Add SHA256 fingerprints

[tkrizek]

As discussed on the devel list, adding SHA256 fingerprints for certs and keeping SHA1 as well.

[stlaz]

As discussed about hundred times before, do not touch install/share/copy-schema-to-ca.py.

[MartinBasti]

Do not touch install/share/copy-schema-to-ca.py ever (this will be removed soon from master, just waiting for ACKs)

[tkrizek]

I've dropped the commit that modified the deprecated file.

[stlaz]

I wanted to test this but nothing is currently shown for either SHA-1 or SHA256 fingerprints in the WebUI so you can either fix it or we'll wait till @pvomacka has that done.

[pvomacka]

@stlaz , @tomaskrizek I will fix that today.

[pvomacka]

@tomaskrizek actually you did almost all necessary steps. Just please check inline comments where is described one another change. And in general you do not have to add anything into json files as they are present just because of historical reasons and will be removed soon.

[pvomacka]

@tomaskrizek so, inline comment is not possible to the line where file was not changed. So, please remove line 1979: delete command.options.all; . That should be enough to display fingerprints correctly. Thank you

[tkrizek]

@pvomacka Thanks! Should be fixed now.

[stlaz]

Please transform sha256_fingerprint: into Fingerprint (SHA-256):

$ ipa cert-show --all
Serial number: 1
  Issuing CA: ipa
  Certificate: <snip />
  Subject: CN=Certificate Authority,O=DOM-245.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
  Issuer: CN=Certificate Authority,O=DOM-245.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
  Not Before: Mon Mar 06 08:57:45 2017 UTC
  Not After: Fri Mar 06 08:57:45 2037 UTC
  Fingerprint (SHA1): 25:ea:cb:01:48:68:9e:8d:1c:25:ac:2c:92:d9:75:3f:0a:45:97:2d
  Serial number: 1
  Serial number (hex): 0x1
  Revoked: False
  sha256_fingerprint: af:09:dd:ae:66:74:cf:af:e2:4f:25:4d:2f:73:4e:a6:f4:d6:f8:32:c4:48:8e:e7:d9:fa:c6:1f:42:f3:09:c4

[tkrizek]

I think this is a translation issue that will resolve itself once we generate new translation files. Is that correct, @MartinBasti ?

When using make install that regenerates *.po, I get this output:

Serial number: 1
  Issuing CA: ipa
  Certificate: <snip />
  Subject: CN=Certificate Authority,O=DOM-058-176.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
  Issuer: CN=Certificate Authority,O=DOM-058-176.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
  Not Before: Mon Mar 06 17:05:49 2017 UTC
  Not After: Fri Mar 06 17:05:49 2037 UTC
  Fingerprint (SHA1): 4c:49:28:74:82:94:30:1c:0e:f6:b2:30:2b:91:90:6c:73:bb:c1:d8
  Fingerprint (SHA256): 52:d3:3b:5e:70:63:d0:6c:6f:4d:90:a4:bf:50:18:0b:7a:0c:ab:11:45:cf:05:7d:98:d6:e8:b1:bc:e0:9e:a9
  Serial number: 1
  Serial number (hex): 0x1
  Revoked: False

[stlaz]

Hm, apparently I had old po/, never mind, then.

[tkrizek]

master:

• a06c71b Add SHA256 fingerprints for certs