NAME
NCM::Component::FreeIPA::NSS handles the certificates using NSS
.
Public methods
-
new
Returns a NSS object with
nssdb
, accepts the following options- format: dbm or sql
- realm: IPA realm, used for CA nick
- cacrt: IPA CA crt location, default to
/etc/ipa/ca.crt
- csr_bits: key size in bits for a new csr.
- owner, group, mode: owner, group and permissions for nssdb and/or certs
-
log
A logger instance (compatible with
CAF::Object
).
-
setup_nssdb
Setup and initialise nssdb dirrectory
-
setup
Setup temporary workdir with 0700 permissions, and initialise nssdb using
setup_nssdb
method.Return SUCCESS on success, undef otherwise.
-
add_cert_trusted
Add trusted certificate with
nick
from filecrt
. -
add_cert_ca
Add trusted CA certificate (nick and file via
canick
andcacrt
attributes) -
add_cert
Add untrusted certificate to NSSDB with
nick
from filecert
. -
has_cert
Check if certificate for
nick
exists in NSSDB.If an ipa client instance is passed, also check if the certificate is known in FreeIPA.
-
get_cert
Extract the certificate from NSSDB for
nick
to filecert
with owner/group/mode options.. -
make_cert_request
Make a certificate request for
fqdn
and optionaldn
, return filename of the CSR. (Used DN is<CN=<fqdn
,O=<realm>>>). -
ipa_request_cert
Use
NCM::Component::FreeIPA::Client
instanceipa
to make the certificate request usingcsr
file. The certificate is stored incrt
file.(The
ipa
instance should be usable, e.g. the correct kerberos environment is already setup).Return 1 on success, undef otherwise.
-
get_privkey
Retrieve the private key from certificate with nick
nick
and save it in the filekey
with owner/group/mode options. -
get_cert_or_key
Given
type
, retrieve the cert of private key from certificate with nicknick
and save it in the filefn
with owner/group/mode options.