NCM::Component::FreeIPA::NSS¶
NAME¶
NCM::Component::FreeIPA::NSS handles the certificates using NSS
.
Public methods¶
- new
Returns a NSS object with
nssdb
, accepts the following options
- format: dbm or sql
- realm: IPA realm, used for CA nick
- cacrt: IPA CA crt location, default to
/etc/ipa/ca.crt
- csr_bits: key size in bits for a new csr.
- owner, group, mode: owner, group and permissions for nssdb and/or certs
- log
A logger instance (compatible withCAF::Object
).
- setup_nssdb
Setup and initialise nssdb dirrectory
- setup
Setup temporary workdir with 0700 permissions, and initialise nssdb using
setup_nssdb
method.Return SUCCESS on success, undef otherwise.
- add_cert_trusted
Add trusted certificate withnick
from filecrt
.
- add_cert_ca
Add trusted CA certificate (nick and file viacanick
andcacrt
attributes)
- add_cert
Add untrusted certificate to NSSDB withnick
from filecert
.
- has_cert
Check if certificate for
nick
exists in NSSDB.If an ipa client instance is passed, also check if the certificate is known in FreeIPA.
- get_cert
Extract the certificate from NSSDB fornick
to filecert
with owner/group/mode options..
- make_cert_request
Make a certificate request forfqdn
and optionaldn
, return filename of the CSR. (Used DN is<CN=<fqdn
,O=<realm>>>).
- ipa_request_cert
Use
NCM::Component::FreeIPA::Client
instanceipa
to make the certificate request usingcsr
file. The certificate is stored incrt
file.(The
ipa
instance should be usable, e.g. the correct kerberos environment is already setup).Return 1 on success, undef otherwise.
- get_privkey
Retrieve the private key from certificate with nicknick
and save it in the filekey
with owner/group/mode options.
- get_cert_or_key
Giventype
, retrieve the cert of private key from certificate with nicknick
and save it in the filefn
with owner/group/mode options.