Lightweight CAs: REST cert request param to specify authority

Add the optional "ca" query parameter for REST cert request submission. Also update the ca-cert-request-submit CLI command with an option to provide an AuthorityID. Part of: https://fedorahosted.org/pki/ticket/1213
author: Fraser Tweedale <ftweedal@redhat.com> 2015-09-01 09:57:42 -0400
committer: Fraser Tweedale <ftweedal@redhat.com> 2015-09-26 14:11:51 +1000
commit: 058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0 (patch)
tree: 18109e536cf188bf387f8f97af7c98bd39168c33 /base/java-tools/src/com/netscape/cmstools
parent: 5cdad30b99d8c115f6b50c63bb2ecceefdd33937 (diff)
download: pki-058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0.tar.gz
pki-058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0.tar.xz
pki-058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0.zip
2 files changed, 44 insertions, 2 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java
index 608490bb7..961115968 100644
--- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java
@@ -2,18 +2,22 @@ package com.netscape.cmstools.cert;
 
 import java.io.File;
 import java.io.FileNotFoundException;
+import java.io.IOException;
 import java.util.Arrays;
 import java.util.Scanner;
 
 import javax.xml.bind.JAXBException;
 
 import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.Option;
 import org.apache.commons.cli.ParseException;
 
+import com.netscape.certsrv.ca.AuthorityID;
 import com.netscape.certsrv.cert.CertEnrollmentRequest;
 import com.netscape.certsrv.cert.CertRequestInfos;
 import com.netscape.cmstools.cli.CLI;
 import com.netscape.cmstools.cli.MainCLI;
+import netscape.security.x509.X500Name;
 
 public class CertRequestSubmitCLI extends CLI {
 
@@ -22,6 +26,14 @@ public class CertRequestSubmitCLI extends CLI {
     public CertRequestSubmitCLI(CertCLI certCLI) {
         super("request-submit", "Submit certificate request", certCLI);
         this.certCLI = certCLI;
+
+        Option optAID = new Option(null, "issuer-id", true, "Authority ID (host authority if omitted)");
+        optAID.setArgName("id");
+        options.addOption(optAID);
+
+        Option optADN = new Option(null, "issuer-dn", true, "Authority DN (host authority if omitted)");
+        optADN.setArgName("dn");
+        options.addOption(optADN);
     }
 
     public void printHelp() {
@@ -55,9 +67,39 @@ public class CertRequestSubmitCLI extends CLI {
             System.exit(-1);
         }
 
+        AuthorityID aid = null;
+        if (cmd.hasOption("issuer-id")) {
+            String aidString = cmd.getOptionValue("issuer-id");
+            try {
+                aid = new AuthorityID(aidString);
+            } catch (IllegalArgumentException e) {
+                System.err.println("Bad AuthorityID: " + aidString);
+                printHelp();
+                System.exit(-1);
+            }
+        }
+
+        X500Name adn = null;
+        if (cmd.hasOption("issuer-dn")) {
+            String adnString = cmd.getOptionValue("issuer-dn");
+            try {
+                adn = new X500Name(adnString);
+            } catch (IOException e) {
+                System.err.println("Bad DN: " + adnString);
+                printHelp();
+                System.exit(-1);
+            }
+        }
+
+        if (aid != null && adn != null) {
+            System.err.println("--issuer-id and --issuer-dn options are mutually exclusive");
+            printHelp();
+            System.exit(-1);
+        }
+
         try {
             CertEnrollmentRequest erd = getEnrollmentRequest(cmdArgs[0]);
-            CertRequestInfos cri = certCLI.certClient.enrollRequest(erd);
+            CertRequestInfos cri = certCLI.certClient.enrollRequest(erd, aid, adn);
             MainCLI.printMessage("Submitted certificate request");
             CertCLI.printCertRequestInfos(cri);
 
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
index e6bd0d981..db71c8a0f 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -283,7 +283,7 @@ public class ClientCertRequestCLI extends CLI {
             System.out.println("Sending certificate request.");
         }
 
-        CertRequestInfos infos = certClient.enrollRequest(request);
+        CertRequestInfos infos = certClient.enrollRequest(request, null, null);
 
         MainCLI.printMessage("Submitted certificate request");
         CertCLI.printCertRequestInfos(infos);
author	Fraser Tweedale <ftweedal@redhat.com>	2015-09-01 09:57:42 -0400
committer	Fraser Tweedale <ftweedal@redhat.com>	2015-09-26 14:11:51 +1000
commit	058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0 (patch)
tree	18109e536cf188bf387f8f97af7c98bd39168c33 /base/java-tools/src/com/netscape/cmstools
parent	5cdad30b99d8c115f6b50c63bb2ecceefdd33937 (diff)
download	pki-058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0.tar.gz pki-058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0.tar.xz pki-058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0.zip