From dab452442d1425332369d00d95be4cd1b460407f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 11 Feb 2011 18:12:02 -0500
Subject: The --out option wasn't working at all with cert-show.

Also fix some related problems in write_certificate(), handle
either a DER or base64-formatted incoming certificate and don't
explode if the filename is None.

ticket 954
---
 API.txt                   | 2 +-
 ipalib/plugins/cert.py    | 9 +++++----
 ipalib/plugins/service.py | 8 ++++++++
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/API.txt b/API.txt
index 86f4d133d..fab224134 100644
--- a/API.txt
+++ b/API.txt
@@ -320,7 +320,7 @@ output: Output('result', None, None)
 command: cert_show
 args: 1,1,1
 arg: Str('serial_number', label=Gettext('Serial number', domain='ipa', localedir=None))
-option: Str('out?',tr('out?', doc=Gettext('file to store certificate in', domain='ipa', localedir=None))
+option: Str('out?', exclude='webui', label=Gettext('Output filename', domain='ipa', localedir=None))
 output: Output('result', None, None)
 command: cert_status
 args: 1,0,1
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index ec77fea66..f5ffd158d 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -418,13 +418,15 @@ class cert_show(VirtualCommand):
 
     takes_options = (
         Str('out?',
+            label=_('Output filename'),
             doc=_('file to store certificate in'),
+            exclude='webui',
         ),
     )
 
     operation="retrieve certificate"
 
-    def execute(self, serial_number):
+    def execute(self, serial_number, **options):
         hostname = None
         try:
             self.check_access()
@@ -455,9 +457,8 @@ class cert_show(VirtualCommand):
         if 'out' in options:
             check_writable_file(options['out'])
             result = super(cert_show, self).forward(*keys, **options)
-            if 'usercertificate' in result['result']:
-                write_certificate(result['result']['usercertificate'][0], options['out'])
-                result['summary'] = _('Certificate stored in file \'%(file)s\'') % dict(file=options['out'])
+            if 'certificate' in result['result']:
+                write_certificate(result['result']['certificate'], options['out'])
                 return result
             else:
                 raise errors.NoCertificateError(entry=keys[-1])
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index cab1f7b27..970ed0437 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -231,6 +231,8 @@ def check_writable_file(filename):
     Determine if the file is writable. If the file doesn't exist then
     open the file to test writability.
     """
+    if filename is None:
+        raise errors.FileError(reason='Filename is empty')
     try:
         if file_exists(filename):
             if not os.access(filename, os.W_OK):
@@ -255,6 +257,12 @@ def write_certificate(cert, filename):
     """
     Check to see if the certificate should be written to a file and do so.
     """
+    if cert and util.isvalid_base64(cert):
+        try:
+            cert = base64.b64decode(cert)
+        except Exception, e:
+            raise errors.Base64DecodeError(reason=str(e))
+
     try:
         fp = open(filename, 'w')
         fp.write(make_pem(base64.b64encode(cert)))
-- 
cgit