From b7082747c2b6bbe2e857bd4fa20af443073dbd02 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 16 Mar 2017 09:44:21 +0000
Subject: [PATCH] Remove csrgen
This reverts commits:
* 72de679eb445c975ec70cd265d37d4927823ce5b
* 177f07e163d6d591a1e609d35e0a6f6f5347551e
* 80be18162921268be9c8981495c9e8a4de0c85cd
* 83e2c2b65eeb5a3aa4a59c0535e9177aac5e4637
* ada91c20588046bb147fc701718d3da4d2c080ca
* 4350dcdea22fd2284836315d0ae7d38733a7620e
* 39a5d9c5aae77687f67d9be02457733bdfb99ead
* a26cf0d7910dd4c0a4da08682b4be8d3d94ba520
* afd7c05d11432304bfdf183832a21d419f363689
* f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05
* fc58eff6a3d7fe805e612b8b002304d8b9cd4ba9
* 10ef5947860f5098182b1f95c08c1158e2da15f9
https://bugzilla.redhat.com/show_bug.cgi?id=1432630
---
freeipa.spec.in | 18 -----
ipaclient/csrgen/profiles/caIPAserviceCert.json | 15 ----
ipaclient/csrgen/profiles/userCert.json | 15 ----
ipaclient/csrgen/templates/openssl_macros.tmpl | 29 --------
ipaclient/plugins/cert.py | 82 +---------------------
ipaclient/setup.py | 7 --
ipalib/errors.py | 28 --------
ipatests/setup.py | 2 -
ipatests/test_ipaclient/__init__.py | 7 --
.../data/test_csrgen/profiles/profile.json | 8 ---
.../data/test_csrgen/templates/identity_base.tmpl | 1 -
11 files changed, 1 insertion(+), 211 deletions(-)
delete mode 100644 ipaclient/csrgen/profiles/caIPAserviceCert.json
delete mode 100644 ipaclient/csrgen/profiles/userCert.json
delete mode 100644 ipaclient/csrgen/templates/openssl_macros.tmpl
delete mode 100644 ipatests/test_ipaclient/__init__.py
delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json
delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 70482ceb65639465d60b0c48fd2ccd6eaa34e097..8d76217fc5a735f36d344b1b783d061b3b0f6271 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -245,7 +245,6 @@ BuildRequires: python2-sssdconfig
BuildRequires: python2-nose
BuildRequires: python2-paste
BuildRequires: python2-systemd
-BuildRequires: python2-jinja2
BuildRequires: python2-augeas
%if 0%{?with_python3}
@@ -284,7 +283,6 @@ BuildRequires: python3-libsss_nss_idmap
BuildRequires: python3-nose
BuildRequires: python3-paste
BuildRequires: python3-systemd
-BuildRequires: python3-jinja2
BuildRequires: python3-augeas
BuildRequires: python3-netaddr
BuildRequires: python3-pyasn1
@@ -640,7 +638,6 @@ Requires: %{name}-client-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
Requires: python2-ipalib = %{version}-%{release}
Requires: python2-dns >= 1.15
-Requires: python2-jinja2
%description -n python2-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users,
@@ -663,7 +660,6 @@ Requires: %{name}-client-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
Requires: python3-ipalib = %{version}-%{release}
Requires: python3-dns >= 1.15
-Requires: python3-jinja2
%description -n python3-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users,
@@ -1609,13 +1605,6 @@ fi
%{python_sitelib}/ipaclient/remote_plugins/*.py*
%dir %{python_sitelib}/ipaclient/remote_plugins/2_*
%{python_sitelib}/ipaclient/remote_plugins/2_*/*.py*
-%dir %{python_sitelib}/ipaclient/csrgen
-%dir %{python_sitelib}/ipaclient/csrgen/profiles
-%{python_sitelib}/ipaclient/csrgen/profiles/*.json
-%dir %{python_sitelib}/ipaclient/csrgen/rules
-%{python_sitelib}/ipaclient/csrgen/rules/*.json
-%dir %{python_sitelib}/ipaclient/csrgen/templates
-%{python_sitelib}/ipaclient/csrgen/templates/*.tmpl
%{python_sitelib}/ipaclient-*.egg-info
@@ -1640,13 +1629,6 @@ fi
%dir %{python3_sitelib}/ipaclient/remote_plugins/2_*
%{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
%{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
-%dir %{python3_sitelib}/ipaclient/csrgen
-%dir %{python3_sitelib}/ipaclient/csrgen/profiles
-%{python3_sitelib}/ipaclient/csrgen/profiles/*.json
-%dir %{python3_sitelib}/ipaclient/csrgen/rules
-%{python3_sitelib}/ipaclient/csrgen/rules/*.json
-%dir %{python3_sitelib}/ipaclient/csrgen/templates
-%{python3_sitelib}/ipaclient/csrgen/templates/*.tmpl
%{python3_sitelib}/ipaclient-*.egg-info
%endif # with_python3
diff --git a/ipaclient/csrgen/profiles/caIPAserviceCert.json b/ipaclient/csrgen/profiles/caIPAserviceCert.json
deleted file mode 100644
index 114d2ffd4e0d8eae833eaa594f6a17a79da909be..0000000000000000000000000000000000000000
--- a/ipaclient/csrgen/profiles/caIPAserviceCert.json
+++ /dev/null
@@ -1,15 +0,0 @@
-[
- {
- "syntax": "syntaxSubject",
- "data": [
- "dataHostCN",
- "dataSubjectBase"
- ]
- },
- {
- "syntax": "syntaxSAN",
- "data": [
- "dataDNS"
- ]
- }
-]
diff --git a/ipaclient/csrgen/profiles/userCert.json b/ipaclient/csrgen/profiles/userCert.json
deleted file mode 100644
index d6cf5cfffcfadd604fc3e8283d1be15767278c7a..0000000000000000000000000000000000000000
--- a/ipaclient/csrgen/profiles/userCert.json
+++ /dev/null
@@ -1,15 +0,0 @@
-[
- {
- "syntax": "syntaxSubject",
- "data": [
- "dataUsernameCN",
- "dataSubjectBase"
- ]
- },
- {
- "syntax": "syntaxSAN",
- "data": [
- "dataEmail"
- ]
- }
-]
diff --git a/ipaclient/csrgen/templates/openssl_macros.tmpl b/ipaclient/csrgen/templates/openssl_macros.tmpl
deleted file mode 100644
index d31b8fef5f2d85e1b3d5ecf425f00ec9c22ac301..0000000000000000000000000000000000000000
--- a/ipaclient/csrgen/templates/openssl_macros.tmpl
+++ /dev/null
@@ -1,29 +0,0 @@
-{# List containing rendered sections to be included at end #}
-{% set openssl_sections = [] %}
-
-{#
-List containing one entry for each section name allocated. Because of
-scoping rules, we need to use a list so that it can be a "per-render global"
-that gets updated in place. Real globals are shared by all templates with the
-same environment, and variables defined in the macro don't persist after the
-macro invocation ends.
-#}
-{% set openssl_section_num = [] %}
-
-{% macro section() -%}
-{% set name -%}
-sec{{ openssl_section_num|length -}}
-{% endset -%}
-{% do openssl_section_num.append('') -%}
-{% set contents %}{{ caller() }}{% endset -%}
-{% if contents -%}
-{% set sectiondata = formatsection(name, contents) -%}
-{% do openssl_sections.append(sectiondata) -%}
-{% endif -%}
-{{ name -}}
-{% endmacro %}
-
-{% macro formatsection(name, contents) -%}
-[ {{ name }} ]
-{{ contents -}}
-{% endmacro %}
diff --git a/ipaclient/plugins/cert.py b/ipaclient/plugins/cert.py
index 6d453d0d6ead9ac7d594bbb27da81de6de2b6862..b3619f30c1ca1f4e921b106d07fb5cb2219a7df0 100644
--- a/ipaclient/plugins/cert.py
+++ b/ipaclient/plugins/cert.py
@@ -21,8 +21,6 @@
import base64
-import six
-
from ipaclient.frontend import MethodOverride
from ipalib import errors
from ipalib import x509
@@ -31,9 +29,6 @@ from ipalib.parameters import BinaryFile, File, Flag, Str
from ipalib.plugable import Registry
from ipalib.text import _
-if six.PY3:
- unicode = str
-
register = Registry()
@@ -74,87 +69,12 @@ class CertRetrieveOverride(MethodOverride):
@register(override=True, no_fail=True)
class cert_request(CertRetrieveOverride):
- takes_options = CertRetrieveOverride.takes_options + (
- Str(
- 'database?',
- label=_('Path to NSS database'),
- doc=_('Path to NSS database to use for private key'),
- ),
- Str(
- 'private_key?',
- label=_('Path to private key file'),
- doc=_('Path to PEM file containing a private key'),
- ),
- Str(
- 'password_file?',
- label=_(
- 'File containing a password for the private key or database'),
- ),
- Str(
- 'csr_profile_id?',
- label=_('Name of CSR generation profile (if not the same as'
- ' profile_id)'),
- ),
- )
-
def get_args(self):
for arg in super(cert_request, self).get_args():
if arg.name == 'csr':
- arg = arg.clone_retype(arg.name, File, required=False)
+ arg = arg.clone_retype(arg.name, File)
yield arg
- def forward(self, csr=None, **options):
- database = options.pop('database', None)
- private_key = options.pop('private_key', None)
- csr_profile_id = options.pop('csr_profile_id', None)
- password_file = options.pop('password_file', None)
-
- if csr is None:
- # Deferred import, ipaclient.csrgen is expensive to load.
- # see https://pagure.io/freeipa/issue/7484
- from ipaclient import csrgen
-
- if database:
- adaptor = csrgen.NSSAdaptor(database, password_file)
- elif private_key:
- adaptor = csrgen.OpenSSLAdaptor(
- key_filename=private_key, password_filename=password_file)
- else:
- raise errors.InvocationError(
- message=u"One of 'database' or 'private_key' is required")
-
- pubkey_info = adaptor.get_subject_public_key_info()
- pubkey_info_b64 = base64.b64encode(pubkey_info)
-
- # If csr_profile_id is passed, that takes precedence.
- # Otherwise, use profile_id. If neither are passed, the default
- # in cert_get_requestdata will be used.
- profile_id = csr_profile_id
- if profile_id is None:
- profile_id = options.get('profile_id')
-
- response = self.api.Command.cert_get_requestdata(
- profile_id=profile_id,
- principal=options.get('principal'),
- public_key_info=pubkey_info_b64)
-
- req_info_b64 = response['result']['request_info']
- req_info = base64.b64decode(req_info_b64)
-
- csr = adaptor.sign_csr(req_info)
-
- if not csr:
- raise errors.CertificateOperationError(
- error=(_('Generated CSR was empty')))
-
- else:
- if database is not None or private_key is not None:
- raise errors.MutuallyExclusiveError(reason=_(
- "Options 'database' and 'private_key' are not compatible"
- " with 'csr'"))
-
- return super(cert_request, self).forward(csr, **options)
-
@register(override=True, no_fail=True)
class cert_show(CertRetrieveOverride):
diff --git a/ipaclient/setup.py b/ipaclient/setup.py
index ac947e772e014051ff5f231c73651bfa2fe8b061..8faa17dd1850fefd127aff83913e052e8900e5d4 100644
--- a/ipaclient/setup.py
+++ b/ipaclient/setup.py
@@ -42,13 +42,6 @@ if __name__ == '__main__':
"ipaclient.remote_plugins.2_156",
"ipaclient.remote_plugins.2_164",
],
- package_data={
- 'ipaclient': [
- 'csrgen/profiles/*.json',
- 'csrgen/rules/*.json',
- 'csrgen/templates/*.tmpl',
- ],
- },
install_requires=[
"cryptography",
"ipalib",
diff --git a/ipalib/errors.py b/ipalib/errors.py
index 3a40fa28dc4b7748b2c570943f4a27a22c152353..6356d523e8c0ac63e8892292dd9991c9ee8211aa 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1434,34 +1434,6 @@ class HTTPRequestError(RemoteRetrieveError):
format = _('Request failed with status %(status)s: %(reason)s')
-class RedundantMappingRule(SingleMatchExpected):
- """
- **4036** Raised when more than one rule in a CSR generation ruleset matches
- a particular helper.
-
- For example:
-
- >>> raise RedundantMappingRule(ruleset='syntaxSubject', helper='certutil')
- Traceback (most recent call last):
- ...
- RedundantMappingRule: Mapping ruleset "syntaxSubject" has more than one
- rule for the certutil helper.
- """
-
- errno = 4036
- format = _('Mapping ruleset "%(ruleset)s" has more than one rule for the'
- ' %(helper)s helper')
-
-
-class CSRTemplateError(ExecutionError):
- """
- **4037** Raised when evaluation of a CSR generation template fails
- """
-
- errno = 4037
- format = _('%(reason)s')
-
-
class BuiltinError(ExecutionError):
"""
**4100** Base class for builtin execution errors (*4100 - 4199*).
diff --git a/ipatests/setup.py b/ipatests/setup.py
index 68a67da5f9590e068ad0ed3e30116264d70e5bce..2464822960a389a8c489babf7b034461396f55e2 100644
--- a/ipatests/setup.py
+++ b/ipatests/setup.py
@@ -39,7 +39,6 @@ if __name__ == '__main__':
"ipatests.test_cmdline",
"ipatests.test_install",
"ipatests.test_integration",
- "ipatests.test_ipaclient",
"ipatests.test_ipalib",
"ipatests.test_ipaplatform",
"ipatests.test_ipapython",
@@ -53,7 +52,6 @@ if __name__ == '__main__':
package_data={
'ipatests.test_install': ['*.update'],
'ipatests.test_integration': ['scripts/*'],
- 'ipatests.test_ipaclient': ['data/*/*/*'],
'ipatests.test_ipalib': ['data/*'],
'ipatests.test_ipaplatform': ['data/*'],
"ipatests.test_ipaserver": ['data/*'],
diff --git a/ipatests/test_ipaclient/__init__.py b/ipatests/test_ipaclient/__init__.py
deleted file mode 100644
index 0c428910cabe103af3ac9bfe4cdde6678acd1585..0000000000000000000000000000000000000000
--- a/ipatests/test_ipaclient/__init__.py
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
-#
-
-"""
-Sub-package containing unit tests for `ipaclient` package.
-"""
diff --git a/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json b/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json
deleted file mode 100644
index 676f91bef696109976826e6e61be091718172798..0000000000000000000000000000000000000000
--- a/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json
+++ /dev/null
@@ -1,8 +0,0 @@
-[
- {
- "syntax": "basic",
- "data": [
- "options"
- ]
- }
-]
diff --git a/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl b/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
deleted file mode 100644
index 79111ab686b4fe25227796509b3cd3fcb54af728..0000000000000000000000000000000000000000
--- a/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl
+++ /dev/null
@@ -1 +0,0 @@
-{{ options|join(";") }}
--
2.14.4