[Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries
Martin Babinsky
mbabinsk at redhat.com
Mon Jun 29 08:36:50 UTC 2015
On 06/23/2015 01:49 PM, Martin Babinsky wrote:
> This patchset implements new API commands for manipulating
> user/host/service userCertificate attribute alongside some underlying
> plumbing.
>
> PATCH 0045 is a small test suite that I slapped together since manual
> testing of this stuff is very cumbersome. It requires my PATCH 0040 to
> apply and work which was pushed to master recently
> (commit 74883bbc959058c8bfafd9f63e8fad0e3792ac28).
>
> The work is related to http://www.freeipa.org/page/V4/User_Certificates
> and https://fedorahosted.org/freeipa/ticket/4238
>
>
>
Attaching updated patches.
Here are some notes for Jan because I did some things differently than
we agreed on during review:
1.) I chose not to rename 'usercertificate' to 'usercertificate;binary'
and back in pre/post callbacks. Despite the fact that the correct way to
name the certificate attribute is 'usercertificate;binary', I feel that
suddenly renaming it in the new code is asking for trouble.
I'm all for changing the mapping between CLI options and actual
attribute names but it should be done in a systematic fashion.
2.) I have kept the `normalize_certs` function. It has the potential to
catch incorrectly formatted/encoded certificates and in a way
circumvents the slightly demented way the framework deals with
supposedly binary data.
I have also added two negative test cases which deal with incorrectly
encoded and formatted certificates.
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0045.1-test-suite-for-user-host-service-certificate-managem.patch
Type: text/x-patch
Size: 12207 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150629/f5db09a0/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0044.1-new-commands-to-manage-user-host-service-certificate.patch
Type: text/x-patch
Size: 14815 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150629/f5db09a0/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0043.1-service-plugin-separate-functions-for-certificate-no.patch
Type: text/x-patch
Size: 2302 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150629/f5db09a0/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0042.1-baseldap-add-support-for-API-commands-managing-only-.patch
Type: text/x-patch
Size: 4749 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150629/f5db09a0/attachment-0003.bin>
More information about the Freeipa-devel
mailing list