Ajout d'objets certifcats comme enfant des objets machine

2014-02-22 23:01:56 +01:00 · 2014-02-22 23:01:56 +01:00 · 44936fde9d
commit 44936fde9d
parent 8eb8aa2ba6
4 changed files with 157 additions and 8 deletions
--- a/attributs.py
+++ b/attributs.py
@ -37,6 +37,7 @@

 import re
 import sys
+import ssl
 import netaddr
 import time
 import base64
@ -252,6 +253,7 @@ class Attr(object):
    #: Le nom de l'attribut dans le schéma LDAP
    ldap_name = None
    python_type = None
+    binary = False

    """La liste des droits qui suffisent à avoir le droit de modifier la valeur"""
    can_modify = [nounou]
@ -389,8 +391,8 @@ class objectClass(Attr):
    def parse_value(self, val):
        if val not in [ 'top', 'organizationalUnit', 'posixAccount', 'shadowAccount',
                        'proprio', 'adherent', 'club', 'machine', 'machineCrans',
-                        'borneWifi', 'machineWifi', 'machineFixe',
-                        'cransAccount', 'service', 'facture', 'freeMid' ]:
+                        'borneWifi', 'machineWifi', 'machineFixe', 'x509Cert', 'TLSACert',
+                        'baseCert', 'cransAccount', 'service', 'facture', 'freeMid' ]:
            raise ValueError("Pourquoi insérer un objectClass=%r ?" % val)
        else:
            self.value = unicode(val)
@ -401,7 +403,7 @@ class intAttr(Attr):
    python_type = int

    def parse_value(self, val):
-        if self.python_type(val) <= 0:
+        if self.python_type(val) < 0:
            raise ValueError("Valeur entière invalide : %r" % val)
        self.value = self.python_type(val)

@ -1434,3 +1436,74 @@ class rewriteMailHeaders(boolAttr):
@crans_attribute
 class machineAlias(boolAttr):
    ldap_name = "machineAlias"
+
+@crans_attribute
+class issuerCN(Attr):
+    ldap_name = "issuerCN"
+
+@crans_attribute
+class serialNumber(Attr):
+    ldap_name = "serialNumber"
+
+@crans_attribute
+class start(intAttr):
+    ldap_name = "start"
+
+@crans_attribute
+class end(intAttr):
+    ldap_name = "end"
+
+@crans_attribute
+class crlUrl(Attr):
+    ldap_name = "crlUrl"
+    optional = True
+
+@crans_attribute
+class revocked(boolAttr):
+    ldap_name = "revocked"
+    singlevalue = True
+    optional = True
+
+@crans_attribute
+class certificat(Attr):
+    ldap_name = "certificat"
+    binary = True
+    python_type = str
+    def __unicode__(self):
+        return unicode(ssl.DER_cert_to_PEM_cert(self.value))
+    def __str__(self):
+        return self.value
+
+@crans_attribute
+class certificatUsage(intAttr):
+    ldap_name = "certificatUsage"
+    singlevalue = True
+
+@crans_attribute
+class selector(intAttr):
+    ldap_name = "selector"
+    singlevalue = True
+
+@crans_attribute
+class matchingType(intAttr):
+    ldap_name = "matchingType"
+    singlevalue = True
+
+@crans_attribute
+class xid(intAttr):
+    ldap_name = "xid"
+    category = 'id'
+    unique = True
+    singlevalue = True
+
+
+@crans_attribute
+class hostCert(dnsAttr):
+    optional = False
+    can_modify = [parent, nounou]
+    ldap_name = "hostCert"
+
+    def parse_value(self, host):
+        if not host in self.parent.machine()['host'] + self.parent.machine()['hostAlias']:
+            raise ValueError("hostCert doit être inclus dans les host et hostAlias de la machine parente : %s" % ', '.join(self.parent.machine()['host'] + self.parent.machine()['hostAlias']))
+        self.value = host