Hello,

please review these new patches which add WebUI for Sub-CAs.

https://fedorahosted.org/freeipa/ticket/5939

--
Pavel^3 Vomacka
From e76324180aa9518a93867fd6c9daa50a8fa79c1f Mon Sep 17 00:00:00 2001
From: Pavel Vomacka <pvoma...@redhat.com>
Date: Fri, 10 Jun 2016 16:12:45 +0200
Subject: [PATCH 1/3] Add new webui plugin - ca

Whole new entity for CAs.

https://fedorahosted.org/freeipa/ticket/5939
---
 install/ui/src/freeipa/app.js                  |  1 +
 install/ui/src/freeipa/navigation/menu_spec.js |  5 ++
 install/ui/src/freeipa/plugins/ca.js           | 92 ++++++++++++++++++++++++++
 install/ui/test/data/ipa_init.json             |  3 +
 ipaserver/plugins/internal.py                  |  3 +
 5 files changed, 104 insertions(+)
 create mode 100644 install/ui/src/freeipa/plugins/ca.js

diff --git a/install/ui/src/freeipa/app.js b/install/ui/src/freeipa/app.js
index daf17b7ba021d3db8288f2de89a8ae4814172a70..4eb045d7a989bdfee29cef670770d285701ae875 100644
--- a/install/ui/src/freeipa/app.js
+++ b/install/ui/src/freeipa/app.js
@@ -29,6 +29,7 @@ define([
     './aci',
     './automember',
     './automount',
+    './plugins/ca',
     './plugins/caacl',
     './plugins/certprofile',
     './dns',
diff --git a/install/ui/src/freeipa/navigation/menu_spec.js b/install/ui/src/freeipa/navigation/menu_spec.js
index 0afc7daceb725cee5677982c68c09d1666d42885..97a03527e94ba2ae21d70e0170b91efc81b155a4 100644
--- a/install/ui/src/freeipa/navigation/menu_spec.js
+++ b/install/ui/src/freeipa/navigation/menu_spec.js
@@ -142,6 +142,11 @@ var nav = {};
                             entity: 'caacl',
                             facet: 'search',
                             hidden: true
+                        },
+                        {
+                            entity: 'ca',
+                            facet: 'search',
+                            hidden: true
                         }
                     ]
                 },
diff --git a/install/ui/src/freeipa/plugins/ca.js b/install/ui/src/freeipa/plugins/ca.js
new file mode 100644
index 0000000000000000000000000000000000000000..14eccef5b797fd6aa8441dc0b0397159dc92f2c8
--- /dev/null
+++ b/install/ui/src/freeipa/plugins/ca.js
@@ -0,0 +1,92 @@
+//
+// Copyright (C) 2016  FreeIPA Contributors see COPYING for license
+//
+
+define([
+    '../ipa',
+    '../jquery',
+    '../phases',
+    '../reg',
+    '../certificate'
+],
+function(IPA, $, phases, reg, cert) {
+
+/**
+ * ca module
+ * @class plugins.ca
+ * @singleton
+ */
+ var ca = IPA.ca = {};
+
+ var make_ca_spec = function() {
+     var spec = {
+         name: 'ca',
+         facets: [
+             {
+                 $type: 'search',
+                 disable_facet_tabs: false,
+                 tabs_in_sidebar: true,
+                 tab_label: '@mo:ca.label',
+                 facet_groups: [cert.facet_group],
+                 facet_group: 'certificates',
+                 columns: [
+                     'cn',
+                     {
+                        label: '@i18n:objects.ca.subject_dn',
+                        name: 'dn'
+                     },
+                     'description'
+                 ]
+             },
+             {
+                 $type: 'details',
+                 disable_facet_tabs: true,
+                 fields: [
+                     'cn',
+                     'description',
+                     'dn',
+                     'ipacaid',
+                     'ipacaissuerdn',
+                     'ipacasubjectdn'
+                 ]
+             }
+         ],
+         adder_dialog: {
+             fields: [
+                 {
+                     $type: 'text',
+                     name: 'cn',
+                     required: true
+                 },
+                 'ipacasubjectdn',
+                 {
+                     $type: 'textarea',
+                     name: 'description'
+                 }
+             ]
+         }
+     };
+
+     return spec;
+ };
+
+ /**
+  * CA entity specification object
+  * @member plugins.ca
+  */
+ca.ca_spec = make_ca_spec();
+
+/**
+ * Register entity
+ * @member plugins.ca
+ */
+ca.register = function() {
+    var e = reg.entity;
+
+    e.register({type: 'ca', spec: ca.ca_spec});
+};
+
+phases.on('registration', ca.register);
+
+return ca;
+});
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 4ccf49f889f57eb28f11d8ebe701fac47d166879..d34e1f5fcb3c2af2751560d0c94b5e0efc497c63 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -213,6 +213,9 @@
                             "indirect": "Indirect",
                             "map_type": "Map Type"
                         },
+                        "ca": {
+                            "subject_dn": "Subject DN"
+                        },
                         "caacl": {
                             "any_host": "Any Host",
                             "any_service": "Any Service",
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
index 4804f64a0191a8f00f613fbc4d7fd86d7c73775f..5ca3a75da5d956d4202c20045afcf5737dc32c10 100644
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@@ -350,6 +350,9 @@ class i18n_messages(Command):
                 "direct": _("Direct"),
                 "indirect": _("Indirect"),
             },
+            "ca": {
+                "subject_dn": _("Subject DN"),
+            },
             "caacl": {
                 "any_host": _("Any Host"),
                 "any_service": _("Any Service"),
-- 
2.5.5

From 9fb0e0df97498d5dbde5504caf6e12159b1ea644 Mon Sep 17 00:00:00 2001
From: Pavel Vomacka <pvoma...@redhat.com>
Date: Fri, 10 Jun 2016 16:15:07 +0200
Subject: [PATCH 2/3] Extend certificate entity page

Add field for choosing CA when issuing new certificate. Add new item to action menu
on cert details page which allows user to download the certificate as file.

Part of: https://fedorahosted.org/freeipa/ticket/5939
---
 install/ui/src/freeipa/certificate.js | 77 ++++++++++++++++++++++++++++++++---
 install/ui/test/data/ipa_init.json    |  2 +
 ipaserver/plugins/internal.py         |  2 +
 3 files changed, 76 insertions(+), 5 deletions(-)

diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js
index d03be205690b339e9ae56985ed0508df06ad1887..341c53e27902d20bc00e30b3910ce1c7fecf80ea 100755
--- a/install/ui/src/freeipa/certificate.js
+++ b/install/ui/src/freeipa/certificate.js
@@ -38,6 +38,8 @@ define([
 
 var exp = IPA.cert = {};
 
+IPA.cert.TOPLEVEL_CA = 'ipa';
+
 IPA.cert.BEGIN_CERTIFICATE = '-----BEGIN CERTIFICATE-----';
 IPA.cert.END_CERTIFICATE   = '-----END CERTIFICATE-----';
 
@@ -446,6 +448,14 @@ IPA.cert.request_dialog = function(spec) {
     section0.fields.push(
         {
             $type: 'entity_select',
+            name: 'cacn',
+            label: '@i18n:objects.cert.ca',
+            other_entity: 'ca',
+            other_field: 'cn',
+            required: true
+        },
+        {
+            $type: 'entity_select',
             name: 'profile_id',
             other_entity: 'certprofile',
             other_field: 'cn',
@@ -494,6 +504,11 @@ IPA.cert.request_dialog = function(spec) {
         }
     });
 
+    that.open = function() {
+        that.dialog_open();
+        that.get_field('cacn').set_value([IPA.cert.TOPLEVEL_CA]); //FIXME
+    };
+
     return that;
 };
 
@@ -681,6 +696,51 @@ IPA.cert.get_action = function(spec) {
     return that;
 };
 
+IPA.cert.create_data_uri = function(certificate) {
+    if (typeof certificate !== 'string') return '';
+
+    var format = 'data:,';
+    var uri_new_line = '%0A';
+
+    var data_uri = IPA.cert.pem_format_base64(certificate);
+    data_uri = IPA.cert.pem_cert_format(data_uri);
+    data_uri = format + data_uri.replace(/\n/g, uri_new_line);
+
+    return data_uri;
+};
+
+IPA.cert.perform_download = function(data_uri) {
+    var a = document.createElement("a");
+    // Adding own click function as workaround for Firefox
+    a.click = function() {
+        var evt = this.ownerDocument.createEvent('MouseEvents');
+        evt.initMouseEvent('click', true, true, this.ownerDocument.defaultView,
+            1, 0, 0, 0, 0, false, false, false, false, 0, null);
+        this.dispatchEvent(evt);
+    };
+    a.download = 'cert.pem';
+    a.href = data_uri;
+
+    a.click();
+};
+
+IPA.cert.download_action = function(spec) {
+    spec = spec || {};
+    spec.name = spec.name || 'download_cert';
+    spec.label = spec.label || '@i18n:objects.cert.download';
+
+    var that = IPA.action(spec);
+
+    that.execute_action = function(facet) {
+        if (!facet.certificate) return;
+
+        var data_uri = IPA.cert.create_data_uri(facet.certificate.certificate);
+        IPA.cert.perform_download(data_uri);
+    };
+
+    return that;
+};
+
 IPA.cert.request_action = function(spec) {
 
     spec = spec || {};
@@ -736,7 +796,8 @@ IPA.cert.request_action = function(spec) {
             request: function(values) {
 
                 var options = {
-                    'principal': entity_principal
+                    'principal': entity_principal,
+                    'cacn': values.cacn[0]
                 };
                 if (values.profile_id) options.profile_id = values.profile_id[0];
                 if (values.principal) options.principal = values.principal[0];
@@ -1212,7 +1273,8 @@ exp.facet_group = {
     facets: {
         certificates: 'cert_search',
         profiles: 'certprofile_search',
-        acls: 'caacl_search'
+        acls: 'caacl_search',
+        ca_search: 'ca_search'
     }
 };
 
@@ -1345,14 +1407,15 @@ return {
             disable_facet_tabs: true,
             actions: [
                 'cert_revoke',
-                'cert_remove_hold'
+                'cert_remove_hold',
+                'download_cert'
             ],
             state: {
                 evaluators: [
                     IPA.cert.certificate_evaluator
                 ]
             },
-            header_actions: ['revoke_cert', 'remove_hold_cert'],
+            header_actions: ['revoke_cert', 'remove_hold_cert', 'download_cert'],
             sections: [
                 {
                     name: 'details',
@@ -1361,7 +1424,10 @@ return {
                         'serial_number',
                         'serial_number_hex',
                         'subject',
-                        'issuer',
+                        {
+                            name: 'issuer',
+                            read_only: true
+                        },
                         'valid_not_before',
                         'valid_not_after',
                         'sha1_fingerprint',
@@ -1539,6 +1605,7 @@ exp.register = function() {
     a.register('cert_view', IPA.cert.view_action);
     a.register('cert_get', IPA.cert.get_action);
     a.register('cert_request', IPA.cert.request_action);
+    a.register('download_cert', IPA.cert.download_action);
     a.register('cert_revoke', IPA.cert.revoke_action);
     a.register('cert_remove_hold', IPA.cert.remove_hold_action);
 
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index d34e1f5fcb3c2af2751560d0c94b5e0efc497c63..df725665915b8ccb1199fe2b3e4a7617bcb11eee 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -233,12 +233,14 @@
                             "aa_compromise": "AA Compromise",
                             "add_principal": "Add principal",
                             "affiliation_changed": "Affiliation Changed",
+                            "ca": "CA",
                             "ca_compromise": "CA Compromise",
                             "certificate": "Certificate",
                             "certificates": "Certificates",
                             "certificate_hold": "Certificate Hold",
                             "cessation_of_operation": "Cessation of Operation",
                             "common_name": "Common Name",
+                            "download": "Download",
                             "expires_on": "Expires On",
                             "fingerprints": "Fingerprints",
                             "find_issuedon_from": "Issued on from",
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
index 5ca3a75da5d956d4202c20045afcf5737dc32c10..dc19ea33c19bdf0239820fa9818e832440932aca 100644
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@@ -370,12 +370,14 @@ class i18n_messages(Command):
                 "aa_compromise": _("AA Compromise"),
                 "add_principal": _("Add principal"),
                 "affiliation_changed": _("Affiliation Changed"),
+                "ca": _("CA"),
                 "ca_compromise": _("CA Compromise"),
                 "certificate": _("Certificate"),
                 "certificates": _("Certificates"),
                 "certificate_hold": _("Certificate Hold"),
                 "cessation_of_operation": _("Cessation of Operation"),
                 "common_name": _("Common Name"),
+                "download": _("Download"),
                 "expires_on": _("Expires On"),
                 "find_issuedon_from": _("Issued on from"),
                 "find_issuedon_to": _("Issued on to"),
-- 
2.5.5

From 8ef87c085390887dd6d630e984d8d70d23046f06 Mon Sep 17 00:00:00 2001
From: Pavel Vomacka <pvoma...@redhat.com>
Date: Fri, 10 Jun 2016 16:16:57 +0200
Subject: [PATCH 3/3] Extend caacl entity.

There is new checkbox in adding new caacl which can set whether the ACL applies on all
CAs or not. Also there is a new table with CAs on which is current ACL applied. User
can add and remove CAs from this table.

Part of: https://fedorahosted.org/freeipa/ticket/5939
---
 install/ui/src/freeipa/plugins/caacl.js | 45 +++++++++++++++++++++++++++++++++
 install/ui/test/data/ipa_init.json      |  3 +++
 ipaserver/plugins/internal.py           |  3 +++
 3 files changed, 51 insertions(+)

diff --git a/install/ui/src/freeipa/plugins/caacl.js b/install/ui/src/freeipa/plugins/caacl.js
index 57343d1e45c2562e1492564c3394472ca9a0c06f..92401f16b403efa5a628a91075f05b1bc759e902 100644
--- a/install/ui/src/freeipa/plugins/caacl.js
+++ b/install/ui/src/freeipa/plugins/caacl.js
@@ -87,6 +87,16 @@ var spec = {
         fields: [
             'cn',
             {
+                $type: 'checkboxes',
+                name: 'ipacacategory',
+                options: [
+                    {
+                        label: '@i18n:objects.caacl.all',
+                        value: 'all'
+                    }
+                ]
+            },
+            {
                 $type: 'textarea',
                 name: 'description'
             }
@@ -245,6 +255,18 @@ var add_caacl_details_facet_widgets = function (spec) {
             name: 'memberservice_service',
             widget: 'who.service.memberservice_service',
             priority: IPA.caacl.remove_method_priority
+        },
+        // ca
+        {
+            $type: 'radio',
+            name: 'ipacacategory',
+            widget: 'who.ipaca.ipacacategory'
+        },
+        {
+            $type: 'rule_association_table',
+            name: 'ipamemberca_ca',
+            widget: 'who.ipaca.ipamemberca_ca',
+            priority: IPA.caacl.remove_method_priority
         }
     );
 
@@ -350,6 +372,29 @@ var add_caacl_details_facet_widgets = function (spec) {
                             remove_title: '@i18n:association.remove.member'
                         }
                     ]
+                },
+                {
+                    $factory: IPA.rule_details_widget,
+                    name: 'ipaca',
+                    radio_name: 'ipacacategory',
+                    options: [
+                        { 'value': 'all', 'label': '@i18n:objects.caacl.any_ca' },
+                        { 'value': '', 'label': '@i18n:objects.caacl.specified_cas' }
+                    ],
+                    tables: [
+                        { 'name': 'ipamemberca_ca' }
+                    ],
+                    widgets: [
+                        {
+                            $type: 'rule_association_table',
+                            id: 'caacl-ipamemberca_ca',
+                            name: 'ipamemberca_ca',
+                            add_method: 'add_ca',
+                            remove_method: 'remove_ca',
+                            add_title: '@i18n:association.add.member',
+                            remove_title: '@i18n:association.remove.member'
+                        }
+                    ]
                 }
             ]
         }
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index df725665915b8ccb1199fe2b3e4a7617bcb11eee..d32e438349d1123fbeda1e15e2534cdb4f047b06 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -217,12 +217,15 @@
                             "subject_dn": "Subject DN"
                         },
                         "caacl": {
+                            "all": "All",
+                            "any_ca": "Any CA",
                             "any_host": "Any Host",
                             "any_service": "Any Service",
                             "any_profile": "Any Profile",
                             "anyone": "Anyone",
                             "ipaenabledflag": "Rule status",
                             "profile": "Profiles",
+                            "specified_cas": "Specified CAs",
                             "specified_hosts": "Specified Hosts and Groups",
                             "specified_profiles": "Specified Profiles",
                             "specified_services": "Specified Services and Groups",
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
index dc19ea33c19bdf0239820fa9818e832440932aca..ec36f0805956149190c30ebfea4b992883af705a 100644
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@@ -354,12 +354,15 @@ class i18n_messages(Command):
                 "subject_dn": _("Subject DN"),
             },
             "caacl": {
+                "all": _("All"),
+                "any_ca": _("Any CA"),
                 "any_host": _("Any Host"),
                 "any_service": _("Any Service"),
                 "any_profile": _("Any Profile"),
                 "anyone": _("Anyone"),
                 "ipaenabledflag": _("Rule status"),
                 "profile": _("Profiles"),
+                "specified_cas": _("Specified CAs"),
                 "specified_hosts": _("Specified Hosts and Groups"),
                 "specified_profiles": _("Specified Profiles"),
                 "specified_services": _("Specified Services and Groups"),
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to