
} else {
- $ca = new LIMAL::CaMgm::CA($data->{"caName"},
+ $ca = new LIMAL::CaMgm::CA($data->{"caName"},
$data->{"caPasswd"});
}
};
if($@) {
-
+
return $self->SetError( summary => __("Initializing the CA failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -4268,14 +4370,14 @@
my $rgd = undef;
eval {
-
+
$rgd = $ca->getRequestDefaults($LIMAL::CaMgm::E_CA_Req);
-
+
my $dnl = $rgd->getSubjectDN()->getDN();
my @DN_Values = ('countryName', 'stateOrProvinceName', 'localityName',
'organizationName', 'organizationalUnitName',
'commonName', 'emailAddress');
-
+
for(my $dnit = $dnl->begin();
!$dnl->iterator_equal($dnit, $dnl->end());
$dnl->iterator_incr($dnit))
@@ -4285,7 +4387,7 @@
if($dnl->iterator_value($dnit)->getType() =~ /^$v$/i) {
if(defined $data->{$v}) {
-
+
$dnl->iterator_value($dnit)->setRDNValue($data->{$v});
} else {
@@ -4323,20 +4425,20 @@
my $exts = $rgd->getExtensions();
- my $e = YaST::caUtils->transformBasicConstaints($exts,
+ my $e = YaST::caUtils->transformBasicConstaints($exts,
$data->{'basicConstraints'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsComment",
$data->{'nsComment'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsSslServerName",
$data->{'nsSslServerName'});
if(!defined $e) {
@@ -4377,7 +4479,7 @@
};
if($@) {
-
+
return $self->SetError( summary => __("Modifying RequestGenerationData failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -4394,56 +4496,56 @@
$cid->setCertifyPeriode($start, $end);
my $exts = $cid->getExtensions();
-
- my $e = YaST::caUtils->transformBasicConstaints($exts,
+
+ my $e = YaST::caUtils->transformBasicConstaints($exts,
$data->{'basicConstraints'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsComment",
$data->{'nsComment'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsBaseUrl",
$data->{'nsBaseUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsRevocationUrl",
$data->{'nsRevocationUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsCaRevocationUrl",
$data->{'nsCaRevocationUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsRenewalUrl",
$data->{'nsRenewalUrl'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsSslServerName",
$data->{'nsSslServerName'});
if(!defined $e) {
return undef;
}
- $e = YaST::caUtils->transformStringExtension($exts,
+ $e = YaST::caUtils->transformStringExtension($exts,
"nsCaPolicyUrl",
$data->{'nsCaPolicyUrl'});
if(!defined $e) {
@@ -4520,15 +4622,15 @@
$certName = $ca->createSubCA($newCaName,
$data->{'keyPasswd'},
$rgd, $cid);
-
+
};
if($@) {
-
+
return $self->SetError( summary => __("Creating the SubCA failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
-
+
return $certName;
}
@@ -4537,7 +4639,7 @@
Export a CA in a LDAP Directory.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -4551,7 +4653,7 @@
* ldapPasswd (required)
-B<destinationDN> is the DN to the entry where to store
+B<destinationDN> is the DN to the entry where to store
the CA. The following objectClasses are used:
* cRLDistributionPoint
@@ -4600,10 +4702,10 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{'caName'};
-
+
if (! defined $data->{'ldapHostname'} ||
- !(IP->Check4($data->{'ldapHostname'}) ||
- IP->Check6($data->{'ldapHostname'}) ||
+ !(IP->Check4($data->{'ldapHostname'}) ||
+ IP->Check6($data->{'ldapHostname'}) ||
Hostname->CheckFQ($data->{'ldapHostname'}))
) {
# parameter check failed
@@ -4613,7 +4715,7 @@
if (! defined $data->{'ldapPort'} ||
$data->{'ldapPort'} eq "") {
- # setting default value
+ # setting default value
$data->{'ldapPort'} = 389;
}
@@ -4624,7 +4726,7 @@
}
my $object = X500::DN->ParseRFC2253($data->{'destinationDN'});
- if (! defined $data->{'destinationDN'} ||
+ if (! defined $data->{'destinationDN'} ||
$data->{'destinationDN'} eq "" ||
! defined $object) {
# parameter check failed
@@ -4641,24 +4743,24 @@
my $container = "";
for(my $i = scalar($object->getRDNs())-2; $i >= 0; $i--) {
-
+
my @a = $object->getRDN($i)->getAttributeTypes();
-
+
if($container eq "") {
$container = $a[0]."=".$object->getRDN($i)->getAttributeValue($a[0]);
} else {
$container = $container.",".$a[0]."=".$object->getRDN($i)->getAttributeValue($a[0]);
- }
+ }
}
- if (! defined $data->{'BindDN'} ||
+ if (! defined $data->{'BindDN'} ||
$data->{'BindDN'} eq "") {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'BindDN'."),
code => "PARAM_CHECK_FAILED");
}
- if (! defined $data->{'ldapPasswd'} ||
+ if (! defined $data->{'ldapPasswd'} ||
$data->{'ldapPasswd'} eq "") {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'ldapPasswd'."),
@@ -4689,7 +4791,7 @@
return $self->SetError(summary => __("Cannot parse the CA certificate."),
code => "PARSE_ERROR");
}
-
+
# default is try; disable only, if ldap client says no
my $use_tls = "try";
@@ -4697,7 +4799,7 @@
my $ldapMap = Ldap->Export();
if(defined $ldapMap->{ldap_tls}) {
if($ldapMap->{ldap_tls} == 1) {
- $use_tls = "yes"
+ $use_tls = "yes"
} else {
$use_tls = "no";
}
@@ -4753,7 +4855,7 @@
# entry exists => we have to modify it
$action = "modify";
}
-
+
if($action eq "add") {
my $entry = {
@@ -4780,11 +4882,11 @@
code => "LDAP_MODIFY_FAILED",
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'});
}
-
+
} else {
#this should never happen :-)
}
-
+
return 1;
}
@@ -4793,7 +4895,7 @@
Export a CRL in a LDAP Directory
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -4807,7 +4909,7 @@
* ldapPasswd (required)
-B<destinationDN> is the DN to the entry where to store
+B<destinationDN> is the DN to the entry where to store
the CA. The following objectClasses are used:
* cRLDistributionPoint
@@ -4856,10 +4958,10 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{'caName'};
-
+
if (! defined $data->{'ldapHostname'} ||
- !(IP->Check4($data->{'ldapHostname'}) ||
- IP->Check6($data->{'ldapHostname'}) ||
+ !(IP->Check4($data->{'ldapHostname'}) ||
+ IP->Check6($data->{'ldapHostname'}) ||
Hostname->CheckFQ($data->{'ldapHostname'}))
) {
# parameter check failed
@@ -4869,7 +4971,7 @@
if (! defined $data->{'ldapPort'} ||
$data->{'ldapPort'} eq "") {
- # setting default value
+ # setting default value
$data->{'ldapPort'} = 389;
}
@@ -4880,7 +4982,7 @@
}
my $object = X500::DN->ParseRFC2253($data->{'destinationDN'});
- if (! defined $data->{'destinationDN'} ||
+ if (! defined $data->{'destinationDN'} ||
$data->{'destinationDN'} eq "" ||
! defined $object) {
# parameter check failed
@@ -4896,9 +4998,9 @@
my $container = "";
for(my $i = scalar($object->getRDNs())-2; $i >= 0; $i--) {
-
+
my @a = $object->getRDN($i)->getAttributeTypes();
-
+
if($container eq "") {
$container = $a[0]."=".$object->getRDN($i)->getAttributeValue($a[0]);
} else {
@@ -4906,14 +5008,14 @@
}
}
- if (! defined $data->{'BindDN'} ||
+ if (! defined $data->{'BindDN'} ||
$data->{'BindDN'} eq "") {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'BindDN'."),
code => "PARAM_CHECK_FAILED");
}
- if (! defined $data->{'ldapPasswd'} ||
+ if (! defined $data->{'ldapPasswd'} ||
$data->{'ldapPasswd'} eq "") {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'ldapPasswd'."),
@@ -4952,7 +5054,7 @@
my $ldapMap = Ldap->Export();
if(defined $ldapMap->{ldap_tls} && $ldapMap->{ldap_tls} == 0) {
if($ldapMap->{ldap_tls} == 1) {
- $use_tls = "yes"
+ $use_tls = "yes"
} else {
$use_tls = "no";
}
@@ -5022,7 +5124,7 @@
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'},
code => "LDAP_SEARCH_FAILED");
}
- if (! defined $attr->[0]->{"certificateRevocationList;binary"} ||
+ if (! defined $attr->[0]->{"certificateRevocationList;binary"} ||
$attr->{"certificateRevocationList;binary"} eq "") {
$doCRLdp = 1;
}
@@ -5044,7 +5146,7 @@
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'});
}
-
+
} elsif ($action eq "modify") {
my $entry = {
@@ -5056,7 +5158,7 @@
code => "LDAP_MODIFY_FAILED",
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'});
}
-
+
} else {
#this should never happen :-)
}
@@ -5065,7 +5167,7 @@
if ( $doCRLdp ) {
# seems to be the first export, so
# check for crlDistributionPoint in config template
-
+
my $ca = undef;
eval {
my $crlDP_client = "";
@@ -5081,7 +5183,7 @@
$crlDP_client = "found";
}
-
+
my $defServer = $ca->getIssueDefaults($LIMAL::CaMgm::E_Server_Cert);
if($defServer->getExtensions()->getCRLDistributionPoints()->isPresent() &&
@@ -5098,63 +5200,63 @@
$crlDP_ca = "found";
}
-
+
if ( (! defined $crlDP_client || $crlDP_client eq "") &&
(! defined $crlDP_server || $crlDP_server eq "") &&
- (! defined $crlDP_ca || $crlDP_ca eq "")
+ (! defined $crlDP_ca || $crlDP_ca eq "")
) {
# if all crlDP are not defined or empty, than we can add it automaticaly
-
+
#my $crlDP = "URI:";
my $crlDP .= "ldap://".$data->{'ldapHostname'}.":".$data->{'ldapPort'}."/";
$crlDP .= uri_escape($data->{'destinationDN'});
-
+
my $list = new LIMAL::CaMgm::LiteralValueList();
$list->push_back(new LIMAL::CaMgm::LiteralValue("URI", $crlDP));
-
+
# client
-
+
my $cdp = $defClient->getExtensions()->getCRLDistributionPoints();
$cdp->setCRLDistributionPoints($list);
-
+
my $ext = $defClient->getExtensions();
$ext->setCRLDistributionPoints($cdp);
-
+
$defClient->setExtensions($ext);
-
- # server
-
+
+ # server
+
$cdp = $defServer->getExtensions()->getCRLDistributionPoints();
$cdp->setCRLDistributionPoints($list);
-
+
$ext = $defServer->getExtensions();
$ext->setCRLDistributionPoints($cdp);
-
+
$defServer->setExtensions($ext);
-
+
# ca
-
+
$cdp = $defCA->getExtensions()->getCRLDistributionPoints();
$cdp->setCRLDistributionPoints($list);
-
+
$ext = $defCA->getExtensions();
$ext->setCRLDistributionPoints($cdp);
-
+
$defCA->setExtensions($ext);
-
+
$ca->setIssueDefaults($LIMAL::CaMgm::E_Client_Cert,
$defClient);
-
+
$ca->setIssueDefaults($LIMAL::CaMgm::E_Server_Cert,
$defServer);
-
+
$ca->setIssueDefaults($LIMAL::CaMgm::E_CA_Cert,
$defCA);
-
+
}
};
if($@) {
-
+
return $self->SetError( summary => __("Checking for new CRL Distribution Point failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -5215,8 +5317,8 @@
=cut
-BEGIN { $TYPEINFO{ReadLDAPExportDefaults} = ["function",
- ["map", "string", "any"],
+BEGIN { $TYPEINFO{ReadLDAPExportDefaults} = ["function",
+ ["map", "string", "any"],
["map", "string", "any"] ]; }
sub ReadLDAPExportDefaults {
my $self = shift;
@@ -5236,7 +5338,7 @@
if (defined $data->{'caName'} ) {
$caName = $data->{'caName'};
}
-
+
if(!defined $data->{'type'} ||
!grep( ($_ eq $data->{'type'}), ("ca", "crl", "certificate"))) {
return $self->SetError(summary => __("Invalid value for parameter 'type'."),
@@ -5255,9 +5357,9 @@
if(defined $data->{'emailAddress'} && $data->{'emailAddress'} ne "") {
push(@emailAddresses, $data->{'emailAddress'});
}
-
+
# get other email addresses from subject alt name
- if(defined $data->{'subjectAltName'} &&
+ if(defined $data->{'subjectAltName'} &&
$data->{'subjectAltName'} =~ /email/)
{
my @eaddr = split(/\s*,\s*/, $data->{'subjectAltName'});
@@ -5282,10 +5384,10 @@
} else {
return $self->SetError( summary => __("No LDAP server configured."),
code => "HOST_NOT_FOUND");
- }
+ }
if(defined $ldapMap->{ldap_tls} ) {
if($ldapMap->{ldap_tls} == 1) {
- $use_tls = "yes"
+ $use_tls = "yes"
} else {
$use_tls = "no";
}
@@ -5298,7 +5400,7 @@
return $self->SetError(summary => __("LDAP initialization failed."),
code => "SCR_INIT_FAILED");
}
-
+
# anonymous bind
if (! SCR->Execute(".ldap.bind", {}) ) {
my $ldapERR = SCR->Read(".ldap.error");
@@ -5309,7 +5411,7 @@
if(defined $type && ($type eq "ca" || $type eq "crl")) {
# Is there already a ldapconfig object?
-
+
if(defined $caName && $caName ne "") {
$ldapret = SCR->Read(".ldap.search", {
"base_dn" => $ldapMap->{'base_config_dn'},
@@ -5328,7 +5430,7 @@
$retMap->{'destinationDN'} = $ldapret->[0]->{suseDefaultBase};
}
}
-
+
if(!exists $retMap->{'destinationDN'} || $retMap->{'destinationDN'} eq "") {
$ldapret = SCR->Read(".ldap.search", {
"base_dn" => $ldapMap->{'base_config_dn'},
@@ -5346,20 +5448,20 @@
$retMap->{'destinationDN'} = $ldapret->[0]->{suseDefaultBase};
}
}
-
+
if(!exists $retMap->{'destinationDN'} || $retMap->{'destinationDN'} eq "") {
return $self->SetError(summary => __("No configuration available in LDAP."),
code => "LDAP_CONFIG_NEEDED");
}
-
- # complete the destinationDN
+
+ # complete the destinationDN
for(my $i = 0; $i < scalar(@{$retMap->{'destinationDN'}}); $i++) {
$retMap->{'destinationDN'}->[$i] = "cn=$caName,".$retMap->{'destinationDN'}->[$i];
}
} else {
# type is certificate
-
+
my $filter = undef;
if(defined $emailAddresses[0]) {
@@ -5390,7 +5492,7 @@
if(@$ldapret > 0) {
$retMap->{'destinationDN'} = $ldapret;
}
-
+
}
$retMap->{'ldapHostname'} = $ldapMap->{'ldap_server'};
$retMap->{'ldapPort'} = $ldapMap->{'ldap_port'};
@@ -5404,7 +5506,7 @@
Creates the default configuration structure in LDAP
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* ldapPasswd (required)
@@ -5425,7 +5527,7 @@
=cut
-BEGIN { $TYPEINFO{InitLDAPcaManagement} = ["function", "boolean",
+BEGIN { $TYPEINFO{InitLDAPcaManagement} = ["function", "boolean",
["map", "string", "any"] ]; }
sub InitLDAPcaManagement {
@@ -5453,16 +5555,16 @@
} else {
return $self->SetError( summary => __("No LDAP server configured."),
code => "HOST_NOT_FOUND");
- }
+ }
}
-
+
my $ret = Ldap->LDAPInit ();
if ($ret ne "") {
-
+
return $self->SetError(summary => __("LDAP initialization failed."),
code => "SCR_INIT_FAILED");
}
-
+
# bind
if (! SCR->Execute(".ldap.bind", { bind_dn => $ldapMap->{'bind_dn'},
bind_pw => $data->{ldapPasswd}
@@ -5474,7 +5576,7 @@
}
# search for base_config_dn
- $ldapret = SCR->Read(".ldap.search",
+ $ldapret = SCR->Read(".ldap.search",
{
"base_dn" => $ldapMap->{'base_config_dn'},
"filter" => 'objectClass=*',
@@ -5488,23 +5590,23 @@
Ldap->SetGUI(YaST::YCP::Boolean(0));
Ldap->SetBindPassword($data->{ldapPasswd});
-
+
if(! Ldap->CheckBaseConfig($ldapMap->{'base_config_dn'})) {
Ldap->SetGUI(YaST::YCP::Boolean(1));
return $self->SetError(summary => __("Cannot add base configuration entry."),
code => "LDAP_ADD_FAILED");
}
Ldap->SetGUI(YaST::YCP::Boolean(1));
-
+
} else {
return $self->SetError(summary => __("LDAP search failed."),
code => "LDAP_SEARCH_FAILED",
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'});
}
}
-
+
# search for default Config entry
- $ldapret = SCR->Read(".ldap.search",
+ $ldapret = SCR->Read(".ldap.search",
{
"base_dn" => $ldapMap->{'base_config_dn'},
"filter" => '(& (objectClass=suseCaConfiguration) (cn=defaultCA))',
@@ -5520,7 +5622,7 @@
if(@$ldapret <= 0) {
my $defaultCAcontainer = "ou=PKI,".$ldapMap->{'ldap_domain'};
- # search for the default CA container
+ # search for the default CA container
$ldapret = SCR->Read(".ldap.search", {
"base_dn" => $defaultCAcontainer,
"filter" => 'objectClass=*',
@@ -5536,9 +5638,9 @@
"objectClass" => [ "organizationalUnit" ],
"ou" => "PKI",
};
-
+
$ldapret = SCR->Write(".ldap.add", { dn => $defaultCAcontainer }, $entry);
-
+
if(! defined $ldapret) {
my $ldapERR = SCR->Read(".ldap.error");
return $self->SetError(summary => __("Cannot add CA configuration entry."),
@@ -5553,9 +5655,9 @@
}
# create default CA config entry
- $ldapret = SCR->Write(".ldap.add",
+ $ldapret = SCR->Write(".ldap.add",
{ dn => "cn=defaultCA,".$ldapMap->{'base_config_dn'}},
- {
+ {
"objectClass" => [ "suseCaConfiguration"],
"cn" => "defaultCA",
"suseDefaultBase", $defaultCAcontainer
@@ -5568,7 +5670,7 @@
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'});
}
}
- return 1;
+ return 1;
}
@@ -5579,7 +5681,7 @@
is designed for exporting user certificates. The destination
entry must have the objectClass 'inetOrgPerson'.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -5600,7 +5702,7 @@
* ldapPasswd (required)
If the private key of the certificate is available and the
-parameter 'caPasswd', 'keyPasswd' and 'p12Passwd' are defined,
+parameter 'caPasswd', 'keyPasswd' and 'p12Passwd' are defined,
an export in PKCS12 format is also done.
The return value is "undef" on an error and "1" on success.
@@ -5657,10 +5759,10 @@
if(defined $1 && $1 ne "") {
$key = $1;
}
-
+
if (! defined $data->{'ldapHostname'} ||
- !(IP->Check4($data->{'ldapHostname'}) ||
- IP->Check6($data->{'ldapHostname'}) ||
+ !(IP->Check4($data->{'ldapHostname'}) ||
+ IP->Check6($data->{'ldapHostname'}) ||
Hostname->CheckFQ($data->{'ldapHostname'}))
) {
# parameter check failed
@@ -5670,7 +5772,7 @@
if (! defined $data->{'ldapPort'} ||
$data->{'ldapPort'} eq "") {
- # setting default value
+ # setting default value
$data->{'ldapPort'} = 389;
}
@@ -5680,21 +5782,21 @@
code => "PARAM_CHECK_FAILED");
}
- if (! defined $data->{'destinationDN'} ||
+ if (! defined $data->{'destinationDN'} ||
$data->{'destinationDN'} eq "") {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'destinationDN'."),
code => "PARAM_CHECK_FAILED");
}
- if (! defined $data->{'BindDN'} ||
+ if (! defined $data->{'BindDN'} ||
$data->{'BindDN'} eq "") {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'BindDN'."),
code => "PARAM_CHECK_FAILED");
}
- if (! defined $data->{'ldapPasswd'} ||
+ if (! defined $data->{'ldapPasswd'} ||
$data->{'ldapPasswd'} eq "") {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'ldapPasswd'."),
@@ -5728,7 +5830,7 @@
code => "LIMAL_CALL_FAILED");
}
my ($body) = ($crt->data() =~ /-----BEGIN[\s\w]+-----\n([\S\s\n]+)\n-----END[\s\w]+-----/);
-
+
if (! defined $body || $body eq "") {
return $self->SetError(summary => __("Cannot parse the certificate."),
code => "PARSE_ERROR");
@@ -5741,13 +5843,13 @@
my $ldapMap = Ldap->Export();
if(defined $ldapMap->{ldap_tls}) {
if($ldapMap->{ldap_tls} == 1) {
- $use_tls = "yes"
+ $use_tls = "yes"
} else {
$use_tls = "no";
}
}
}
-
+
if (! SCR->Execute(".ldap", {"hostname" => $data->{'ldapHostname'},
"port" => $data->{'ldapPort'},
"use_tls" => $use_tls })) {
@@ -5776,7 +5878,7 @@
code => "LDAP_SEARCH_FAILED",
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'});
}
-
+
my $entry = {
'userCertificate;binary' => YaST::YCP::Byteblock(decode_base64($body))
};
@@ -5786,7 +5888,7 @@
code => "LDAP_MODIFY_FAILED",
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'});
}
-
+
if ( $exportPKCS12 ) {
my $ca = undef;
@@ -5804,7 +5906,7 @@
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
-
+
my $entry = {
'userPKCS12' => YaST::YCP::Byteblock($p12->data())
};
@@ -5816,9 +5918,9 @@
description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'});
}
}
-
+
return 1;
-
+
}
=item *
@@ -5827,7 +5929,7 @@
Delete a Certificate. This function removes also
the request and the private key.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -5835,7 +5937,7 @@
* caPasswd (required)
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error and "1" on success.
@@ -5876,14 +5978,14 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{'caName'};
-
+
if (!defined $data->{'certificate'}) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'certificate'."),
code => "PARAM_CHECK_FAILED");
}
$certificate = $data->{'certificate'};
-
+
my $ca = undef;
eval {
@@ -5918,7 +6020,7 @@
code => "LIMAL_CALL_FAILED");
}
- return 1;
+ return 1;
}
@@ -5936,7 +6038,7 @@
The private key is copied to '/etc/ssl/servercerts/serverkey.pem' .
The private key is unencrypted and only for B<root> readable.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* inFile (required)
@@ -5945,7 +6047,7 @@
B<inFile> is the path to a certificate in PKCS12 format.
B<passwd> is the password which is needed to decrypt the PKCS12
-certificate. A second password is not needed, because the private
+certificate. A second password is not needed, because the private
key will be unencrypted.
The return value is "undef" on an error and "1" on success.
@@ -5967,9 +6069,9 @@
=cut
BEGIN { $TYPEINFO{ImportCommonServerCertificate} = [
- "function",
- "boolean",
- ["map", "string", "any"]
+ "function",
+ "boolean",
+ ["map", "string", "any"]
]; }
sub ImportCommonServerCertificate {
my $self = shift;
@@ -6118,7 +6220,7 @@
}
if($data->{datatype} eq "CERTIFICATE") {
-
+
my $cert = LIMAL::CaMgm::LocalManagement::getCertificate($data->{inFile},
$inForm);
@@ -6139,10 +6241,10 @@
}
if($type eq "extended") {
-
+
$ret = YaST::caUtils->extensionParsing($ret);
}
-
+
} else {
$ret = $cert->getCertificateAsText();
}
@@ -6152,7 +6254,7 @@
$inForm);
if ($type eq "parsed" || $type eq "extended") {
-
+
$ret = YaST::caUtils->getParsedCRL($crl);
@@ -6168,16 +6270,16 @@
}
if($type eq "extended") {
-
+
$ret = YaST::caUtils->extensionParsing($ret);
}
-
+
} else {
-
+
$ret = $crl->getCRLAsText();
-
+
}
-
+
} elsif($data->{datatype} eq "REQUEST") {
my $req = LIMAL::CaMgm::LocalManagement::getRequest($data->{inFile},
@@ -6199,17 +6301,17 @@
}
if($type eq "extended") {
-
+
$ret = YaST::caUtils->extensionParsing($ret);
}
-
+
} else {
$ret = $req->getRequestAsText();
}
}
};
if($@) {
-
+
return $self->SetError( summary => __("Parsing failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -6223,15 +6325,15 @@
Returns a request as plain text or parsed map.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
* request (required - name without suffix)
-* type (required - allowed values: "parsed", "extended" or "plain")
+* type (required - allowed values: "parsed", "extended" or "plain")
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error.
@@ -6281,15 +6383,15 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{"caName"};
-
- if (! defined $data->{"type"} ||
+
+ if (! defined $data->{"type"} ||
!grep( ( $_ eq $data->{"type"}), ("parsed", "plain", "extended"))) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'type'."),
code => "PARAM_CHECK_FAILED");
}
$type = $data->{"type"};
-
+
if (! defined $data->{"request"}) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'request'."),
@@ -6351,17 +6453,17 @@
Returns a list of maps with all requests of the defined CA.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error.
-On success it returns an array of hashes with all
-requests of this CA. @ret[0..X] can have the
+On success it returns an array of hashes with all
+requests of this CA. @ret[0..X] can have the
following Hash keys:
* request (the name of the certificate)
@@ -6420,15 +6522,15 @@
my $ca = undef;
eval {
if(defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
-
+
} else {
$ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'});
-
+
}
my $list = $ca->getRequestList();
@@ -6466,18 +6568,18 @@
Import a request in a CA repository.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
-* inFile
+* inFile
* data
* importFormat (default PEM)
B<inFile> is the path to a request.
-B<data> the request data directly
+B<data> the request data directly
One of B<inFile> or B<data> is required.
@@ -6503,9 +6605,9 @@
=cut
BEGIN { $TYPEINFO{ImportRequest} = [
- "function",
- "string",
- ["map", "string", "any"]
+ "function",
+ "string",
+ ["map", "string", "any"]
]; }
sub ImportRequest {
my $self = shift;
@@ -6531,7 +6633,7 @@
$data->{inFile}),
code => "FILE_DOES_NOT_EXIST");
}
-
+
$data->{data} = SCR->Read(".target.string",$data->{inFile});
if(! defined $data->{data}) {
return $self->SetError(summary => __("Cannot read the request."),
@@ -6565,20 +6667,20 @@
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
-
+
eval {
my $byteBuffer = new LIMAL::ByteBuffer($data->{data}, length($data->{data}));
-
+
if(defined $data->{importFormat} && $data->{importFormat} eq "DER") {
-
- $ret = $ca->importRequestData($byteBuffer,
+
+ $ret = $ca->importRequestData($byteBuffer,
$LIMAL::CaMgm::E_DER);
-
+
} else {
-
- $ret = $ca->importRequestData($byteBuffer,
+
+ $ret = $ca->importRequestData($byteBuffer,
$LIMAL::CaMgm::E_PEM);
-
+
}
};
if($@) {
@@ -6587,7 +6689,7 @@
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
-
+
return $ret;
}
@@ -6598,7 +6700,7 @@
Delete a Request. This function removes also
the private key if one is available.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required)
@@ -6606,7 +6708,7 @@
* request (required)
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error and "1" on success.
@@ -6647,14 +6749,14 @@
code => "PARAM_CHECK_FAILED");
}
$caName = $data->{'caName'};
-
+
if (!defined $data->{'request'}) {
# parameter check failed
return $self->SetError(summary => __("Invalid value for parameter 'request'."),
code => "PARAM_CHECK_FAILED");
}
$req = $data->{'request'};
-
+
my $ca = undef;
eval {
if(defined $data->{'repository'}) {
@@ -6678,17 +6780,17 @@
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
- return 1;
+ return 1;
}
=item *
C<$bool = ImportCA($valueMap)>
-Import a CA certificate and private key and creates a
+Import a CA certificate and private key and creates a
infrastructure.
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required - A name for this CA)
@@ -6722,9 +6824,9 @@
sub ImportCA {
my $self = shift;
my $data = shift;
-
+
my $caName = "";
-
+
if (not defined YaST::caUtils->checkCommonValues($data)) {
return $self->SetError(%{YaST::caUtils->Error()});
}
@@ -6745,7 +6847,7 @@
return $self->SetError(summary => __("Invalid value for parameter 'caKey'."),
code => "PARAM_CHECK_FAILED");
}
-
+
my $size = SCR->Read(".target.size", $data->{caKey});
if ($size <= 0) {
return $self->SetError(summary => sprintf(
@@ -6764,13 +6866,13 @@
my $cert = LIMAL::CaMgm::LocalManagement::readFile($data->{caCertificate});
my $key = LIMAL::CaMgm::LocalManagement::readFile($data->{caKey});
- if( defined $data->{'repository'})
+ if( defined $data->{'repository'})
{
LIMAL::CaMgm::CA::importCA($caName, $cert, $key,
$data->{caPasswd},
$data->{"repository"});
}
- else
+ else
{
LIMAL::CaMgm::CA::importCA($caName, $cert, $key,
$data->{caPasswd});
@@ -6792,7 +6894,7 @@
Delete a Certificate Authority infrastructure
-In I<$valueMap> you can define the following keys:
+In I<$valueMap> you can define the following keys:
* caName (required - A name for this CA)
@@ -6801,8 +6903,8 @@
* force (0/1 default is 0)
Normaly you can only delete a CA if the CA certificate is expired or
-you have never signed a certificate with this CA. In all other cases
-you have to set the force parameter to 1 if you realy want to delete
+you have never signed a certificate with this CA. In all other cases
+you have to set the force parameter to 1 if you realy want to delete
the CA and you know what you are doing.
The return value is "undef" on an error and "1" on success.
@@ -6827,7 +6929,7 @@
sub DeleteCA {
my $self = shift;
my $data = shift;
-
+
my $caName = "";
my $doDelete = 0;
@@ -6848,7 +6950,7 @@
code => "PARAM_CHECK_FAILED");
}
- if(exists $data->{force} &&
+ if(exists $data->{force} &&
defined $data->{force} &&
$data->{force} == 1) {
# force delete
@@ -6861,7 +6963,7 @@
if( defined $data->{'repository'}) {
- LIMAL::CaMgm::CA::deleteCA($caName,
+ LIMAL::CaMgm::CA::deleteCA($caName,
$data->{caPasswd},
$doDelete,
$data->{"repository"});
@@ -6906,7 +7008,7 @@
* issuerAltName
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
EXAMPLE:
@@ -6916,7 +7018,7 @@
my $data = {
'caName' => 'My_CA'
}
- $crlValueMap = YaPI::CaManagement->ReadCRLDefaults($data)
+ $crlValueMap = YaPI::CaManagement->ReadCRLDefaults($data)
if( not defined $crlValueMap ) {
# error
} else {
@@ -6926,7 +7028,7 @@
=cut
BEGIN { $TYPEINFO{ReadCRLDefaults} = [
- "function",
+ "function",
["map", "string", "any"],
["map", "string", "any"]
]; }
@@ -6958,21 +7060,21 @@
eval {
if(defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{'caName'},
+
+ $ca = new LIMAL::CaMgm::CA($data->{'caName'},
$data->{'caPasswd'},
$data->{'repository'});
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'});
-
+
}
-
+
$cgd = $ca->getCRLDefaults();
-
+
my $crlExt = $cgd->getExtensions();
-
+
my $e = YaST::caUtils->extractAuthorityKeyIdentifier($crlExt->getAuthorityKeyIdentifier(),
$ret);
if(!defined $e) {
@@ -7019,7 +7121,7 @@
* issuerAltName
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error and "1" on success.
@@ -7028,7 +7130,7 @@
my $data = {
'caName' => 'My_CA',
- 'days' => '7'
+ 'days' => '7'
};
my $res = YaPI::CaManagement->WriteCRLDefaults($data);
if( not defined $res ) {
@@ -7050,7 +7152,7 @@
if (not defined YaST::caUtils->checkCommonValues($data)) {
return $self->SetError(%{YaST::caUtils->Error()});
}
-
+
# checking requires
if (!defined $data->{"caName"}) {
# parameter check failed
@@ -7058,19 +7160,19 @@
code => "CHECK_PARAM_FAILED");
}
$caName = $data->{"caName"};
-
+
my $ca = undef;
eval {
-
+
if( defined $data->{'repository'}) {
-
- $ca = new LIMAL::CaMgm::CA($data->{"caName"},
+
+ $ca = new LIMAL::CaMgm::CA($data->{"caName"},
$data->{'caPasswd'},
$data->{"repository"});
} else {
-
+
$ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'});
-
+
}
};
if($@) {
@@ -7090,7 +7192,7 @@
}
my $exts = $cgd->getExtensions();
-
+
my $e = YaST::caUtils->transformAuthorityKeyIdentifier($exts,
$data->{'authorityKeyIdentifier'});
if(!defined $e) {
@@ -7106,18 +7208,18 @@
$cgd->setExtensions($exts);
};
if($@) {
-
+
return $self->SetError( summary => __("Modifying CRLGenerationData failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
}
-
+
eval {
$ca->setCRLDefaults($cgd);
};
if($@) {
-
+
return $self->SetError( summary => __("Writing the defaults failed."),
description => YaST::caUtils->exception2String($@),
code => "LIMAL_CALL_FAILED");
@@ -7144,7 +7246,7 @@
* newPasswd
-The syntax of these values are explained in the
+The syntax of these values are explained in the
B<COMMON PARAMETER> section.
The return value is "undef" on an error and "1" on success.
@@ -7195,20 +7297,20 @@
{
$data->{algorithm} = "des3";
}
-
+
my $oldkey = "";
my $keyfilename = "";
-
+
if(defined $certificate && $certificate ne "")
{
my $keyname = "";
-
+
if($certificate =~ /:([0-9a-fA-F-]+)/)
{
$keyname = $1;
}
$keyfilename = "$repos/$caName/keys/$keyname.key";
-
+
if( -e $keyfilename)
{
$oldkey = LIMAL::CaMgm::LocalManagement::readFile($keyfilename);
@@ -7224,7 +7326,7 @@
{
# certificate empty == cpw on the cakey
$keyfilename = "$repos/$caName/cacert.key";
-
+
if( -e $keyfilename)
{
$oldkey = LIMAL::CaMgm::LocalManagement::readFile($keyfilename);
@@ -7236,14 +7338,14 @@
code => "FILE_DOES_NOT_EXIST");
}
}
-
+
$newkey = LIMAL::CaMgm::LocalManagement::rsaConvert($oldkey,
$LIMAL::CaMgm::E_PEM,
$LIMAL::CaMgm::E_PEM,
$data->{oldPasswd},
$data->{newPasswd},
$data->{algorithm});
-
+
LIMAL::CaMgm::LocalManagement::writeFile($newkey,
$keyfilename, 1);
Modified: trunk/ca-management/src/new_cert_read_write.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/new_cert_read_write.ycp?rev=60358&r1=60357&r2=60358&view=diff
==============================================================================
--- trunk/ca-management/src/new_cert_read_write.ycp (original)
+++ trunk/ca-management/src/new_cert_read_write.ycp Thu Jan 14 12:53:46 2010
@@ -125,7 +125,7 @@
if (kind == "Sub CA"
|| kind == "Sub CA Request")
{
- ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA,
+ ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA,
"caPasswd":getPassword(CaMgm::currentCA),
"certType":"ca"]);
y2milestone("ReadCertificateDefaults(%1): %2",
@@ -135,7 +135,7 @@
if (kind == "Server Certificate"
||kind == "Server Request")
{
- ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA,
+ ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA,
"caPasswd":getPassword(CaMgm::currentCA),
"certType":"server"]);
y2milestone("ReadCertificateDefaults(%1): %2",
@@ -145,7 +145,7 @@
if (kind == "Client Certificate"
||kind == "Client Request")
{
- ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA,
+ ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA,
"caPasswd":getPassword(CaMgm::currentCA),
"certType":"client"]);
y2milestone("ReadCertificateDefaults(%1): %2",
@@ -701,7 +701,7 @@
else
{
// Certificates, Sub-CAs, Requests
- map ret = (map) YaPI::CaManagement::ReadCA ($["caName":CaMgm::currentCA,
+ map ret = (map) YaPI::CaManagement::ReadCA ($["caName":CaMgm::currentCA,
"caPasswd":getPassword(CaMgm::currentCA),
"type":"parsed"]);
y2milestone("ReadCA(%1): %2", CaMgm::currentCA, ret);
@@ -758,7 +758,7 @@
param["caPasswd"] = getPassword(CaMgm::currentCA);
//param["notext"] = "1";
foreach(map elem, CaMgm::prop_subject_alt_name_list, {
- CaMgm::adv_subject_alt_name_list = add (CaMgm::adv_subject_alt_name_list, elem);
+ CaMgm::adv_subject_alt_name_list = add (CaMgm::adv_subject_alt_name_list, elem);
});
}
if (kind == "Client Certificate")
@@ -1297,7 +1297,7 @@
// fillup parameters depending on kind
param["caName"] = CaMgm::currentCA;
- // set the real password later.
+ // set the real password later.
param["caPasswd"] = "<was set>";
param["certType"] = kindmap[CaMgm::currentDefault]:"";
@@ -1324,7 +1324,7 @@
{
param["basicConstraints"] = param["basicConstraints"]:"" +
", pathlen:" + tostring(CaMgm::adv_pathlenValue);
- }
+ }
if (CaMgm::adv_cri_nsComment)
{
Modified: trunk/ca-management/src/util.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/util.ycp?rev=60358&r1=60357&r2=60358&view=diff
==============================================================================
--- trunk/ca-management/src/util.ycp (original)
+++ trunk/ca-management/src/util.ycp Thu Jan 14 12:53:46 2010
@@ -11,10 +11,10 @@
textdomain "ca-management";
- import "CaMgm";
+ import "CaMgm";
import "Label";
import "Popup";
- import "Wizard";
+ import "Wizard";
import "Hostname";
import "YaPI::CaManagement";
@@ -51,7 +51,7 @@
{
first = first + 1;
}
-
+
while(last >= 0 && isBlank(substring(str, last, 1)))
{
last = last - 1;
@@ -63,7 +63,7 @@
return "";
}
-
+
/**
* Asking for a existing or new file
* @param flag new file, filter, headline
@@ -74,7 +74,7 @@
string headline) ``{
map display = UI::GetDisplayInfo ();
string ret = "";
-
+
if (SCR::Read (.target.size, "/opt/kde3/bin/kfiledialog") > 0
&& strip (getenv ("KDE_FULL_SESSION")) == "true"
&& !display["TextMode"]:false)
@@ -94,14 +94,14 @@
}
else
{
- ret = UI::AskForExistingFile( ".", filterString, headline );
+ ret = UI::AskForExistingFile( ".", filterString, headline );
}
}
return ret;
}
-
+
/**
* Creates Country items
* @return a list country items formated for a UI table
@@ -118,14 +118,14 @@
country_map, { return v; });
name_list = sort (name_list);
-
+
foreach (string name, name_list, ``{
result = add (result, `item (`id (country_index[name]:""), name ,
CaMgm::country == country_index[name]:"") );
});
return result;
}
-
+
/**
* See RFC 2822, 3.4
@@ -157,7 +157,7 @@
{
title = _("Change CA Password");
}
-
+
// asking user
UI::OpenDialog (`opt(`decorated ),
`HBox( `HSpacing(2),
@@ -175,12 +175,12 @@
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
),
- `VSpacing (1)
+ `VSpacing (1)
),
`HSpacing (2)
)
);
-
+
UI::SetFocus (`id(`oldpw));
symbol ui = nil;
repeat
@@ -228,7 +228,7 @@
if(certificate == "")
{
CaMgm::passwdMap[CAname] = newPassword;
- Popup::Message(_("CA Password changed."));
+ Popup::Message(_("CA Password changed."));
}
else
{
@@ -241,17 +241,17 @@
until (contains ([`ok, `cancel], ui));
UI::CloseDialog ();
}
-
+
/**
* Dialog for asking a CA password. Returns the password
* without asking if is has already input before.
- * @param CAname
+ * @param CAname
* @return string password
*/
define string getPassword(string CAname)``{
string password = nil;
-
+
if (!haskey(CaMgm::passwdMap, CAname))
{
// asking user
@@ -263,13 +263,13 @@
`Heading (_("Enter CA Password")),
`VSpacing (1),
`Password( `id (`entry), `opt(`hstretch), _("&Password:")),
- `VSpacing (1),
+ `VSpacing (1),
`HBox ( // push button label
`PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
),
- `VSpacing (1)
+ `VSpacing (1)
),
`HSpacing (2)
)
@@ -313,13 +313,13 @@
// already available
password = CaMgm::passwdMap[CAname]:"";
}
-
+
return password;
}
/**
* Dialog for exporting CA/Certificate/CRL to LDAP
- *
+ *
* @param "CA" "CRL" "CERT" "subjectAltName"
* @return true ( success )
*/
@@ -336,9 +336,9 @@
y2milestone ("exportToLDAP type: %1; CAname: %2, commonName: %3, email: %4, certificate: %5, subjectAltName: %6",
kind,CAname,commonName,email,certificate,subjectAltName);
-
- passwordTerm = add (passwordTerm, `Password(`id (`password), `opt(`hstretch), _("LDAP P&assword:")));
-
+
+ passwordTerm = add (passwordTerm, `Password(`id (`password), `opt(`hstretch), _("LDAP P&assword:")));
+
if (kind == "CERT")
{
if (size (subjectAltName) > 0)
@@ -355,7 +355,7 @@
"caName":CAname,
"commonName":commonName,
"emailAddress":email]);
- }
+ }
passwordTerm = add (passwordTerm, `Password( `id (`keyPasswd), `opt(`hstretch), _("Certificate &Password:")));
passwordTerm = add (passwordTerm, `HBox(
`Password( `id (`p12Passwd), `opt(`hstretch), _("&New Password:")),
@@ -381,7 +381,7 @@
"commonName":commonName,
"emailAddress":email,
"subjectAltName":subjectAltName],
- messageMap);
+ messageMap);
}
else
{
@@ -389,7 +389,7 @@
$["type":kindmap[kind]:"", "caName":CAname],
messageMap);
}
-
+
if (messageMap["code"]:"" == "LDAP_CONFIG_NEEDED")
{
UI::OpenDialog (`opt(`decorated ),
@@ -403,13 +403,13 @@
")),
`VSpacing (1),
`Password( `id (`password), `opt(`hstretch), _("P&assword:")),
- `VSpacing (1),
+ `VSpacing (1),
`HBox ( // push button label
`PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
),
- `VSpacing (1)
+ `VSpacing (1)
),
`HSpacing (2)
)
@@ -426,7 +426,7 @@
if (YaPI::CaManagement::InitLDAPcaManagement($["ldapPasswd":password]))
{
if (kind == "CERT")
- {
+ {
defaultv = YaPI::CaManagement::ReadLDAPExportDefaults ($["type":kindmap[kind]:"",
"caName":CAname,
"commonName":commonName,
@@ -436,11 +436,11 @@
{
defaultv = YaPI::CaManagement::ReadLDAPExportDefaults ($["type":kindmap[kind]:"",
"caName":CAname]);
- }
+ }
}
else
{
- showErrorCaManagement ();
+ showErrorCaManagement ();
}
}
}
@@ -451,8 +451,8 @@
if (defaultv == nil)
{
- showErrorCaManagement ();
- }
+ showErrorCaManagement ();
+ }
else
{
hostname = defaultv["ldapHostname"]:"";
@@ -462,7 +462,7 @@
}
y2milestone("ReadLDAPExportDefaults() returned %1", defaultv);
-
+
UI::OpenDialog (`opt(`decorated ),
`HBox( `HSpacing(2),
`VBox (
@@ -475,13 +475,13 @@
`HBox (`HWeight (1, `ComboBox( `id (`dn), `opt(`editable), _("&DN:"), dn))),
`TextEntry( `id (`binddn), _("&Bind DN:"), binddn),
passwordTerm,
- `VSpacing (1),
+ `VSpacing (1),
`HBox ( // push button label
`PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
),
- `VSpacing (1)
+ `VSpacing (1)
),
`HSpacing (2)
)
@@ -492,13 +492,13 @@
repeat
{
ui = (symbol) UI::UserInput ();
-
+
password = (string) UI::QueryWidget(`id(`password), `Value);
hostname = (string) UI::QueryWidget(`id(`hostname), `Value);
port = (string) UI::QueryWidget(`id(`port), `Value);
string stringDN = (string) UI::QueryWidget(`id(`dn), `Value);
- binddn = (string) UI::QueryWidget(`id(`binddn), `Value);
-
+ binddn = (string) UI::QueryWidget(`id(`binddn), `Value);
+
if (ui == `cancel)
{
password = nil;
@@ -602,14 +602,18 @@
`Heading (_("Export CA to File")),
`VSpacing (1),
`Frame ( _("Export Format"),
- `RadioButtonGroup(`id(`rb),
+ `RadioButtonGroup(`id(`rb),
`VBox(
`Left(`RadioButton(`id(`PEM_CERT), `opt(`notify),
_("O&nly the Certificate in PEM Format"), true)),
- `Left(`RadioButton(`id(`PEM_CERT_KEY), `opt(`notify),
- _("Ce&rtificate and the Key Unencrypted in PEM Format"))),
- `Left(`RadioButton(`id(`PEM_CERT_ENCKEY), `opt(`notify),
- _("C&ertificate and the Key Encrypted in PEM Format"))),
+ `Left(`RadioButton(`id(`PEM_KEY), `opt(`notify),
+ _("Only the Key &Unencrypted in PEM Format"))),
+ `Left(`RadioButton(`id(`PEM_ENCKEY), `opt(`notify),
+ _("Only the &Key Encrypted in PEM Format"))),
+ `Left(`RadioButton(`id(`PEM_CERT_KEY), `opt(`notify),
+ _("Ce&rtificate and the Key Unencrypted in PEM Format"))),
+ `Left(`RadioButton(`id(`PEM_CERT_ENCKEY), `opt(`notify),
+ _("C&ertificate and the Key Encrypted in PEM Format"))),
`Left(`RadioButton(`id(`DER_CERT), `opt(`notify),
_("&Certificate in DER Format"))),
`Left(`RadioButton(`id(`PKCS12), `opt(`notify),
@@ -622,21 +626,21 @@
`HBox(
`Password( `id (`PK12password), `opt(`hstretch), _("&New Password")),
`Password( `id (`verifyPassword), `opt(`hstretch), _("&Verify Password"))
- ),
- `HBox (
+ ),
+ `HBox (
`HWeight(1, `TextEntry( `id (`filename), _("&File Name:"))),
`VBox(
`Label(""),
`PushButton (`id(`browse), `opt( `notify), Label::BrowseButton())
)
- ),
- `VSpacing (1),
+ ),
+ `VSpacing (1),
`HBox ( // push button label
`PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
),
- `VSpacing (1)
+ `VSpacing (1)
),
`HSpacing (2)
)
@@ -644,41 +648,45 @@
symbol ui = nil;
UI::ChangeWidget (`id (`PK12password), `Enabled, false);
- UI::ChangeWidget (`id (`verifyPassword), `Enabled, false);
+ UI::ChangeWidget (`id (`verifyPassword), `Enabled, false);
repeat
{
ui = (symbol) UI::UserInput ();
map kindmap = $[`PEM_CERT:"PEM_CERT",
- `PEM_CERT_KEY:"PEM_CERT_KEY",
- `PEM_CERT_ENCKEY:"PEM_CERT_ENCKEY",
+ `PEM_KEY:"PEM_KEY",
+ `PEM_ENCKEY:"PEM_ENCKEY",
+ `PEM_CERT_KEY:"PEM_CERT_KEY",
+ `PEM_CERT_ENCKEY:"PEM_CERT_ENCKEY",
`DER_CERT:"DER_CERT",
`PKCS12:"PKCS12",
`PKCS12_CHAIN:"PKCS12_CHAIN"];
-
+
string kind = kindmap[(symbol) UI::QueryWidget(`id(`rb),
`CurrentButton)]:"";
map filtermap = $[`PEM_CERT:"*.pem *.crt *",
- `PEM_CERT_KEY:"*.pem *.crt *",
- `PEM_CERT_ENCKEY:"*.pem *.crt *",
+ `PEM_KEY:"*.pem *.key *",
+ `PEM_ENCKEY:"*.pem *.key *",
+ `PEM_CERT_KEY:"*.pem *.crt *",
+ `PEM_CERT_ENCKEY:"*.pem *.crt *",
`DER_CERT:"*.der *.crt *",
`PKCS12:"*.p12 *.crt *",
`PKCS12_CHAIN:"*.p12 *.crt *"];
-
+
string filterString = filtermap[(symbol) UI::QueryWidget(`id(`rb),
- `CurrentButton)]:"*";
+ `CurrentButton)]:"*";
if (kind == "PKCS12"
|| kind == "PKCS12_CHAIN")
{
UI::ChangeWidget (`id (`PK12password), `Enabled, true);
- UI::ChangeWidget (`id (`verifyPassword), `Enabled, true);
+ UI::ChangeWidget (`id (`verifyPassword), `Enabled, true);
}
else
{
UI::ChangeWidget (`id (`PK12password), `Enabled, false);
- UI::ChangeWidget (`id (`verifyPassword), `Enabled, false);
+ UI::ChangeWidget (`id (`verifyPassword), `Enabled, false);
}
if (ui == `browse)
@@ -689,7 +697,7 @@
UI::ChangeWidget(`id(`filename), `Value, name);
}
}
-
+
if (ui == `ok)
{
// export to file
@@ -701,7 +709,7 @@
Popup::Error(_("New passwords do not match."));
ui = `again;
}
-
+
string filename = (string) UI::QueryWidget(`id(`filename), `Value);
if (size (filename) == 0)
{
@@ -738,7 +746,7 @@
|| ret != "1")
{
showErrorCaManagement ();
- ui = `again;
+ ui = `again;
}
else
{
@@ -749,7 +757,7 @@
}
until (contains ([`ok, `cancel], ui));
UI::CloseDialog ();
- }
+ }
/**
* Dialog for exporting CRL to file
@@ -765,7 +773,7 @@
`Heading (_("Export CRL to File")),
`VSpacing (1),
`Frame ( _("Export Format"),
- `RadioButtonGroup(`id(`rb),
+ `RadioButtonGroup(`id(`rb),
`VBox(
`Left(`RadioButton(`id(`PEM), `opt(`notify),
_("&PEM Format"), true)),
@@ -774,20 +782,20 @@
)
)
),
- `HBox (
+ `HBox (
`HWeight(1, `TextEntry( `id (`filename), _("&File Name:"))),
`VBox(
`Label(""),
`PushButton (`id(`browse), `opt( `notify), Label::BrowseButton())
)
- ),
- `VSpacing (1),
+ ),
+ `VSpacing (1),
`HBox ( // push button label
`PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
),
- `VSpacing (1)
+ `VSpacing (1)
),
`HSpacing (2)
)
@@ -803,10 +811,10 @@
map filtermap = $[`PEM:"*.pem *.crt *",
`DER:"*.der *.crt *"];
-
+
string filterString = filtermap[(symbol) UI::QueryWidget(`id(`rb),
- `CurrentButton)]:"*";
-
+ `CurrentButton)]:"*";
+
string kind = kindmap[(symbol) UI::QueryWidget(`id(`rb),
`CurrentButton)]:"";
@@ -818,7 +826,7 @@
UI::ChangeWidget(`id(`filename), `Value, name);
}
}
-
+
if (ui == `ok)
{
// export to file
@@ -837,7 +845,7 @@
"exportFormat" : kind,
"destinationFile" : filename
]);
-
+
y2milestone ("ExportCRL(%1) return %2", $["caName": CAname,
"exportFormat" : kind,
"destinationFile" : filename
@@ -846,7 +854,7 @@
|| ret != "1")
{
showErrorCaManagement ();
- ui = `again;
+ ui = `again;
}
else
{
@@ -873,12 +881,16 @@
`Heading (_("Export Certificate to File")),
`VSpacing (1),
`Frame ( _("Export Format"),
- `RadioButtonGroup(`id(`rb),
+ `RadioButtonGroup(`id(`rb),
`VBox(
`Left(`RadioButton(`id(`PEM_CERT), `opt(`notify),
_("&Only the Certificate in PEM Format"), true)),
- `Left(`RadioButton(`id(`PEM_CERT_KEY), `opt(`notify),
- _("Ce&rtificate and the Key Unencrypted in PEM Format"))),
+ `Left(`RadioButton(`id(`PEM_KEY), `opt(`notify),
+ _("Only the Key &Unencrypted in PEM Format"))),
+ `Left(`RadioButton(`id(`PEM_ENCKEY), `opt(`notify),
+ _("Only the &Key Encrypted in PEM Format"))),
+ `Left(`RadioButton(`id(`PEM_CERT_KEY), `opt(`notify),
+ _("Ce&rtificate and the Key Unencrypted in PEM Format"))),
`Left(`RadioButton(`id(`PEM_CERT_ENCKEY), `opt(`notify),
_("C&ertificate and the Key Encrypted in PEM Format"))),
`Left(`RadioButton(`id(`DER_CERT), `opt(`notify),
@@ -895,20 +907,20 @@
`Password( `id (`PK12password), `opt(`hstretch), _("&New Password")),
`Password( `id (`verifyPassword), `opt(`hstretch), _("&Verify Password"))
),
- `HBox (
+ `HBox (
`HWeight(1, `TextEntry( `id (`filename), _("&File Name:"))),
`VBox(
`Label(""),
`PushButton (`id(`browse), `opt( `notify), Label::BrowseButton())
)
- ),
- `VSpacing (1),
+ ),
+ `VSpacing (1),
`HBox ( // push button label
`PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
),
- `VSpacing (1)
+ `VSpacing (1)
),
`HSpacing (2)
)
@@ -916,42 +928,46 @@
symbol ui = nil;
UI::ChangeWidget (`id (`PK12password), `Enabled, false);
- UI::ChangeWidget (`id (`verifyPassword), `Enabled, false);
+ UI::ChangeWidget (`id (`verifyPassword), `Enabled, false);
repeat
{
ui = (symbol) UI::UserInput ();
map kindmap = $[`PEM_CERT:"PEM_CERT",
- `PEM_CERT_KEY:"PEM_CERT_KEY",
- `PEM_CERT_ENCKEY:"PEM_CERT_ENCKEY",
+ `PEM_KEY:"PEM_KEY",
+ `PEM_ENCKEY:"PEM_ENCKEY",
+ `PEM_CERT_KEY:"PEM_CERT_KEY",
+ `PEM_CERT_ENCKEY:"PEM_CERT_ENCKEY",
`DER_CERT:"DER_CERT",
`PKCS12:"PKCS12",
`PKCS12_CHAIN:"PKCS12_CHAIN"];
-
+
string kind = kindmap[(symbol) UI::QueryWidget(`id(`rb),
`CurrentButton)]:"";
map filtermap = $[`PEM_CERT:"*.pem *.crt *",
- `PEM_CERT_KEY:"*.pem *.crt *",
- `PEM_CERT_ENCKEY:"*.pem *.crt *",
+ `PEM_KEY:"*.pem *.key *",
+ `PEM_ENCKEY:"*.pem *.key *",
+ `PEM_CERT_KEY:"*.pem *.crt *",
+ `PEM_CERT_ENCKEY:"*.pem *.crt *",
`DER_CERT:"*.der *.crt *",
`PKCS12:"*.p12 *.crt *",
`PKCS12_CHAIN:"*.p12 *.crt *"];
-
+
string filterString = filtermap[(symbol) UI::QueryWidget(`id(`rb),
- `CurrentButton)]:"*";
-
+ `CurrentButton)]:"*";
+
if (kind == "PKCS12"
|| kind == "PKCS12_CHAIN")
{
UI::ChangeWidget (`id (`PK12password), `Enabled, true);
- UI::ChangeWidget (`id (`verifyPassword), `Enabled, true);
+ UI::ChangeWidget (`id (`verifyPassword), `Enabled, true);
}
else
{
UI::ChangeWidget (`id (`PK12password), `Enabled, false);
- UI::ChangeWidget (`id (`verifyPassword), `Enabled, false);
+ UI::ChangeWidget (`id (`verifyPassword), `Enabled, false);
}
if (ui == `browse)
@@ -962,7 +978,7 @@
UI::ChangeWidget(`id(`filename), `Value, name);
}
}
-
+
if (ui == `ok)
{
// export to file
@@ -1041,13 +1057,13 @@
term contents = `VBox (
`VSpacing (1),
- `HBox (
+ `HBox (
`HWeight(1, `TextEntry( `id (`filename), _("&File Name:"))),
`VBox(
`Label(""),
`PushButton (`id(`browse), `opt( `notify), Label::BrowseButton())
)
- ),
+ ),
`VSpacing (1),
`Password( `id (`password), `opt(`hstretch), _("&Password:")),
`VSpacing (1)
@@ -1060,12 +1076,12 @@
// help text 2/3
help_text = help_text +
_("Import a server certificate and correspondenting CA and copy them to a place where other YaST modules look for such a common certificate.");
-
+
// help text 3/3
help_text = help_text + _("<p><b>Password:</b><br>
Certificate password</p>
-");
-
+");
+
Wizard::CreateDialog();
Wizard::SetDesktopIcon("ca-management");
Wizard::SetContents( _("Importing Common Certificate from Disk"), contents,
@@ -1080,7 +1096,7 @@
{
success = false;
ret = UI::UserInput ();
-
+
if (ret == `browse)
{
string name = selectFile (false, "*.p12", "Import from ..." );
@@ -1088,9 +1104,9 @@
{
UI::ChangeWidget(`id(`filename), `Value, name);
}
- ret = `again;
+ ret = `again;
}
-
+
if (ret == `next)
{
// reading certificate from disk
@@ -1103,14 +1119,14 @@
else
{
password = (string) UI::QueryWidget (`id(`password), `Value);
-
+
UI::BusyCursor();
UI::OpenDialog(`VBox(`Label(_("Importing certificate..."))));
-
+
boolean yapiret = (boolean) YaPI::CaManagement::ImportCommonServerCertificate ($["passwd" : password,
"inFile" : filename]);
y2milestone ("ImportCommonServerCertificate(%1) return %2",
- filename,
+ filename,
yapiret);
if (yapiret == nil
|| !yapiret)
@@ -1122,8 +1138,8 @@
{
Popup::Message(_("Certificate has been imported."));
success = true;
- }
- UI::CloseDialog ();
+ }
+ UI::CloseDialog ();
}
}
}
@@ -1140,12 +1156,12 @@
* @return success
*/
define boolean exportCommonServerCertificate (string CAname, string certificate, string commonName) ``{
-
+
boolean success = false;
boolean check = YaPI::CaManagement::Verify ($["caName": CAname,
"caPasswd":getPassword(CAname),
"certificate" : certificate,
- "disableCRLcheck" : "1",
+ "disableCRLcheck" : "1",
"purpose" : "sslserver"
]);
// Checking, if the certificate is a server certificate
@@ -1161,7 +1177,7 @@
return true;
}
}
-
+
// evaluate if the common name of the server certificate is the hostname
map retmap = (map) SCR::Execute (.target.bash_output,
"/bin/hostname --long",
@@ -1169,7 +1185,7 @@
y2milestone("Hostname :%1", retmap);
if (commonName != strip(retmap["stdout"]:""))
{
- string errorString = sformat ( _("The common name of the certificate (%1) is not the name of
+ string errorString = sformat ( _("The common name of the certificate (%1) is not the name of
the server (%2).
This certificate might be not practical as a common server certificate.
"),
@@ -1177,7 +1193,7 @@
strip(retmap["stdout"]:""));
Popup::Warning (errorString);
}
-
+
UI::OpenDialog (`opt(`decorated ),
`HBox( `HSpacing(2),
`VBox (
@@ -1192,7 +1208,7 @@
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
),
- `VSpacing (1)
+ `VSpacing (1)
),
`HSpacing (2)
)
@@ -1209,7 +1225,7 @@
UI::BusyCursor();
UI::OpenDialog(`VBox(`Label(_("Exporting certificate..."))));
string filename = (string) SCR::Read (.target.tmpdir) + "/commonCertificate";
-
+
string ret = (string) YaPI::CaManagement::ExportCertificate ($["caName": CAname,
"caPasswd" : getPassword (CAname),
"certificate" : certificate,
@@ -1235,7 +1251,7 @@
boolean yapiret = (boolean) YaPI::CaManagement::ImportCommonServerCertificate ($["passwd" : password,
"inFile" : filename]);
y2milestone ("ImportCommonServerCertificate(%1) return %2",
- filename,
+ filename,
yapiret);
if (yapiret == nil
|| !yapiret)
@@ -1247,14 +1263,14 @@
{
Popup::Message(_("Certificate has been written as common server certificate."));
success = true;
- }
+ }
}
- UI::CloseDialog ();
+ UI::CloseDialog ();
}
- }
+ }
until (contains ([`ok, `cancel], ui));
- UI::CloseDialog ();
-
+ UI::CloseDialog ();
+
return success;
}
@@ -1273,7 +1289,7 @@
`VSpacing (1),
`Heading (_("Import Request from Disk")),
`VSpacing (1),
- `HBox (
+ `HBox (
`HWeight(2, `TextEntry( `id (`filename), _("&File Name:"))),
`HWeight(1,`VBox(
`Label(""),
@@ -1281,12 +1297,12 @@
)
)
),
- `VSpacing (1),
+ `VSpacing (1),
`HBox ( // push button label
`PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
- ),
+ ),
`VSpacing (1)
)
)
@@ -1300,7 +1316,7 @@
{
success = false;
ret = UI::UserInput ();
-
+
if (ret == `browse)
{
string name = selectFile ( false, "*.pem *.req *.csr *.der", "Import from ..." );
@@ -1308,9 +1324,9 @@
{
UI::ChangeWidget(`id(`filename), `Value, name);
}
- ret = `again;
+ ret = `again;
}
-
+
if (ret == `ok)
{
// reading certificate from disk
@@ -1343,13 +1359,13 @@
{
UI::BusyCursor();
UI::OpenDialog(`VBox(`Label(_("Importing request..."))));
-
+
string yapiret = (string) YaPI::CaManagement::ImportRequest ($["caName" : CaName,
"caPasswd":getPassword(CaName),
"inFile" : filename,
"importFormat" : extention]);
y2milestone ("ImportRequest(%1) return %2",
- filename,
+ filename,
yapiret);
if (yapiret == nil)
{
@@ -1360,13 +1376,13 @@
{
Popup::Message(_("Request has been imported."));
success = true;
- }
+ }
UI::CloseDialog ();
}
}
}
}
- UI::CloseDialog ();
+ UI::CloseDialog ();
return success;
}
@@ -1384,7 +1400,7 @@
`VSpacing (1),
`Heading (_("Import CA from Disk")),
`TextEntry( `id (`caName), _("&CA Name:")),
- `HBox (
+ `HBox (
`HWeight(2, `TextEntry( `id (`pathCert), _("&Path of CA Certificate"))),
`HWeight(1,`VBox(
`Label(""),
@@ -1392,21 +1408,21 @@
)
)
),
- `HBox (
+ `HBox (
`HWeight(2, `TextEntry( `id (`pathKey), _("&Path of Key"))),
`HWeight(1,`VBox(
`Label(""),
`PushButton (`id(`browseKey), `opt( `notify), Label::BrowseButton())
)
)
- ),
+ ),
`Password( `id (`passKey), `opt(`hstretch),_("&Key Password")),
- `VSpacing (1),
+ `VSpacing (1),
`HBox ( // push button label
`PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
`HStretch(),
`PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
- ),
+ ),
`VSpacing (1)
)
)
@@ -1420,7 +1436,7 @@
{
success = false;
ret = UI::UserInput ();
-
+
if (ret == `browseCert)
{
string name = selectFile (false, "*.pem *.crt", "Import from ..." );
@@ -1428,9 +1444,9 @@
{
UI::ChangeWidget(`id(`pathCert), `Value, name);
}
- ret = `again;
+ ret = `again;
}
-
+
if (ret == `browseKey)
{
string name = selectFile (false, "*.pem *.key", "Import from ..." );
@@ -1438,13 +1454,13 @@
{
UI::ChangeWidget(`id(`pathKey), `Value, name);
}
- ret = `again;
- }
-
+ ret = `again;
+ }
+
if (ret == `ok)
{
// reading CA from disk
-
+
string caCertificate = (string) UI::QueryWidget(`id(`pathCert), `Value);
string caKey = (string) UI::QueryWidget(`id(`pathKey), `Value);
string caPasswd = (string) UI::QueryWidget(`id(`passKey), `Value);
@@ -1472,12 +1488,12 @@
Popup::Error(_("CA name required."));
ret = `again;
}
-
+
if (ret == `ok)
{
UI::BusyCursor();
UI::OpenDialog(`VBox(`Label(_("Importing request..."))));
-
+
boolean yapiret = (boolean) YaPI::CaManagement::ImportCA ($["caName" : caName,
"caCertificate" : caCertificate,
"caKey" : caKey,
@@ -1503,7 +1519,7 @@
}
}
}
- UI::CloseDialog ();
+ UI::CloseDialog ();
return success;
}
@@ -1511,7 +1527,7 @@
define map getHostIPs () ``{
map ret = $[];
-
+
list <string> ip_addresses = splitstring(
((map)SCR::Execute(.target.bash_output, "ip -f inet -o addr show scope global | awk '{print $4}' | awk -F \/ '{print $1}' | tr '\n' ','"))["stdout"]:"", ",") ;
@@ -1530,11 +1546,11 @@
{
// add the IP address
ret[ip] = "IP";
-
+
// first ask the DNS server about the name for this IP address
list<string> hostnames = splitstring(
((map)SCR::Execute(.target.bash_output, sformat("dig +noall +answer +time=2 +tries=1 -x %1 | awk '{print $5}' | sed 's/\.$//'| tr '\n' '|'", ip)))["stdout"]:"", "|");
-
+
boolean found = false;
foreach(string hname, hostnames, {
if(hname != "" && findfirstof(hname, ".") != nil)
@@ -1549,7 +1565,7 @@
{
list<string> hostnames = splitstring(
((map)SCR::Execute(.target.bash_output, sformat("getent hosts %1 | awk '{print $2}' | sed 's/\.$//'| tr '\n' '|'", ip)))["stdout"]:"", "|");
-
+
foreach(string hname, hostnames, {
if(hname != "" && findfirstof(hname, ".") != nil)
{
@@ -1561,9 +1577,9 @@
}
});
y2milestone("getHostIPs return: %1", ret);
- return ret;
+ return ret;
}
-
+
// EOF
}
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org