diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-05-08 02:23:24 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-06-04 08:27:33 +0000 |
commit | 4cf2bfcaa62e9220fdeee952bf719452884507cd (patch) | |
tree | 58f6d508c7078bb7054948cafac11c7da9e26d35 | |
parent | c09bd35e7c081e968d40ecbd52177446f422d532 (diff) | |
download | freeipa-4cf2bfcaa62e9220fdeee952bf719452884507cd.tar.gz freeipa-4cf2bfcaa62e9220fdeee952bf719452884507cd.tar.xz freeipa-4cf2bfcaa62e9220fdeee952bf719452884507cd.zip |
Add profile_id parameter to 'request_certificate'
Add the profile_id parameter to the 'request_certificate' function
and update call sites.
Also remove multiple occurrences of the default profile ID
'caIPAserviceCert'.
Part of: https://fedorahosted.org/freeipa/ticket/57
Reviewed-By: Martin Basti <mbasti@redhat.com>
-rwxr-xr-x | checks/check-ra.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/cert.py | 2 | ||||
-rw-r--r-- | ipapython/dogtag.py | 2 | ||||
-rw-r--r-- | ipaserver/install/certs.py | 2 | ||||
-rw-r--r-- | ipaserver/plugins/dogtag.py | 7 | ||||
-rw-r--r-- | ipaserver/plugins/rabase.py | 3 |
6 files changed, 12 insertions, 6 deletions
diff --git a/checks/check-ra.py b/checks/check-ra.py index a1df50ba4..28929545a 100755 --- a/checks/check-ra.py +++ b/checks/check-ra.py @@ -90,7 +90,7 @@ def assert_equal(trial, reference): api.log.info('******** Testing ra.request_certificate() ********') -request_result = ra.request_certificate(csr) +request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE) if verbose: print "request_result=\n%s" % request_result assert_equal(request_result, {'subject' : subject, diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index 7e2c77622..e4cb6dc0a 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -436,7 +436,7 @@ class cert_request(VirtualCommand): # Request the certificate result = self.Backend.ra.request_certificate( - csr, request_type=request_type) + csr, 'caIPAserviceCert', request_type=request_type) cert = x509.load_certificate(result['certificate']) result['issuer'] = unicode(cert.issuer) result['valid_not_before'] = unicode(cert.valid_not_before_str) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 2b4d23335..53085f776 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -47,6 +47,8 @@ INCLUDED_PROFILES = { (u'caIPAserviceCert', u'Standard profile for network services', True), } +DEFAULT_PROFILE = u'caIPAserviceCert' + class Dogtag10Constants(object): DOGTAG_VERSION = 10 UNSECURE_PORT = 8080 diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index bc7dccf80..564332e6f 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -386,7 +386,7 @@ class CertDB(object): # We just want the CSR bits, make sure there is nothing else csr = pkcs10.strip_header(csr) - params = {'profileId': 'caIPAserviceCert', + params = {'profileId': dogtag.DEFAULT_PROFILE, 'cert_request_type': 'pkcs10', 'requestor_name': 'IPA Installer', 'cert_request': csr, diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 880b319d6..e6668bb43 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1284,6 +1284,8 @@ class ra(rabase.rabase): """ Request Authority backend plugin. """ + DEFAULT_PROFILE = dogtag.DEFAULT_PROFILE + def __init__(self): if api.env.in_tree: self.sec_dir = api.env.dot_ipa + os.sep + 'alias' @@ -1541,9 +1543,10 @@ class ra(rabase.rabase): return cmd_result - def request_certificate(self, csr, request_type='pkcs10'): + def request_certificate(self, csr, profile_id, request_type='pkcs10'): """ :param csr: The certificate signing request. + :param profile_id: The profile to use for the request. :param request_type: The request type (defaults to ``'pkcs10'``). Submit certificate signing request. @@ -1575,7 +1578,7 @@ class ra(rabase.rabase): http_status, http_reason_phrase, http_headers, http_body = \ self._sslget('/ca/eeca/ca/profileSubmitSSLClient', self.env.ca_ee_port, - profileId='caIPAserviceCert', + profileId=profile_id, cert_request_type=request_type, cert_request=csr, xml='true') diff --git a/ipaserver/plugins/rabase.py b/ipaserver/plugins/rabase.py index e14969970..cf4426235 100644 --- a/ipaserver/plugins/rabase.py +++ b/ipaserver/plugins/rabase.py @@ -67,11 +67,12 @@ class rabase(Backend): """ raise errors.NotImplementedError(name='%s.get_certificate' % self.name) - def request_certificate(self, csr, request_type='pkcs10'): + def request_certificate(self, csr, profile_id, request_type='pkcs10'): """ Submit certificate signing request. :param csr: The certificate signing request. + :param profile_id: Profile to use for this request. :param request_type: The request type (defaults to ``'pkcs10'``). """ raise errors.NotImplementedError(name='%s.request_certificate' % self.name) |