dogtag.ra

_host_has_service(self, host, service='CA')

source code

Check if a specified host is a master for a specified service.

Parameters:

host - A host which might be a master for a service.
service - The service for which the host might be a master.

Returns:

(true, false)

_select_any_master(self, service='CA')

source code

Select any host which is a master for a specified service.

Parameters:

service - The service for which we're looking for a master.

Returns:

host as str

_request(self, url, port, **kw)

source code

Perform an HTTP request.

Parameters:

url - The URL to post to.
kw - Keyword arguments to encode into POST body.

Returns:

(http_status, http_reason_phrase, http_headers, http_body) as (integer, unicode, dict, str)

_sslget(self, url, port, **kw)

source code

Perform an HTTPS request

Parameters:

url - The URL to post to.
kw - Keyword arguments to encode into POST body.

Returns:

(http_status, http_reason_phrase, http_headers, http_body) as (integer, unicode, dict, str)

get_parse_result_xml(self, xml_text, parse_func)

source code

Utility routine which parses the input text into an XML DOM tree and then invokes the parsing function on the DOM tree in order to get the parsing result as a dict of key/value pairs.

Parameters:

xml_text - The XML text to parse
parse_func - The XML parsing function to apply to the parsed DOM tree.

Returns:

parsed result dict

check_request_status(self, request_id)

source code

Check status of a certificate signing request.

The command returns a dict with these possible key/value pairs. Some key/value pairs may be absent.

result name	result type	comments
serial_number	unicode [1]
request_id	unicode
cert_request_status	unicode [2]

[1]	Passed through XMLRPC as decimal string. Can convert to optimal integer type (int or long) via int(serial_number)

[2]	cert_request_status may be one of: "begin" "pending" "approved" "svc_pending" "canceled" "rejected" "complete"

Parameters:

request_id - request ID

get_certificate(self, serial_number=None)

source code

Retrieve an existing certificate.

The command returns a dict with these possible key/value pairs. Some key/value pairs may be absent.

result name	result type	comments
certificate	unicode [1]
serial_number	unicode [2]
revocation_reason	int [3]

[1]	Base64 encoded

[2]	Passed through XMLRPC as decimal string. Can convert to optimal integer type (int or long) via int(serial_number)

[3]	revocation reason may be one of: 0 = UNSPECIFIED 1 = KEY_COMPROMISE 2 = CA_COMPROMISE 3 = AFFILIATION_CHANGED 4 = SUPERSEDED 5 = CESSATION_OF_OPERATION 6 = CERTIFICATE_HOLD 8 = REMOVE_FROM_CRL 9 = PRIVILEGE_WITHDRAWN 10 = AA_COMPROMISE

Parameters:

serial_number - Certificate serial number. Must be a string value because serial numbers may be of any magnitue and XMLRPC cannot handle integers larger than 64-bit. The string value should be decimal, but may optionally be prefixed with a hex radix prefix if the integal value is represented as hexadecimal. If no radix prefix is supplied the string will be interpreted as decimal.

request_certificate(self, csr, request_type='pkcs10')

source code

Submit certificate signing request.

The command returns a dict with these possible key/value pairs. Some key/value pairs may be absent.

result name	result type	comments
serial_number	unicode [1]
certificate	unicode [2]
request_id	unicode
subject	unicode

[1]	Passed through XMLRPC as decimal string. Can convert to optimal integer type (int or long) via int(serial_number)

[2]	Base64 encoded

Parameters:

csr - The certificate signing request.
request_type - The request type (defaults to 'pkcs10').

revoke_certificate(self, serial_number, revocation_reason=0)

source code

Revoke a certificate.

The command returns a dict with these possible key/value pairs. Some key/value pairs may be absent.

result name	result type	comments
revoked	bool

Parameters:

serial_number - Certificate serial number. Must be a string value because serial numbers may be of any magnitue and XMLRPC cannot handle integers larger than 64-bit. The string value should be decimal, but may optionally be prefixed with a hex radix prefix if the integal value is represented as hexadecimal. If no radix prefix is supplied the string will be interpreted as decimal.
revocation_reason - Integer code of revocation reason.

take_certificate_off_hold(self, serial_number)

source code

Take revoked certificate off hold.

The command returns a dict with these possible key/value pairs. Some key/value pairs may be absent.

result name	result type	comments
unrevoked	bool
error_string	unicode

Parameters:

serial_number - Certificate serial number. Must be a string value because serial numbers may be of any magnitue and XMLRPC cannot handle integers larger than 64-bit. The string value should be decimal, but may optionally be prefixed with a hex radix prefix if the integal value is represented as hexadecimal. If no radix prefix is supplied the string will be interpreted as decimal.

Class ra

_host_has_service(self, host, service='CA')

_select_any_master(self, service='CA')

_select_ca(self)

_request(self, url, port, **kw)

_sslget(self, url, port, **kw)

get_parse_result_xml(self, xml_text, parse_func)

check_request_status(self, request_id)

get_certificate(self, serial_number=None)

request_certificate(self, csr, request_type='pkcs10')

revoke_certificate(self, serial_number, revocation_reason=0)

take_certificate_off_hold(self, serial_number)