Hi all,

please review the patch for webUI which adds SAN names into 'Issue new certificate' dialog. The SAN names are mentioned only in dialogs for requesting for host and service certificate, according to the design page: http://www.freeipa.org/page/V4/RFC_2818_certificate_compliance . I'm not sure whether this change provides enough information. If you think that we should add more information to these dialogs or even extend also dialog on Authentication -> Certificates page, just let me know.


--
Pavel^3 Vomacka
From a711b4ff8628d5c097145f6afbb78d75a14a970b Mon Sep 17 00:00:00 2001
From: Pavel Vomacka <pvoma...@redhat.com>
Date: Mon, 25 Apr 2016 09:38:30 +0200
Subject: [PATCH] Extend the certificate request dialog

The command for requesting certificate for hosts and services is extended.
There is added how to add DNS name as subjectAltName.

https://fedorahosted.org/freeipa/ticket/5645
---
 install/ui/src/freeipa/certificate.js | 9 +++++++++
 install/ui/test/data/ipa_init.json    | 3 ++-
 ipalib/plugins/internal.py            | 3 ++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js
index ae05ebb3d45974cd1df50c16e19d0ab9fd27a19b..c9e65dd81224d0119c1d9775382fdc885bc15438 100755
--- a/install/ui/src/freeipa/certificate.js
+++ b/install/ui/src/freeipa/certificate.js
@@ -716,10 +716,19 @@ IPA.cert.request_action = function(spec) {
         }
 
         var request_message = text.get('@i18n:objects.cert.request_message');
+        var ext;
+        if (facet.entity.name === 'service' || facet.entity.name === 'host') {
+            ext = text.get('@i18n:objects.cert.request_message_san');
+        }
+        else {
+            ext = '';
+        }
+        request_message = request_message.replace(/\$\{san\}/g, ext);
         request_message = request_message.replace(/\$\{cn_name\}/g, cn_name);
         request_message = request_message.replace(/\$\{cn\}/g, cn);
         request_message = request_message.replace(/\$\{realm\}/g, IPA.env.realm);
 
+
         var dialog = IPA.cert.request_dialog({
             title: title,
             message: request_message,
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 1b9b69ff909a9668c1e1867008459d25d5e062a9..5fe3680cc9ae439e616242eb3ccdd23429d7c848 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -261,7 +261,8 @@
                             "privilege_withdrawn": "Privilege Withdrawn",
                             "reason": "Reason for Revocation",
                             "remove_from_crl": "Remove from CRL",
-                            "request_message": "<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>",
+                            "request_message": "<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'${san}</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>",
+                            "request_message_san": " -8 '${cn}'",
                             "requested": "Certificate requested",
                             "restore_certificate": "Restore Certificate for ${entity} ${primary_key}",
                             "restore_certificate_simple": "Restore Certificate",
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index 54871f76de99d92f0f23129b4d636cc4fccfbb8b..aa288788071994d4febea15f7827b737f9c28458 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -405,7 +405,8 @@ class i18n_messages(Command):
                 "privilege_withdrawn": _("Privilege Withdrawn"),
                 "reason": _("Reason for Revocation"),
                 "remove_from_crl": _("Remove from CRL"),
-                "request_message": _("<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>"),
+                "request_message": _("<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'${san}</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>"),
+                "request_message_san": _(" -8 '${cn}'"),
                 "requested": _("Certificate requested"),
                 "restore_certificate": _("Restore Certificate for ${entity} ${primary_key}"),
                 "restore_certificate_simple": _("Restore Certificate"),
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to