Improve representation of trusted CA in Global settings

Change-Id: Ie683f80c2983b9dcb90821acd11493a8bad86518
Checkmk · Sep 19, 2024 · 170b951 · 170b951
1 parent 6e87242
commit 170b951
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 59 deletions.
diff --git a/cmk/gui/valuespec/definitions.py b/cmk/gui/valuespec/definitions.py
@@ -116,6 +116,7 @@
 from cmk.gui.view_utils import render_labels
 
 from cmk.crypto import certificate, keys
+from cmk.crypto.hash import HashAlgorithm
 
 seconds_per_day = 86400
 
@@ -8338,41 +8339,17 @@ def __init__(  # pylint: disable=redefined-builtin
         )
 
     @staticmethod
-    def _analyse_cert(cert: certificate.Certificate) -> dict[str, dict[str, str]]:
+    def _analyse_cert(cert: certificate.Certificate) -> dict[str, str]:
         """
         Inspect the certificate and place selected info in a dict.
-
-        Depending on which info is specified in the certificate, the resulting dict may contain
-        - common name; organization name; locality name; state or province name; country name
-        and will look something like this:
-        {
-            "issuer": {
-                "Common Name": ...,
-                "Organization Name": ...,
-                ...
-            },
-            "subject": {
-                "Common Name": ...,
-                "Organization Name": ...,
-                ...
-            },
-        }
         """
-        attributes = {
-            certificate.X509NameOid.COUNTRY_NAME: _("Country"),
-            certificate.X509NameOid.STATE_OR_PROVINCE_NAME: _("State or Province Name"),
-            certificate.X509NameOid.LOCALITY_NAME: _("Locality Name"),
-            certificate.X509NameOid.ORGANIZATION_NAME: _("Organization Name"),
-            certificate.X509NameOid.COMMON_NAME: _("Common Name"),
-        }
 
         return {
-            entity: {
-                attributes[attr_name]: attr_value
-                for attr_name in attributes
-                if (attr_value := info.get_single_name_attribute(attr_name)) is not None
-            }
-            for (entity, info) in [("issuer", cert.issuer), ("subject", cert.subject)]
+            "issuer": cert.issuer.rfc4514_string(),
+            "subject": cert.subject.rfc4514_string(),
+            "creation": cert.not_valid_before.date().isoformat(),
+            "expiration": cert.not_valid_after.date().isoformat(),
+            "fingerprint": cert.fingerprint(HashAlgorithm.Sha256).hex(sep=":").upper(),
         }
 
     def _validate_value(self, value: Any, varprefix: str) -> None:
@@ -8388,20 +8365,27 @@ def value_to_html(self, value: Any) -> ValueSpecText:
         cert_info = self._analyse_cert(
             certificate.Certificate.load_pem(certificate.CertificatePEM(value))
         )
-
+        show_info = {k: HTML.with_escaping(cert_info[k]) for k in ("issuer", "subject")}
+        show_info["fingerprint"] = HTMLWriter.render_span(
+            cert_info["fingerprint"][:41], title=cert_info["fingerprint"]
+        )
+        show_info["validity"] = HTML.without_escaping(
+            _("Not Before: %s - Not After: %s")
+            % (
+                cert_info["creation"],
+                cert_info["expiration"],
+            )
+        )
         rows = []
         for what, title in [
             ("issuer", _("Issuer")),
             ("subject", _("Subject")),
+            ("validity", _("Validity")),
+            ("fingerprint", _("Fingerprint")),
         ]:
             rows.append(
                 HTMLWriter.render_tr(
-                    HTMLWriter.render_td("%s:" % title)
-                    + HTMLWriter.render_td(
-                        HTML.empty().join(
-                            f"{title1}: {val}" for title1, val in sorted(cert_info[what].items())
-                        )
-                    )
+                    HTMLWriter.render_td("%s:" % title) + HTMLWriter.render_td(show_info[what])
                 )
             )
         return HTMLWriter.render_table(HTML.empty().join(rows))

diff --git a/packages/cmk-crypto/cmk/crypto/certificate.py b/packages/cmk-crypto/cmk/crypto/certificate.py
@@ -696,6 +696,10 @@ def organizational_unit(self) -> str | None:
         """
         return self.get_single_name_attribute(X509NameOid.ORGANIZATIONAL_UNIT_NAME)
 
+    def rfc4514_string(self) -> str:
+        """Return the name in RFC4514 format like "CN=John Doe,O=Example Corp,OU=Unit"."""
+        return self.name.rfc4514_string()
+
 
 @dataclass
 class CertificateSigningRequest:

diff --git a/tests/unit/cmk/gui/valuespecs/test_vs_listofcas.py b/tests/unit/cmk/gui/valuespecs/test_vs_listofcas.py
@@ -102,33 +102,21 @@ def _etugra_cert() -> str:
         (
             _swiss_sign_cert,
             {
-                "issuer": {
-                    "Country": "CH",
-                    "Organization Name": "SwissSign AG",
-                    "Common Name": "SwissSign Gold CA - G2",
-                },
-                "subject": {
-                    "Country": "CH",
-                    "Organization Name": "SwissSign AG",
-                    "Common Name": "SwissSign Gold CA - G2",
-                },
+                "issuer": "CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH",
+                "subject": "CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH",
+                "creation": "2006-10-25",
+                "expiration": "2036-10-25",
+                "fingerprint": "62:DD:0B:E9:B9:F5:0A:16:3E:A0:F8:E7:5C:05:3B:1E:CA:57:EA:55:C8:68:8F:64:7C:68:81:F2:C8:35:7B:95",
             },
         ),
         (
             _etugra_cert,  # ECC certificate
             {
-                "issuer": {
-                    "Country": "TR",
-                    "Locality Name": "Ankara",
-                    "Organization Name": "E-Tugra EBG A.S.",
-                    "Common Name": "E-Tugra Global Root CA ECC v3",
-                },
-                "subject": {
-                    "Country": "TR",
-                    "Locality Name": "Ankara",
-                    "Organization Name": "E-Tugra EBG A.S.",
-                    "Common Name": "E-Tugra Global Root CA ECC v3",
-                },
+                "issuer": "CN=E-Tugra Global Root CA ECC v3,OU=E-Tugra Trust Center,O=E-Tugra EBG A.S.,L=Ankara,C=TR",
+                "subject": "CN=E-Tugra Global Root CA ECC v3,OU=E-Tugra Trust Center,O=E-Tugra EBG A.S.,L=Ankara,C=TR",
+                "expiration": "2045-03-12",
+                "creation": "2020-03-18",
+                "fingerprint": "87:3F:46:85:FA:7F:56:36:25:25:2E:6D:36:BC:D7:F1:6F:C2:49:51:F2:64:E4:7E:1B:95:4F:49:08:CD:CA:13",
             },
         ),
     ],