From f5efedd4c4f25e423e83c45efdc779fa567eb451 Mon Sep 17 00:00:00 2001

From: Pavel Vomacka <pvomacka@redhat.com>

Date: Fri, 26 Aug 2016 13:11:22 +0200

Subject: [PATCH] WebUI add support for sub-CAs while revoking certificates

Also the same for removing certificate hold.

https://fedorahosted.org/freeipa/ticket/6216

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

---

 install/ui/src/freeipa/certificate.js | 129 ++++++++++++++++++++++++++--------

 install/ui/src/freeipa/widget.js      |   1 +

 2 files changed, 100 insertions(+), 30 deletions(-)

diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js

index e67c348b7edbd2e273f18ed1df40ef8b5b5e59c3..9ab40027817cdcc242762399a0b4d9f41afec0b7 100755

--- a/install/ui/src/freeipa/certificate.js

+++ b/install/ui/src/freeipa/certificate.js

@@ -244,44 +244,104 @@ IPA.cert.download_dialog = function(spec) {

     return that;

 };

-IPA.cert.revoke_dialog = function(spec) {

+IPA.cert.revocation_reason_select_widget = function(spec) {

+    spec = spec || {};

+

+    var that = IPA.select_widget(spec);

+

+    that.create_options = function() {

+        for (var i=0; i

+            var reason = IPA.cert.CRL_REASON[i];

+            if (!reason) continue;

+            var label = text.get('@i18n:objects.cert.'+reason);

+            that.options.push({ label: label, value: i});

+        }

+

+        that.select_create_options();

+    };

+

+    return that;

+};

+

+IPA.cert.revoke_dialog = function(spec, no_init) {

     spec = spec || {};

+

     spec.width = spec.width || 500;

     spec.ok_label = spec.ok_label || '@i18n:buttons.revoke';

+    spec.sections = [

+        {

+            name: 'note',

+            show_header: false,

+            fields: [

+                {

+                    field: false,

+                    $type: 'html',

+                    name: 'note',

+                    html: ''

+                }

+            ],

+            layout:

+            {

+                $factory: widget_mod.fluid_layout,

+                widget_cls: "col-sm-12 controls",

+                label_cls: "hide"

+            }

+        },

+        {

+            name: 'revocation',

+            show_header: false,

+            fields: [

+                {

+                    $type: 'revocation_reason_select',

+                    name: 'revocation_reason',

+                    label: '@i18n:objects.cert.find_revocation_reason'

+                },

+                {

+                    $type: 'entity_select',

+                    label: '@i18n:objects.cert.ca',

+                    name: 'cacn',

+                    empty_option: false,

+                    other_entity: 'ca',

+                    other_field: 'cn'

+                }

+            ]

+        }

+    ];

     var that = IPA.confirm_dialog(spec);

-    IPA.table_mixin().apply(that);

+

+    that.open = function() {

+

+        that.confirmed = false;

+        that.dialog_open();

+        that.set_cacn(that.facet.state.cacn);

+    };

     that.get_reason = function() {

-        return that.select.val();

+        return that.get_field('revocation_reason').value[0];

     };

-    that.create_content = function() {

+    that.set_cacn = function(cacn) {

+        that.get_field('cacn').set_value([cacn]);

+    };

-        var table = that.create_layout().appendTo(that.container);

+    that.get_cacn = function() {

+        return that.get_field('cacn').value[0];

+    };

-        var tr = that.create_row().appendTo(table);

-        var td = that.create_cell('@i18n:objects.cert.note', ':').appendTo(tr);

-        td = that.create_cell('@i18n:objects.cert.revoke_confirmation')

-            .appendTo(tr);

+    that.create_content = function() {

+        that.dialog_create_content();

-        tr = that.create_row().appendTo(table);

-        td = that.create_header_cell('@i18n:objects.cert.reason', ':')

-            .appendTo(tr);

-        td = that.create_cell().appendTo(tr);

+    };

-        that.select = $('<select/>').appendTo(td);

-        for (var i=0; i

-            var reason = IPA.cert.CRL_REASON[i];

-            if (!reason) continue;

-            $('<option/>', {

-                'value': i,

-                'html': text.get('@i18n:objects.cert.'+reason)

-            }).appendTo(that.select);

-        }

+    that.init = function() {

+        var note = text.get('@i18n:objects.cert.revoke_confirmation');

+        that.widgets.get_widget('note.note').html = note;

     };

+    if (!no_init) that.init();

+

     return that;

 };

@@ -718,7 +778,7 @@ IPA.cert.request_action = function(spec) {

     return that;

 };

-IPA.cert.perform_revoke = function(spec, sn, revocation_reason) {

+IPA.cert.perform_revoke = function(spec, sn, revocation_reason, cacn) {

     spec.hide_activity_icon = spec.hide_activity_icon || false;

@@ -728,7 +788,8 @@ IPA.cert.perform_revoke = function(spec, sn, revocation_reason) {

         hide_activity_icon: spec.hide_activity_icon,

         args: [ sn ],

         options: {

-            'revocation_reason': revocation_reason

+            revocation_reason: revocation_reason,

+            cacn: cacn

         },

         notify_activity_start: spec.notify_activity_start,

         notify_activity_end: spec.notify_activity_end,

@@ -782,7 +843,8 @@ IPA.cert.revoke_action = function(spec) {

         var sn = facet.certificate.serial_number;

         var revocation_reason = that.dialog.get_reason();

-        IPA.cert.perform_revoke(spec, sn, revocation_reason);

+        var cacn = that.dialog.get_cacn();

+        IPA.cert.perform_revoke(spec, sn, revocation_reason, cacn);

     };

     return that;

@@ -835,19 +897,22 @@ IPA.cert.remove_hold_action = function(spec) {

             }

         };

-        IPA.cert.perform_remove_hold(spec, facet.certificate.serial_number);

-

+        IPA.cert.perform_remove_hold(spec, facet.certificate.serial_number,

+                            facet.state.cacn);

     };

     return that;

 };

-IPA.cert.perform_remove_hold = function(spec, sn) {

+IPA.cert.perform_remove_hold = function(spec, sn, cacn) {

     rpc.command({

         entity: 'cert',

         method: 'remove_hold',

         args: [sn],

+        options: {

+            cacn: cacn

+        },

         on_success: spec.on_success

     }).execute();

 };

@@ -1360,13 +1425,15 @@ IPA.cert.cert_widget = function(spec) {

                 };

                 var sn = that.certificate.serial_number;

+                var cacn = dialog.get_cacn();

                 var revocation_reason = dialog.get_reason();

-                IPA.cert.perform_revoke(command_spec, sn, revocation_reason);

+                IPA.cert.perform_revoke(command_spec, sn, revocation_reason, cacn);

             }

         };

         var dialog = IPA.cert.revoke_dialog(spec);

         dialog.open();

+        dialog.set_cacn(that.certificate.cacn);

     };

     that.perform_remove_hold = function() {

@@ -1392,7 +1459,8 @@ IPA.cert.cert_widget = function(spec) {

                 };

                 var sn =  that.certificate.serial_number;

-                IPA.cert.perform_remove_hold(command_spec, sn);

+                var cacn = that.certificate.cacn;

+                IPA.cert.perform_remove_hold(command_spec, sn, cacn);

             }

         };

@@ -1834,6 +1902,7 @@ exp.register = function() {

     f.register('certificate_status', IPA.cert.status_field);

     f.register('revocation_reason', IPA.revocation_reason_field);

     w.register('revocation_reason', IPA.text_widget);

+    w.register('revocation_reason_select', IPA.cert.revocation_reason_select_widget);

     a.register('cert_request', IPA.cert.request_action);

     a.register('download_cert', IPA.cert.download_action);

diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js

index 9151ebac9438e9e674f81bfb1ccfe7a63872b1ae..4769ca616e4337e8f10339048f9851252e6dfd2e 100644

--- a/install/ui/src/freeipa/widget.js

+++ b/install/ui/src/freeipa/widget.js

@@ -2878,6 +2878,7 @@ IPA.select_widget = function(spec) {

     // methods that should be invoked by subclasses

     that.select_save = that.save;

     that.select_update = that.update;

+    that.select_create_options = that.create_options;

     return that;

 };

-- 

2.7.4