Author: mcalmer
Date: Wed Jul 2 17:48:42 2008
New Revision: 48787
URL: http://svn.opensuse.org/viewcvs/yast?rev=48787&view=rev
Log:
implement change password (FATE#300161)
Modified:
trunk/ca-management/package/yast2-ca-management.changes
trunk/ca-management/src/YaPI/CaManagement.pm
trunk/ca-management/src/ca.ycp
trunk/ca-management/src/certificate.ycp
trunk/ca-management/src/request.ycp
trunk/ca-management/src/util.ycp
Modified: trunk/ca-management/package/yast2-ca-management.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/package/yast2-ca-management.changes?rev=48787&r1=48786&r2=48787&view=diff
==============================================================================
--- trunk/ca-management/package/yast2-ca-management.changes (original)
+++ trunk/ca-management/package/yast2-ca-management.changes Wed Jul 2 17:48:42 2008
@@ -3,6 +3,7 @@
- provide a checkbox for using CA password as Certificate password
(FATE#2612)
+- implement change password (FATE#300161)
-------------------------------------------------------------------
Mon Jun 30 17:45:35 CEST 2008 - mc@suse.de
Modified: trunk/ca-management/src/YaPI/CaManagement.pm
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/YaPI/CaManagement.pm?rev=48787&r1=48786&r2=48787&view=diff
==============================================================================
--- trunk/ca-management/src/YaPI/CaManagement.pm (original)
+++ trunk/ca-management/src/YaPI/CaManagement.pm Wed Jul 2 17:48:42 2008
@@ -198,6 +198,9 @@
Write the default values for creating a CRL.
+$bool = ChangePassword($valueMap)
+
+ Change the password of the private key
=head1 COMMON PARAMETER
@@ -7123,5 +7126,138 @@
return 1;
}
+
+=item *
+C<$bool = ChangePassword($valueMap)>
+
+Change the password of a keyfile.
+
+In I<$valueMap> you can define the following keys:
+
+* caName (required)
+
+* certificate (if empty, the cakey will be changed)
+
+* algorithm (the encryption algorithm, default des3)
+
+* oldPasswd
+
+* newPasswd
+
+The syntax of these values are explained in the
+B<COMMON PARAMETER> section.
+
+The return value is "undef" on an error and "1" on success.
+
+EXAMPLE:
+
+ my $data = {
+ 'caName' => 'My_CA',
+ 'certificate' => $certName,
+ 'oldPasswd' => "old password",
+ 'newPasswd' => "new password"
+ };
+ my $res = YaPI::CaManagement->ChangePassword($data);
+ if( not defined $res ) {
+ # error
+ } else {
+ print "OK\n";
+ }
+ }
+
+=cut
+
+BEGIN { $TYPEINFO{ChangePassword} = ["function", "boolean", ["map", "string", "any"]]; }
+sub ChangePassword {
+ my $self = shift;
+ my $data = shift;
+ my $caName = "";
+ my $ret = undef;
+
+ # checking requires
+ if (!defined $data->{"caName"}) {
+ # parameter check failed
+ return $self->SetError( summary => __("Missing value 'caName'."),
+ code => "CHECK_PARAM_FAILED");
+ }
+ $caName = $data->{"caName"};
+
+ my $certificate = $data->{"certificate"};
+
+ my $newkey = undef;
+ eval {
+
+ my $repos = "$CAM_ROOT";
+ if(defined $data->{repository}) {
+ $repos = $data->{repository};
+ }
+ if ( ! exists $data->{algorithm} || !defined $data->{algorithm} || $data->{algorithm} eq "")
+ {
+ $data->{algorithm} = "des3";
+ }
+
+ my $oldkey = "";
+ my $keyfilename = "";
+
+ if(defined $certificate && $certificate ne "")
+ {
+ my $keyname = "";
+
+ if($certificate =~ /:([0-9a-fA-F-]+)/)
+ {
+ $keyname = $1;
+ }
+ $keyfilename = "$repos/$caName/keys/$keyname.key";
+
+ if( -e $keyfilename)
+ {
+ $oldkey = LIMAL::CaMgm::LocalManagement::readFile($keyfilename);
+ }
+ else
+ {
+ return $self->SetError( summary => __("Keyfile does not exist."),
+ description => "$keyfilename no such file or directory.",
+ code => "FILE_DOES_NOT_EXIST");
+ }
+ }
+ else
+ {
+ # certificate empty == cpw on the cakey
+ $keyfilename = "$repos/$caName/cacert.key";
+
+ if( -e $keyfilename)
+ {
+ $oldkey = LIMAL::CaMgm::LocalManagement::readFile($keyfilename);
+ }
+ else
+ {
+ return $self->SetError( summary => __("Keyfile does not exist."),
+ description => "$keyfilename no such file or directory.",
+ code => "FILE_DOES_NOT_EXIST");
+ }
+ }
+
+ $newkey = LIMAL::CaMgm::LocalManagement::rsaConvert($oldkey,
+ $LIMAL::CaMgm::E_PEM,
+ $LIMAL::CaMgm::E_PEM,
+ $data->{oldPasswd},
+ $data->{newPasswd},
+ $data->{algorithm});
+
+ LIMAL::CaMgm::LocalManagement::writeFile($newkey,
+ $keyfilename, 1);
+
+ };
+ if($@) {
+
+ return $self->SetError( summary => __("Password change failed."),
+ description => YaST::caUtils->exception2String($@),
+ code => "LIMAL_CALL_FAILED");
+ }
+ return 1;
+}
+
+
+
1;
Modified: trunk/ca-management/src/ca.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/ca.ycp?rev=48787&r1=48786&r2=48787&view=diff
==============================================================================
--- trunk/ca-management/src/ca.ycp (original)
+++ trunk/ca-management/src/ca.ycp Wed Jul 2 17:48:42 2008
@@ -211,6 +211,7 @@
`Right (`MenuButton( _("&Advanced..."),
[
`item(`id(`information), _("&View") ),
+ `item(`id(`cacpw), _("&Change CA Password")),
`item(`id(`createSubCA), _("C&reate SubCA")),
`item(`id(`exportFile), _("Export to &File")),
`item(`id(`exportLDAP), _("Export to &LDAP")),
@@ -240,6 +241,10 @@
{
showLongDescriptionCA (CaMgm::currentCA);
}
+ if (ret == `cacpw)
+ {
+ changePassword(CaMgm::currentCA, "");
+ }
if (ret == `exportLDAP)
{
exportToLDAP ("CA", CaMgm::currentCA, "", "", "", "");
Modified: trunk/ca-management/src/certificate.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/certificate.ycp?rev=48787&r1=48786&r2=48787&view=diff
==============================================================================
--- trunk/ca-management/src/certificate.ycp (original)
+++ trunk/ca-management/src/certificate.ycp Wed Jul 2 17:48:42 2008
@@ -349,7 +349,8 @@
`item(`id(`addClientCerti), _("Add Client Certificate") )
]
),
- `PushButton (`id (`view) , _("&View")),
+ `PushButton (`id (`view) , _("&View")),
+ `PushButton (`id (`certcpw), _("&Change Password") ),
`PushButton (`id (`revoke) , _("&Revoke")),
`PushButton (`id (`delete) , _("&Delete")),
`HStretch(),
@@ -376,6 +377,7 @@
UI::ChangeWidget (`id (`delete), `Enabled, anyitems);
UI::ChangeWidget (`id (`revoke), `Enabled, anyitems);
UI::ChangeWidget (`id (`view), `Enabled, anyitems);
+ UI::ChangeWidget (`id (`certcpw), `Enabled, anyitems);
UI::ChangeWidget (`id (`export), `Enabled, anyitems);
integer id = (integer) UI::QueryWidget (`id (`table), `CurrentItem);
@@ -411,7 +413,7 @@
{
currentSubjectAltName = currentSubjectAltName + "," + entry;
}
- });
+ });
}
else
{
@@ -434,9 +436,12 @@
if (ui == `view)
{
showLongCertDescription (CaMgm::currentCA,
- CaMgm::currentCertificate);
+ CaMgm::currentCertificate);
}
-
+ if(ui == `certcpw)
+ {
+ changePassword(CaMgm::currentCA, CaMgm::currentCertificate);
+ }
if (ui == `delete)
{
if (Popup::ContinueCancelHeadline (_("Delete"), _("Delete current certificate?")))
Modified: trunk/ca-management/src/request.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/request.ycp?rev=48787&r1=48786&r2=48787&view=diff
==============================================================================
--- trunk/ca-management/src/request.ycp (original)
+++ trunk/ca-management/src/request.ycp Wed Jul 2 17:48:42 2008
@@ -304,16 +304,17 @@
),
`HStretch(),
`MenuButton(`id(`request),
- _("Request"),
- [
- `item(`id(`view), _("View") ),
+ _("&Request"),
+ [
+ `item(`id(`view), _("&View") ),
+ `item(`id(`reqcpw), _("&Change Password") ),
`menu( _("Sign"),
[
`item(`id(`signClient), _("As Client Certificate") ),
`item(`id(`signServer), _("As Server Certificate") ),
`item(`id(`signCA), _("As CA Certificate") )
]),
- `item(`id(`delete), _("Delete") ) //,
+ `item(`id(`delete), _("&Delete") ) //,
//`item(`id(`exportFile), _("Export to File") )
]
),
@@ -367,7 +368,11 @@
showLongRequestDescription (CaMgm::currentCA,
CaMgm::currentRequest);
}
-
+ if(ui == `reqcpw)
+ {
+ // we need to fake a certificate name
+ changePassword(CaMgm::currentCA, "00:"+CaMgm::currentRequest);
+ }
if (ui == `delete)
{
if (Popup::ContinueCancelHeadline (_("Delete"), _("Delete current request?")))
Modified: trunk/ca-management/src/util.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/util.ycp?rev=48787&r1=48786&r2=48787&view=diff
==============================================================================
--- trunk/ca-management/src/util.ycp (original)
+++ trunk/ca-management/src/util.ycp Wed Jul 2 17:48:42 2008
@@ -161,6 +161,101 @@
Hostname::CheckDomain (parts[1]:"");
}
+ /**
+ * Change password Dialog
+ *
+ */
+ define boolean changePassword(string CAname, string certificate)``{
+
+ string title = _("Change Certificate Password");
+ if(certificate == "")
+ {
+ title = _("Change CA Password");
+ }
+
+ // asking user
+ UI::OpenDialog (`opt(`decorated ),
+ `HBox( `HSpacing(2),
+ `VBox (
+ `VSpacing (1),
+ // popup window header
+ `Heading (title),
+ `VSpacing (1),
+ `Password( `id (`oldpw), `opt(`hstretch), _("&Old Password:")),
+ `VSpacing (1),
+ `Password( `id (`newpw), `opt(`hstretch), _("&New Password:")),
+ `Password( `id (`verifynewpw), `opt(`hstretch), _("&Verify Password:")),
+ `HBox ( // push button label
+ `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()),
+ `HStretch(),
+ `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton())
+ ),
+ `VSpacing (1)
+ ),
+ `HSpacing (2)
+ )
+ );
+
+ UI::SetFocus (`id(`oldpw));
+ symbol ui = nil;
+ repeat
+ {
+ ui = (symbol) UI::UserInput ();
+
+ if (ui == `ok)
+ {
+ string oldPassword = (string) UI::QueryWidget(`id(`oldpw), `Value);
+ string newPassword = (string) UI::QueryWidget(`id(`newpw), `Value);
+ string verifyPassword = (string) UI::QueryWidget(`id(`verifynewpw), `Value);
+
+ // checking password
+
+ if(newPassword != verifyPassword)
+ {
+ Popup::Error(_("New passwords do not match."));
+ ui = `again;
+ }
+ else if ( size(newPassword) < 4)
+ {
+ Popup::Error(_("The new password is too short for use as the password for the certificates.
+ Enter a valid password for the certificates.
+"));
+ ui = `again;
+ }
+ else
+ {
+ y2milestone("Change password for '%1' '%2'", CAname, certificate);
+ map