PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB`  "^c@sddlZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl m Z ddlmZddlmZddlmZmZmZddlmZddlZddlZddlZddlmZmZddlmZdd l m!Z!ddl"Z"dd l#m$Z$dd l#m%Z%dd l&m'Z'e"j(re)Z*ne'd Z+ej,e-Z.dej/fdYZ0dej1j2fdYZ3de4fdYZ5de5fdYZ6de4fdYZ7de4fdYZ8de4fdYZ9de9fdYZ:de4fdYZ;d e4fd!YZ<d"e4fd#YZ=d$e4fd%YZ>dS(&iN(tdefault_backend(tpadding(thashes(tload_pem_private_keytEncodingt PublicFormat(tload_pem_x509_certificate(tdecodertencoder(tuniv(trfc2314(tapi(terrors(t_s] Routines for constructing certificate signing requests using IPA data and stored templates. tIndexableUndefinedcBseZdZRS(c Cs.tjd|jd|jd|jd|jS(Nthinttobjtnametexc(tjinja2t Undefinedt_undefined_hintt_undefined_objt_undefined_namet_undefined_exception(tselftkey((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyt __getitem__1s (t__name__t __module__R(((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR0st IPAExtensioncBs)eZdZdZdZdZRS(sDJinja2 extension providing useful features for CSR generation rules.cCs9tt|j||jjd|jd|jdS(Ntquotetrequired(tsuperRt__init__tfilterstupdateRR (Rt environment((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR":s  cCs tj|S(N(tpipesR(Rtdata((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRBscCs0|s,tjdtdi|d6n|S(Ntreasons5Required CSR generation rule %(name)s is missing dataR(R tCSRTemplateErrorR (RR'R((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR Es  (RRt__doc__R"RR (((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR7s  t FormattercBs_eZdZd Zd dZdZdZdZdZ dZ dZ dZ RS( s Class for processing a set of CSR generation rules into a template. The template can be rendered with user and database data to produce a config, which specifies how to build a CSR. Subclasses of Formatter should set the value of base_template_name to the filename of a base template with spaces for the processed rules. Additionally, they should override the _get_template_params method to produce the correct output for the base template. c Csg}|dk r:|jtjtjj|dn|jtjtjjtjj d|jtj ddtj j dtj |dtjjtgdtdt|_i|_dS(Nt templatesscsrgen/templatest ipaclienttloadert extensionstkeep_trailing_newlinet undefined(tNonetappendRtFileSystemLoadertostpathtjoinR tenvtconfdirt PackageLoadertsandboxtSandboxedEnvironmentt ChoiceLoadertexttExprStmtExtensionRtTrueRtpassthrough_globals(Rt csr_data_dirtloaders((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR"\s    csqfd}jd}|j}x5|d D])}||krQi||No CSR generation rules are defined for profile %(profile_id)sRtsyntaxR'( RRRRR RR RR3RR( RRRtprofiletfield_mappingstfieldRTRRO((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRas    & N(RRR2R"RRR(((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR,s  t CSRGeneratorcBseZedZdZRS(cCs||_||_dS(N(t rule_providert formatter(RRtformatter_class((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR"ts cCsi|d6|d6}|jj|}|jj|}y|j|}Wn?tjk rtjt j t j dt dnX|S(NtsubjecttconfigR(s/Template error when formatting certificate data(RRRRkRYRRZR[R\R]R^R R)R (Rt principalRRt render_dataR`Rn((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyt csr_configxs (RRRyR"R(((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRss tCSRLibraryAdaptorcBseZdZdZRS(cCstddS(Ns#Use a subclass of CSRLibraryAdaptor(Rx(R((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pytget_subject_public_key_infoscCstddS(s]Sign a CertificationRequestInfo. :returns: bytes, a DER-encoded signed CSR. s#Use a subclass of CSRLibraryAdaptorN(Rx(Rtcertification_request_info((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pytsign_csrs(RRRR(((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRs tOpenSSLAdaptorcBs5eZddddZdZdZdZRS(cCs|dk rt|d}|j}WdQXd}|dk rot|d}|jj}WdQXnt||t|_n$|dk r||_n tddS(sC Must provide either ``key_filename`` or ``key``. trbNs$Must provide 'key' or 'key_filename'(R2RtreadtstripRRt_keyt ValueError(RRt key_filenametpassword_filenametkey_filet key_bytestpasswordt password_file((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR"s    cCs|jS(N(R(R((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRscCs(|jjjtjtj}|S(N(Rt public_keyt public_bytesRtDERRtSubjectPublicKeyInfo(Rt pubkey_info((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRscCstj|tjd}tj}|jd|tj}|jdtjd|jd||j j |t j t j}tjdjdtj|djd }|jd |tj|S( NitcertificationRequestInfot algorithms1.2.840.113549.1.1.11tsignatureAlgorithms'{sig}'Htsigthextasciit signature(RtdecodeR tCertificationRequestInfotCertificationRequesttsetComponentByNametSignatureAlgorithmIdentifierR tObjectIdentifierRtsignRtPKCS1v15RtSHA256t BitStringRtcodecstencodeR(RRtreqinfotcsrRRtasn1sig((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRs$      N(RRR2R"RRR(((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRs  t NSSAdaptorcBs#eZdZdZdZRS(cCs1||_||_tjtjd|_dS(Ni((tdatabaseRtbase64t b32encodeR5turandomtnickname(RRR((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyR"s  c Cstjtjdjd}g}|jdk rHd|jg}ntjddd|j dd|d d d d |j g |tj dd d|j dd |j g|}t |t }|jjtjtj}|S(Ni(Rs-ftcertutils-Ss-ns-ssCN=%ss-xs-ts,,s-ds-Ls-a(RRR5RRRR2t subprocesst check_callRRt check_outputRRRRRRRR(Rttemp_cnt password_argstcert_pemtcertR((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRs! cCstddS(NsNSS is not yet supported(Rx(RR((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRs(RRR"RR(((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pyRs  (?RRRRtloggingR5tos.pathR&RR]RRtcryptography.hazmat.backendsRt)cryptography.hazmat.primitives.asymmetricRtcryptography.hazmat.primitivesRt,cryptography.hazmat.primitives.serializationRRRtcryptography.x509RRt jinja2.exttjinja2.sandboxtpyasn1.codec.derRRt pyasn1.typeR tpyasn1_modulesR tsixtipalibR R t ipalib.textR tPY3tstrtunicodeR*t getLoggerRR[RRR>t ExtensionRtobjectR+RyRRRRRRRR(((s4/usr/lib/python2.7/site-packages/ipaclient/csrgen.pytsV                     G 9