[Freeipa-devel] [freeipa PR#504][synchronized] Add SHA256 fingerprints
URL: https://github.com/freeipa/freeipa/pull/504 Author: tomaskrizek Title: #504: Add SHA256 fingerprints Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/504/head:pr504 git checkout pr504 From b61cfc0883bdb5fe998c95af9ed87ea9db3a794b Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Thu, 23 Feb 2017 17:03:01 +0100 Subject: [PATCH] Add SHA256 fingerprints for certs https://fedorahosted.org/freeipa/ticket/6701 --- install/ui/src/freeipa/certificate.js | 6 +- ipaserver/plugins/cert.py | 7 +++ ipaserver/plugins/host.py | 4 ipaserver/plugins/service.py | 6 ++ ipatests/test_xmlrpc/test_host_plugin.py | 1 + ipatests/test_xmlrpc/test_service_plugin.py| 7 +++ ipatests/test_xmlrpc/tracker/host_plugin.py| 1 + ipatests/test_xmlrpc/tracker/service_plugin.py | 4 ++-- 8 files changed, 33 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js index b86c6cf..0cb43c7 100755 --- a/install/ui/src/freeipa/certificate.js +++ b/install/ui/src/freeipa/certificate.js @@ -571,6 +571,7 @@ IPA.cert.loader = function(spec) { serial_number: result.serial_number, serial_number_hex: result.serial_number_hex, sha1_fingerprint: result.sha1_fingerprint, +sha256_fingerprint: result.sha256_fingerprint, subject: result.subject, valid_not_after: result.valid_not_after, valid_not_before: result.valid_not_before @@ -1578,6 +1579,9 @@ exp.create_cert_metadata = function() { add_param('sha1_fingerprint', text.get('@i18n:objects.cert.sha1_fingerprint'), text.get('@i18n:objects.cert.sha1_fingerprint')); +add_param('sha256_fingerprint', +text.get('@i18n:objects.cert.sha256_fingerprint'), +text.get('@i18n:objects.cert.sha256_fingerprint')); add_param('certificate', text.get('@i18n:objects.cert.certificate'), text.get('@i18n:objects.cert.certificate')); @@ -1755,6 +1759,7 @@ return { 'valid_not_before', 'valid_not_after', 'sha1_fingerprint', +'sha256_fingerprint', { $type: 'revocation_reason', name: 'revocation_reason' @@ -1871,7 +1876,6 @@ IPA.cert.details_facet = function(spec, no_init) { that.create_refresh_command = function() { var command = that.details_facet_create_refresh_command(); -delete command.options.all; delete command.options.rights; command.options = command.options || {}; diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 585a70e..a60dc41 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -350,6 +350,11 @@ class BaseCertObject(Object): label=_('Fingerprint (SHA1)'), flags={'no_create', 'no_update', 'no_search'}, ), +Str( +'sha256_fingerprint', +label=_('Fingerprint (SHA256)'), +flags={'no_create', 'no_update', 'no_search'}, +), Int( 'serial_number', label=_('Serial number'), @@ -390,6 +395,8 @@ def _parse(self, obj, full=True): if full: obj['sha1_fingerprint'] = x509.to_hex_with_colons( cert.fingerprint(hashes.SHA1())) +obj['sha256_fingerprint'] = x509.to_hex_with_colons( +cert.fingerprint(hashes.SHA256())) general_names = x509.process_othernames( x509.get_san_general_names(cert)) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 7ceec8e..dcadd54 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -514,6 +514,10 @@ class host(LDAPObject): label=_('Fingerprint (SHA1)'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), +Str('sha256_fingerprint', +label=_('Fingerprint (SHA256)'), +flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, +), Str('revocation_reason?', label=_('Revocation reason'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index 3349889..03271d6 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -276,6 +276,8 @@ def set_certificate_attrs(entry_attrs): entry_attrs['valid_not_after'] = x509.format_datetime(cert.not_valid_after) entry_attrs['sha1_fingerprint'] = x509.to_hex_with_colons( cert.fingerprint(hashes.SHA1())) +
[Freeipa-devel] [freeipa PR#504][synchronized] Add SHA256 fingerprints
URL: https://github.com/freeipa/freeipa/pull/504 Author: tomaskrizek Title: #504: Add SHA256 fingerprints Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/504/head:pr504 git checkout pr504 From 3ee0bda061ec5c51b31a35a9b23f4870dd8709a0 Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Thu, 23 Feb 2017 17:03:01 +0100 Subject: [PATCH] Add SHA256 fingerprints for certs https://fedorahosted.org/freeipa/ticket/6701 --- install/ui/src/freeipa/certificate.js | 6 +- install/ui/test/data/service_show.json | 1 + ipaserver/plugins/cert.py | 7 +++ ipaserver/plugins/host.py | 4 ipaserver/plugins/service.py | 6 ++ ipatests/test_xmlrpc/test_host_plugin.py | 1 + ipatests/test_xmlrpc/test_service_plugin.py| 7 +++ ipatests/test_xmlrpc/tracker/host_plugin.py| 1 + ipatests/test_xmlrpc/tracker/service_plugin.py | 4 ++-- 9 files changed, 34 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js index b86c6cf..0cb43c7 100755 --- a/install/ui/src/freeipa/certificate.js +++ b/install/ui/src/freeipa/certificate.js @@ -571,6 +571,7 @@ IPA.cert.loader = function(spec) { serial_number: result.serial_number, serial_number_hex: result.serial_number_hex, sha1_fingerprint: result.sha1_fingerprint, +sha256_fingerprint: result.sha256_fingerprint, subject: result.subject, valid_not_after: result.valid_not_after, valid_not_before: result.valid_not_before @@ -1578,6 +1579,9 @@ exp.create_cert_metadata = function() { add_param('sha1_fingerprint', text.get('@i18n:objects.cert.sha1_fingerprint'), text.get('@i18n:objects.cert.sha1_fingerprint')); +add_param('sha256_fingerprint', +text.get('@i18n:objects.cert.sha256_fingerprint'), +text.get('@i18n:objects.cert.sha256_fingerprint')); add_param('certificate', text.get('@i18n:objects.cert.certificate'), text.get('@i18n:objects.cert.certificate')); @@ -1755,6 +1759,7 @@ return { 'valid_not_before', 'valid_not_after', 'sha1_fingerprint', +'sha256_fingerprint', { $type: 'revocation_reason', name: 'revocation_reason' @@ -1871,7 +1876,6 @@ IPA.cert.details_facet = function(spec, no_init) { that.create_refresh_command = function() { var command = that.details_facet_create_refresh_command(); -delete command.options.all; delete command.options.rights; command.options = command.options || {}; diff --git a/install/ui/test/data/service_show.json b/install/ui/test/data/service_show.json index 213dfff..597f3ad 100644 --- a/install/ui/test/data/service_show.json +++ b/install/ui/test/data/service_show.json @@ -50,6 +50,7 @@ "serial_number": "1", "serial_number_hex": "0x1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", +"sha256_fingerprint": "0f:3c:77:ed:c7:2b:09:5a:27:88:26:ca:91:e0:81:26:70:14:b1:cd:8e:fe:19:79:42:18:1b:02:07:70:25:30", "subject": "CN=dev.example.com,O=EXAMPLE.COM", "usercertificate": [ { diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 585a70e..a60dc41 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -350,6 +350,11 @@ class BaseCertObject(Object): label=_('Fingerprint (SHA1)'), flags={'no_create', 'no_update', 'no_search'}, ), +Str( +'sha256_fingerprint', +label=_('Fingerprint (SHA256)'), +flags={'no_create', 'no_update', 'no_search'}, +), Int( 'serial_number', label=_('Serial number'), @@ -390,6 +395,8 @@ def _parse(self, obj, full=True): if full: obj['sha1_fingerprint'] = x509.to_hex_with_colons( cert.fingerprint(hashes.SHA1())) +obj['sha256_fingerprint'] = x509.to_hex_with_colons( +cert.fingerprint(hashes.SHA256())) general_names = x509.process_othernames( x509.get_san_general_names(cert)) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 7ceec8e..dcadd54 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -514,6 +514,10 @@ class host(LDAPObject): label=_('Fingerprint (SHA1)'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), +Str('sha256_fingerprint', +label
[Freeipa-devel] [freeipa PR#504][synchronized] Add SHA256 fingerprints
URL: https://github.com/freeipa/freeipa/pull/504 Author: tomaskrizek Title: #504: Add SHA256 fingerprints Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/504/head:pr504 git checkout pr504 From 6664a947ad9203c9c6d671c4a55d535e8c8d6c2e Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Thu, 23 Feb 2017 17:03:01 +0100 Subject: [PATCH] Add SHA256 fingerprints for certs https://fedorahosted.org/freeipa/ticket/6701 --- install/ui/src/freeipa/certificate.js | 5 + install/ui/test/data/cert_request.json | 1 + install/ui/test/data/cert_show.json| 1 + install/ui/test/data/service_show.json | 1 + ipaserver/plugins/cert.py | 7 +++ ipaserver/plugins/host.py | 4 ipaserver/plugins/service.py | 6 ++ ipatests/test_xmlrpc/test_host_plugin.py | 1 + ipatests/test_xmlrpc/test_service_plugin.py| 7 +++ ipatests/test_xmlrpc/tracker/host_plugin.py| 1 + ipatests/test_xmlrpc/tracker/service_plugin.py | 4 ++-- 11 files changed, 36 insertions(+), 2 deletions(-) diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js index b86c6cf..d7a50d7 100755 --- a/install/ui/src/freeipa/certificate.js +++ b/install/ui/src/freeipa/certificate.js @@ -571,6 +571,7 @@ IPA.cert.loader = function(spec) { serial_number: result.serial_number, serial_number_hex: result.serial_number_hex, sha1_fingerprint: result.sha1_fingerprint, +sha256_fingerprint: result.sha256_fingerprint, subject: result.subject, valid_not_after: result.valid_not_after, valid_not_before: result.valid_not_before @@ -1578,6 +1579,9 @@ exp.create_cert_metadata = function() { add_param('sha1_fingerprint', text.get('@i18n:objects.cert.sha1_fingerprint'), text.get('@i18n:objects.cert.sha1_fingerprint')); +add_param('sha256_fingerprint', +text.get('@i18n:objects.cert.sha256_fingerprint'), +text.get('@i18n:objects.cert.sha256_fingerprint')); add_param('certificate', text.get('@i18n:objects.cert.certificate'), text.get('@i18n:objects.cert.certificate')); @@ -1755,6 +1759,7 @@ return { 'valid_not_before', 'valid_not_after', 'sha1_fingerprint', +'sha256_fingerprint', { $type: 'revocation_reason', name: 'revocation_reason' diff --git a/install/ui/test/data/cert_request.json b/install/ui/test/data/cert_request.json index f8d8544..c610830 100644 --- a/install/ui/test/data/cert_request.json +++ b/install/ui/test/data/cert_request.json @@ -8,6 +8,7 @@ "request_id": "1", "serial_number": "1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", +"sha256_fingerprint": "0f:3c:77:ed:c7:2b:09:5a:27:88:26:ca:91:e0:81:26:70:14:b1:cd:8e:fe:19:79:42:18:1b:02:07:70:25:30", "subject": "CN=dev.example.com,O=EXAMPLE.COM", "valid_not_after": "Tue Oct 13 01:59:32 2015 UTC", "valid_not_before": "Wed Oct 13 01:59:32 2010 UTC" diff --git a/install/ui/test/data/cert_show.json b/install/ui/test/data/cert_show.json index 4942e63..6f1e9d3 100644 --- a/install/ui/test/data/cert_show.json +++ b/install/ui/test/data/cert_show.json @@ -7,6 +7,7 @@ "issuer": "CN=Certificate Authority,O=EXAMPLE.COM", "serial_number": "1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", +"sha256_fingerprint": "0f:3c:77:ed:c7:2b:09:5a:27:88:26:ca:91:e0:81:26:70:14:b1:cd:8e:fe:19:79:42:18:1b:02:07:70:25:30", "subject": "CN=dev.example.com,O=EXAMPLE.COM", "valid_not_after": "Tue Oct 13 01:59:32 2015 UTC", "valid_not_before": "Wed Oct 13 01:59:32 2010 UTC" diff --git a/install/ui/test/data/service_show.json b/install/ui/test/data/service_show.json index 213dfff..597f3ad 100644 --- a/install/ui/test/data/service_show.json +++ b/install/ui/test/data/service_show.json @@ -50,6 +50,7 @@ "serial_number": "1", "serial_number_hex": "0x1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", +"sha256_fingerprint": "0f:3c:77:ed:c7:2b:09:5a:27:88:26:ca:91:e0:81:26:70:14:b1:cd:8e:fe:19:79:42:18:1b:02:07:70:25:30", "subject": "CN=dev.example.com,O=EXAMPLE.COM", "usercertificate": [ { diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 585a70e..a60dc41 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -350,6 +
[Freeipa-devel] [freeipa PR#504][synchronized] Add SHA256 fingerprints
URL: https://github.com/freeipa/freeipa/pull/504 Author: tomaskrizek Title: #504: Add SHA256 fingerprints Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/504/head:pr504 git checkout pr504 From 690ff813eefec7a16a9c6c330fb005a47efbdb85 Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Thu, 23 Feb 2017 17:03:01 +0100 Subject: [PATCH] Add SHA256 fingerprints for certs https://fedorahosted.org/freeipa/ticket/6701 --- install/ui/src/freeipa/certificate.js | 5 + install/ui/test/data/cert_request.json | 1 + install/ui/test/data/cert_show.json| 1 + install/ui/test/data/service_show.json | 1 + ipaserver/plugins/cert.py | 6 ++ ipaserver/plugins/host.py | 4 ipaserver/plugins/service.py | 6 ++ ipatests/test_xmlrpc/test_host_plugin.py | 1 + ipatests/test_xmlrpc/test_service_plugin.py| 7 +++ ipatests/test_xmlrpc/tracker/host_plugin.py| 1 + ipatests/test_xmlrpc/tracker/service_plugin.py | 4 ++-- 11 files changed, 35 insertions(+), 2 deletions(-) diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js index b86c6cf..d7a50d7 100755 --- a/install/ui/src/freeipa/certificate.js +++ b/install/ui/src/freeipa/certificate.js @@ -571,6 +571,7 @@ IPA.cert.loader = function(spec) { serial_number: result.serial_number, serial_number_hex: result.serial_number_hex, sha1_fingerprint: result.sha1_fingerprint, +sha256_fingerprint: result.sha256_fingerprint, subject: result.subject, valid_not_after: result.valid_not_after, valid_not_before: result.valid_not_before @@ -1578,6 +1579,9 @@ exp.create_cert_metadata = function() { add_param('sha1_fingerprint', text.get('@i18n:objects.cert.sha1_fingerprint'), text.get('@i18n:objects.cert.sha1_fingerprint')); +add_param('sha256_fingerprint', +text.get('@i18n:objects.cert.sha256_fingerprint'), +text.get('@i18n:objects.cert.sha256_fingerprint')); add_param('certificate', text.get('@i18n:objects.cert.certificate'), text.get('@i18n:objects.cert.certificate')); @@ -1755,6 +1759,7 @@ return { 'valid_not_before', 'valid_not_after', 'sha1_fingerprint', +'sha256_fingerprint', { $type: 'revocation_reason', name: 'revocation_reason' diff --git a/install/ui/test/data/cert_request.json b/install/ui/test/data/cert_request.json index f8d8544..c610830 100644 --- a/install/ui/test/data/cert_request.json +++ b/install/ui/test/data/cert_request.json @@ -8,6 +8,7 @@ "request_id": "1", "serial_number": "1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", +"sha256_fingerprint": "0f:3c:77:ed:c7:2b:09:5a:27:88:26:ca:91:e0:81:26:70:14:b1:cd:8e:fe:19:79:42:18:1b:02:07:70:25:30", "subject": "CN=dev.example.com,O=EXAMPLE.COM", "valid_not_after": "Tue Oct 13 01:59:32 2015 UTC", "valid_not_before": "Wed Oct 13 01:59:32 2010 UTC" diff --git a/install/ui/test/data/cert_show.json b/install/ui/test/data/cert_show.json index 4942e63..6f1e9d3 100644 --- a/install/ui/test/data/cert_show.json +++ b/install/ui/test/data/cert_show.json @@ -7,6 +7,7 @@ "issuer": "CN=Certificate Authority,O=EXAMPLE.COM", "serial_number": "1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", +"sha256_fingerprint": "0f:3c:77:ed:c7:2b:09:5a:27:88:26:ca:91:e0:81:26:70:14:b1:cd:8e:fe:19:79:42:18:1b:02:07:70:25:30", "subject": "CN=dev.example.com,O=EXAMPLE.COM", "valid_not_after": "Tue Oct 13 01:59:32 2015 UTC", "valid_not_before": "Wed Oct 13 01:59:32 2010 UTC" diff --git a/install/ui/test/data/service_show.json b/install/ui/test/data/service_show.json index 213dfff..597f3ad 100644 --- a/install/ui/test/data/service_show.json +++ b/install/ui/test/data/service_show.json @@ -50,6 +50,7 @@ "serial_number": "1", "serial_number_hex": "0x1", "sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc", +"sha256_fingerprint": "0f:3c:77:ed:c7:2b:09:5a:27:88:26:ca:91:e0:81:26:70:14:b1:cd:8e:fe:19:79:42:18:1b:02:07:70:25:30", "subject": "CN=dev.example.com,O=EXAMPLE.COM", "usercertificate": [ { diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 585a70e..ebf57e1 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -349,6 +3