pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
0b494d
From 9c081314d0d6bd4d06b8982e575808cc31dcf81e Mon Sep 17 00:00:00 2001
ac7d03
From: Jan Cholasta <jcholast@redhat.com>
ac7d03
Date: Thu, 16 Mar 2017 09:44:21 +0000
ac7d03
Subject: [PATCH] Remove csrgen
ac7d03
ac7d03
This reverts commits:
ac7d03
* 72de679eb445c975ec70cd265d37d4927823ce5b
ac7d03
* 177f07e163d6d591a1e609d35e0a6f6f5347551e
ac7d03
* 80be18162921268be9c8981495c9e8a4de0c85cd
ac7d03
* 83e2c2b65eeb5a3aa4a59c0535e9177aac5e4637
ac7d03
* ada91c20588046bb147fc701718d3da4d2c080ca
ac7d03
* 4350dcdea22fd2284836315d0ae7d38733a7620e
ac7d03
* 39a5d9c5aae77687f67d9be02457733bdfb99ead
ac7d03
* a26cf0d7910dd4c0a4da08682b4be8d3d94ba520
ac7d03
* afd7c05d11432304bfdf183832a21d419f363689
ac7d03
* f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05
ac7d03
* fc58eff6a3d7fe805e612b8b002304d8b9cd4ba9
ac7d03
* 10ef5947860f5098182b1f95c08c1158e2da15f9
ac7d03
ac7d03
https://bugzilla.redhat.com/show_bug.cgi?id=1432630
ac7d03
---
21de49
 freeipa.spec.in                               | 18 ----
21de49
 .../csrgen/profiles/caIPAserviceCert.json     | 15 ----
21de49
 ipaclient/csrgen/profiles/userCert.json       | 15 ----
21de49
 .../csrgen/templates/openssl_macros.tmpl      | 29 -------
21de49
 ipaclient/plugins/cert.py                     | 82 +------------------
21de49
 ipaclient/setup.py                            |  7 --
21de49
 ipalib/errors.py                              | 28 -------
21de49
 ipatests/setup.py                             |  2 -
21de49
 ipatests/test_ipaclient/__init__.py           |  7 --
21de49
 .../data/test_csrgen/profiles/profile.json    |  8 --
21de49
 .../test_csrgen/templates/identity_base.tmpl  |  1 -
95ea96
 11 files changed, 1 insertion(+), 211 deletions(-)
ac7d03
 delete mode 100644 ipaclient/csrgen/profiles/caIPAserviceCert.json
ac7d03
 delete mode 100644 ipaclient/csrgen/profiles/userCert.json
ac7d03
 delete mode 100644 ipaclient/csrgen/templates/openssl_macros.tmpl
ac7d03
 delete mode 100644 ipatests/test_ipaclient/__init__.py
ac7d03
 delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json
ac7d03
 delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
ac7d03
ac7d03
diff --git a/freeipa.spec.in b/freeipa.spec.in
0b494d
index 488cf9c02be3e96ffde7ab2f2c3d80b9c82d428a..6636b9474564ab48d2f804c3854d33a1b071f2c8 100644
ac7d03
--- a/freeipa.spec.in
ac7d03
+++ b/freeipa.spec.in
86baa9
@@ -248,7 +248,6 @@ BuildRequires:  python2-sssdconfig
95ea96
 BuildRequires:  python2-nose
95ea96
 BuildRequires:  python2-paste
95ea96
 BuildRequires:  python2-systemd
ac7d03
-BuildRequires:  python2-jinja2
95ea96
 BuildRequires:  python2-augeas
ac7d03
 
ac7d03
 %if 0%{?with_python3}
86baa9
@@ -287,7 +286,6 @@ BuildRequires:  python3-libsss_nss_idmap
ac7d03
 BuildRequires:  python3-nose
ac7d03
 BuildRequires:  python3-paste
ac7d03
 BuildRequires:  python3-systemd
ac7d03
-BuildRequires:  python3-jinja2
ac7d03
 BuildRequires:  python3-augeas
95ea96
 BuildRequires:  python3-netaddr
95ea96
 BuildRequires:  python3-pyasn1
86baa9
@@ -647,7 +645,6 @@ Requires: %{name}-client-common = %{version}-%{release}
ac7d03
 Requires: %{name}-common = %{version}-%{release}
ac7d03
 Requires: python2-ipalib = %{version}-%{release}
95ea96
 Requires: python2-dns >= 1.15
ac7d03
-Requires: python2-jinja2
ac7d03
 
ac7d03
 %description -n python2-ipaclient
ac7d03
 IPA is an integrated solution to provide centrally managed Identity (users,
86baa9
@@ -670,7 +667,6 @@ Requires: %{name}-client-common = %{version}-%{release}
ac7d03
 Requires: %{name}-common = %{version}-%{release}
ac7d03
 Requires: python3-ipalib = %{version}-%{release}
ac7d03
 Requires: python3-dns >= 1.15
ac7d03
-Requires: python3-jinja2
ac7d03
 
ac7d03
 %description -n python3-ipaclient
ac7d03
 IPA is an integrated solution to provide centrally managed Identity (users,
86baa9
@@ -1623,13 +1619,6 @@ fi
ac7d03
 %{python_sitelib}/ipaclient/remote_plugins/*.py*
3f51ca
 %dir %{python_sitelib}/ipaclient/remote_plugins/2_*
ac7d03
 %{python_sitelib}/ipaclient/remote_plugins/2_*/*.py*
ac7d03
-%dir %{python_sitelib}/ipaclient/csrgen
ac7d03
-%dir %{python_sitelib}/ipaclient/csrgen/profiles
ac7d03
-%{python_sitelib}/ipaclient/csrgen/profiles/*.json
ac7d03
-%dir %{python_sitelib}/ipaclient/csrgen/rules
ac7d03
-%{python_sitelib}/ipaclient/csrgen/rules/*.json
ac7d03
-%dir %{python_sitelib}/ipaclient/csrgen/templates
ac7d03
-%{python_sitelib}/ipaclient/csrgen/templates/*.tmpl
ac7d03
 %{python_sitelib}/ipaclient-*.egg-info
ac7d03
 
ac7d03
 
86baa9
@@ -1654,13 +1643,6 @@ fi
3f51ca
 %dir %{python3_sitelib}/ipaclient/remote_plugins/2_*
ac7d03
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
ac7d03
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
ac7d03
-%dir %{python3_sitelib}/ipaclient/csrgen
ac7d03
-%dir %{python3_sitelib}/ipaclient/csrgen/profiles
ac7d03
-%{python3_sitelib}/ipaclient/csrgen/profiles/*.json
ac7d03
-%dir %{python3_sitelib}/ipaclient/csrgen/rules
ac7d03
-%{python3_sitelib}/ipaclient/csrgen/rules/*.json
ac7d03
-%dir %{python3_sitelib}/ipaclient/csrgen/templates
ac7d03
-%{python3_sitelib}/ipaclient/csrgen/templates/*.tmpl
ac7d03
 %{python3_sitelib}/ipaclient-*.egg-info
ac7d03
 
ac7d03
 %endif # with_python3
ac7d03
diff --git a/ipaclient/csrgen/profiles/caIPAserviceCert.json b/ipaclient/csrgen/profiles/caIPAserviceCert.json
ac7d03
deleted file mode 100644
ac7d03
index 114d2ffd4e0d8eae833eaa594f6a17a79da909be..0000000000000000000000000000000000000000
ac7d03
--- a/ipaclient/csrgen/profiles/caIPAserviceCert.json
ac7d03
+++ /dev/null
ac7d03
@@ -1,15 +0,0 @@
ac7d03
-[
ac7d03
-    {
ac7d03
-        "syntax": "syntaxSubject",
ac7d03
-        "data": [
ac7d03
-            "dataHostCN",
ac7d03
-            "dataSubjectBase"
ac7d03
-        ]
ac7d03
-    },
ac7d03
-    {
ac7d03
-        "syntax": "syntaxSAN",
ac7d03
-        "data": [
ac7d03
-            "dataDNS"
ac7d03
-        ]
ac7d03
-    }
ac7d03
-]
ac7d03
diff --git a/ipaclient/csrgen/profiles/userCert.json b/ipaclient/csrgen/profiles/userCert.json
ac7d03
deleted file mode 100644
ac7d03
index d6cf5cfffcfadd604fc3e8283d1be15767278c7a..0000000000000000000000000000000000000000
ac7d03
--- a/ipaclient/csrgen/profiles/userCert.json
ac7d03
+++ /dev/null
ac7d03
@@ -1,15 +0,0 @@
ac7d03
-[
ac7d03
-    {
ac7d03
-        "syntax": "syntaxSubject",
ac7d03
-        "data": [
ac7d03
-            "dataUsernameCN",
ac7d03
-            "dataSubjectBase"
ac7d03
-        ]
ac7d03
-    },
ac7d03
-    {
ac7d03
-        "syntax": "syntaxSAN",
ac7d03
-        "data": [
ac7d03
-            "dataEmail"
ac7d03
-        ]
ac7d03
-    }
ac7d03
-]
ac7d03
diff --git a/ipaclient/csrgen/templates/openssl_macros.tmpl b/ipaclient/csrgen/templates/openssl_macros.tmpl
ac7d03
deleted file mode 100644
ac7d03
index d31b8fef5f2d85e1b3d5ecf425f00ec9c22ac301..0000000000000000000000000000000000000000
ac7d03
--- a/ipaclient/csrgen/templates/openssl_macros.tmpl
ac7d03
+++ /dev/null
ac7d03
@@ -1,29 +0,0 @@
ac7d03
-{# List containing rendered sections to be included at end #}
ac7d03
-{% set openssl_sections = [] %}
ac7d03
-
ac7d03
-{#
ac7d03
-List containing one entry for each section name allocated. Because of
ac7d03
-scoping rules, we need to use a list so that it can be a "per-render global"
ac7d03
-that gets updated in place. Real globals are shared by all templates with the
ac7d03
-same environment, and variables defined in the macro don't persist after the
ac7d03
-macro invocation ends.
ac7d03
-#}
ac7d03
-{% set openssl_section_num = [] %}
ac7d03
-
ac7d03
-{% macro section() -%}
ac7d03
-{% set name -%}
ac7d03
-sec{{ openssl_section_num|length -}}
ac7d03
-{% endset -%}
ac7d03
-{% do openssl_section_num.append('') -%}
ac7d03
-{% set contents %}{{ caller() }}{% endset -%}
ac7d03
-{% if contents -%}
ac7d03
-{% set sectiondata = formatsection(name, contents) -%}
ac7d03
-{% do openssl_sections.append(sectiondata) -%}
ac7d03
-{% endif -%}
ac7d03
-{{ name -}}
ac7d03
-{% endmacro %}
ac7d03
-
ac7d03
-{% macro formatsection(name, contents) -%}
ac7d03
-[ {{ name }} ]
ac7d03
-{{ contents -}}
ac7d03
-{% endmacro %}
ac7d03
diff --git a/ipaclient/plugins/cert.py b/ipaclient/plugins/cert.py
86baa9
index a1ecd9ae45b241fef0bca9b80102fef79832ebd1..eea0ca1e46b3ed46fe7d29b85c1d86dd2131567c 100644
ac7d03
--- a/ipaclient/plugins/cert.py
ac7d03
+++ b/ipaclient/plugins/cert.py
95ea96
@@ -21,8 +21,6 @@
ac7d03
 
ac7d03
 import base64
ac7d03
 
95ea96
-import six
95ea96
-
ac7d03
 from ipaclient.frontend import MethodOverride
ac7d03
 from ipalib import errors
95ea96
 from ipalib import x509
95ea96
@@ -31,9 +29,6 @@ from ipalib.parameters import BinaryFile, File, Flag, Str
ac7d03
 from ipalib.plugable import Registry
ac7d03
 from ipalib.text import _
ac7d03
 
ac7d03
-if six.PY3:
ac7d03
-    unicode = str
ac7d03
-
ac7d03
 register = Registry()
ac7d03
 
ac7d03
 
86baa9
@@ -73,87 +68,12 @@ class CertRetrieveOverride(MethodOverride):
ac7d03
 
ac7d03
 @register(override=True, no_fail=True)
ac7d03
 class cert_request(CertRetrieveOverride):
ac7d03
-    takes_options = CertRetrieveOverride.takes_options + (
ac7d03
-        Str(
ac7d03
-            'database?',
ac7d03
-            label=_('Path to NSS database'),
ac7d03
-            doc=_('Path to NSS database to use for private key'),
ac7d03
-        ),
ac7d03
-        Str(
ac7d03
-            'private_key?',
ac7d03
-            label=_('Path to private key file'),
ac7d03
-            doc=_('Path to PEM file containing a private key'),
ac7d03
-        ),
ac7d03
-        Str(
ac7d03
-            'password_file?',
ac7d03
-            label=_(
ac7d03
-                'File containing a password for the private key or database'),
ac7d03
-        ),
ac7d03
-        Str(
ac7d03
-            'csr_profile_id?',
ac7d03
-            label=_('Name of CSR generation profile (if not the same as'
ac7d03
-                    ' profile_id)'),
ac7d03
-        ),
ac7d03
-    )
ac7d03
-
ac7d03
     def get_args(self):
ac7d03
         for arg in super(cert_request, self).get_args():
ac7d03
             if arg.name == 'csr':
ac7d03
-                arg = arg.clone_retype(arg.name, File, required=False)
ac7d03
+                arg = arg.clone_retype(arg.name, File)
ac7d03
             yield arg
ac7d03
 
ac7d03
-    def forward(self, csr=None, **options):
ac7d03
-        database = options.pop('database', None)
ac7d03
-        private_key = options.pop('private_key', None)
ac7d03
-        csr_profile_id = options.pop('csr_profile_id', None)
ac7d03
-        password_file = options.pop('password_file', None)
ac7d03
-
ac7d03
-        if csr is None:
95ea96
-            # Deferred import, ipaclient.csrgen is expensive to load.
95ea96
-            # see https://pagure.io/freeipa/issue/7484
95ea96
-            from ipaclient import csrgen
95ea96
-
ac7d03
-            if database:
95ea96
-                adaptor = csrgen.NSSAdaptor(database, password_file)
ac7d03
-            elif private_key:
95ea96
-                adaptor = csrgen.OpenSSLAdaptor(
95ea96
-                    key_filename=private_key, password_filename=password_file)
ac7d03
-            else:
ac7d03
-                raise errors.InvocationError(
ac7d03
-                    message=u"One of 'database' or 'private_key' is required")
ac7d03
-
95ea96
-            pubkey_info = adaptor.get_subject_public_key_info()
95ea96
-            pubkey_info_b64 = base64.b64encode(pubkey_info)
95ea96
-
95ea96
-            # If csr_profile_id is passed, that takes precedence.
95ea96
-            # Otherwise, use profile_id. If neither are passed, the default
95ea96
-            # in cert_get_requestdata will be used.
95ea96
-            profile_id = csr_profile_id
95ea96
-            if profile_id is None:
95ea96
-                profile_id = options.get('profile_id')
ac7d03
-
95ea96
-            response = self.api.Command.cert_get_requestdata(
95ea96
-                profile_id=profile_id,
95ea96
-                principal=options.get('principal'),
95ea96
-                public_key_info=pubkey_info_b64)
ac7d03
-
95ea96
-            req_info_b64 = response['result']['request_info']
95ea96
-            req_info = base64.b64decode(req_info_b64)
ac7d03
-
95ea96
-            csr = adaptor.sign_csr(req_info)
95ea96
-
95ea96
-            if not csr:
95ea96
-                raise errors.CertificateOperationError(
95ea96
-                    error=(_('Generated CSR was empty')))
ac7d03
-
ac7d03
-        else:
ac7d03
-            if database is not None or private_key is not None:
ac7d03
-                raise errors.MutuallyExclusiveError(reason=_(
ac7d03
-                    "Options 'database' and 'private_key' are not compatible"
ac7d03
-                    " with 'csr'"))
ac7d03
-
ac7d03
-        return super(cert_request, self).forward(csr, **options)
ac7d03
-
ac7d03
 
ac7d03
 @register(override=True, no_fail=True)
ac7d03
 class cert_show(CertRetrieveOverride):
ac7d03
diff --git a/ipaclient/setup.py b/ipaclient/setup.py
95ea96
index ac947e772e014051ff5f231c73651bfa2fe8b061..8faa17dd1850fefd127aff83913e052e8900e5d4 100644
ac7d03
--- a/ipaclient/setup.py
ac7d03
+++ b/ipaclient/setup.py
3f51ca
@@ -42,13 +42,6 @@ if __name__ == '__main__':
ac7d03
             "ipaclient.remote_plugins.2_156",
ac7d03
             "ipaclient.remote_plugins.2_164",
ac7d03
         ],
ac7d03
-        package_data={
ac7d03
-            'ipaclient': [
ac7d03
-                'csrgen/profiles/*.json',
ac7d03
-                'csrgen/rules/*.json',
ac7d03
-                'csrgen/templates/*.tmpl',
ac7d03
-            ],
ac7d03
-        },
ac7d03
         install_requires=[
ac7d03
             "cryptography",
ac7d03
             "ipalib",
ac7d03
diff --git a/ipalib/errors.py b/ipalib/errors.py
95ea96
index 3a40fa28dc4b7748b2c570943f4a27a22c152353..6356d523e8c0ac63e8892292dd9991c9ee8211aa 100644
ac7d03
--- a/ipalib/errors.py
ac7d03
+++ b/ipalib/errors.py
95ea96
@@ -1434,34 +1434,6 @@ class HTTPRequestError(RemoteRetrieveError):
ac7d03
     format = _('Request failed with status %(status)s: %(reason)s')
ac7d03
 
ac7d03
 
ac7d03
-class RedundantMappingRule(SingleMatchExpected):
ac7d03
-    """
ac7d03
-    **4036** Raised when more than one rule in a CSR generation ruleset matches
ac7d03
-    a particular helper.
ac7d03
-
ac7d03
-    For example:
ac7d03
-
ac7d03
-    >>> raise RedundantMappingRule(ruleset='syntaxSubject', helper='certutil')
ac7d03
-    Traceback (most recent call last):
ac7d03
-      ...
ac7d03
-    RedundantMappingRule: Mapping ruleset "syntaxSubject" has more than one
ac7d03
-    rule for the certutil helper.
ac7d03
-    """
ac7d03
-
ac7d03
-    errno = 4036
ac7d03
-    format = _('Mapping ruleset "%(ruleset)s" has more than one rule for the'
ac7d03
-               ' %(helper)s helper')
ac7d03
-
ac7d03
-
ac7d03
-class CSRTemplateError(ExecutionError):
ac7d03
-    """
ac7d03
-    **4037** Raised when evaluation of a CSR generation template fails
ac7d03
-    """
ac7d03
-
ac7d03
-    errno = 4037
ac7d03
-    format = _('%(reason)s')
ac7d03
-
ac7d03
-
ac7d03
 class BuiltinError(ExecutionError):
ac7d03
     """
ac7d03
     **4100** Base class for builtin execution errors (*4100 - 4199*).
ac7d03
diff --git a/ipatests/setup.py b/ipatests/setup.py
86baa9
index e9a1a5be004e96a0c9f756d14ffcb0821608688a..6880f184d5acc30f962e3e481d4d62c2db7f78b8 100644
ac7d03
--- a/ipatests/setup.py
ac7d03
+++ b/ipatests/setup.py
3f51ca
@@ -39,7 +39,6 @@ if __name__ == '__main__':
ac7d03
             "ipatests.test_cmdline",
ac7d03
             "ipatests.test_install",
ac7d03
             "ipatests.test_integration",
ac7d03
-            "ipatests.test_ipaclient",
ac7d03
             "ipatests.test_ipalib",
95ea96
             "ipatests.test_ipaplatform",
ac7d03
             "ipatests.test_ipapython",
3f51ca
@@ -53,7 +52,6 @@ if __name__ == '__main__':
ac7d03
         package_data={
ac7d03
             'ipatests.test_install': ['*.update'],
ac7d03
             'ipatests.test_integration': ['scripts/*'],
ac7d03
-            'ipatests.test_ipaclient': ['data/*/*/*'],
ac7d03
             'ipatests.test_ipalib': ['data/*'],
95ea96
             'ipatests.test_ipaplatform': ['data/*'],
ac7d03
             "ipatests.test_ipaserver": ['data/*'],
ac7d03
diff --git a/ipatests/test_ipaclient/__init__.py b/ipatests/test_ipaclient/__init__.py
ac7d03
deleted file mode 100644
ac7d03
index 0c428910cabe103af3ac9bfe4cdde6678acd1585..0000000000000000000000000000000000000000
ac7d03
--- a/ipatests/test_ipaclient/__init__.py
ac7d03
+++ /dev/null
ac7d03
@@ -1,7 +0,0 @@
ac7d03
-#
ac7d03
-# Copyright (C) 2016  FreeIPA Contributors see COPYING for license
ac7d03
-#
ac7d03
-
ac7d03
-"""
ac7d03
-Sub-package containing unit tests for `ipaclient` package.
ac7d03
-"""
ac7d03
diff --git a/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json b/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json
ac7d03
deleted file mode 100644
ac7d03
index 676f91bef696109976826e6e61be091718172798..0000000000000000000000000000000000000000
ac7d03
--- a/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json
ac7d03
+++ /dev/null
ac7d03
@@ -1,8 +0,0 @@
ac7d03
-[
ac7d03
-    {
ac7d03
-        "syntax": "basic",
ac7d03
-        "data": [
ac7d03
-            "options"
ac7d03
-        ]
ac7d03
-    }
ac7d03
-]
ac7d03
diff --git a/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl b/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
ac7d03
deleted file mode 100644
ac7d03
index 79111ab686b4fe25227796509b3cd3fcb54af728..0000000000000000000000000000000000000000
ac7d03
--- a/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
ac7d03
+++ /dev/null
ac7d03
@@ -1 +0,0 @@
ac7d03
-{{ options|join(";") }}
ac7d03
-- 
deb461
2.20.1
ac7d03