Add certutil options for ECC

- PKI TRAC Ticket #1524 - pkispawn: certutil options incorrect for creating ecc admin certificate
author: Matthew Harmsen <mharmsen@redhat.com> 2015-07-28 19:56:26 -0600
committer: Matthew Harmsen <mharmsen@redhat.com> 2015-07-28 20:43:39 -0600
commit: f9102b8df60d50e00d2a45915d06837510cfd1aa (patch)
tree: ea40ed93fea872c2e32a890b799c28c2c1ab8946 /base/server/python/pki/server/deployment/pkihelper.py
parent: c4c28d6f581ba0fa136afaab5651e976f6f79d2c (diff)
download: pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.tar.gz
pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.tar.xz
pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.zip
1 files changed, 28 insertions, 2 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index b02333d54..93fa38494 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -2539,7 +2539,7 @@ class Certutil:
                 raise
         return
 
-    def generate_certificate_request(self, subject, key_size,
+    def generate_certificate_request(self, subject, key_type, key_size,
                                      password_file, noise_file,
                                      output_file=None, path=None,
                                      ascii_format=None, token=None,
@@ -2562,8 +2562,33 @@ class Certutil:
                     extra=config.PKI_INDENTATION_LEVEL_2)
                 raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT)
 
+            if key_type:
+                if key_type == "ecc":
+                    command.extend(["-k", "ec"])
+                    if not key_size:
+                        # supply a default curve for an 'ecc' key type
+                        command.extend(["-q", "nistp256"])
+                elif key_type == "rsa":
+                    command.extend(["-k", str(key_type)])
+                else:
+                    config.pki_log.error(
+                        log.PKIHELPER_CERTUTIL_INVALID_KEY_TYPE_1,
+                        key_type,
+                        extra=config.PKI_INDENTATION_LEVEL_2)
+                    raise Exception(
+                        log.PKIHELPER_CERTUTIL_INVALID_KEY_TYPE_1 % key_type)
+            else:
+                config.pki_log.error(
+                    log.PKIHELPER_CERTUTIL_MISSING_KEY_TYPE,
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(log.PKIHELPER_CERTUTIL_MISSING_KEY_TYPE)
+
             if key_size:
-                command.extend(["-g", str(key_size)])
+                if key_type == "ecc":
+                    # For ECC, the key_size will actually contain the key curve
+                    command.extend(["-q", str(key_size)])
+                else:
+                    command.extend(["-g", str(key_size)])
 
             if noise_file:
                 command.extend(["-z", noise_file])
@@ -4369,6 +4394,7 @@ class ConfigClient:
 
                 self.deployer.certutil.generate_certificate_request(
                     self.mdict['pki_admin_subject_dn'],
+                    self.mdict['pki_admin_key_type'],
                     self.mdict['pki_admin_keysize'],
                     self.mdict['pki_client_password_conf'],
                     noise_file,
author	Matthew Harmsen <mharmsen@redhat.com>	2015-07-28 19:56:26 -0600
committer	Matthew Harmsen <mharmsen@redhat.com>	2015-07-28 20:43:39 -0600
commit	f9102b8df60d50e00d2a45915d06837510cfd1aa (patch)
tree	ea40ed93fea872c2e32a890b799c28c2c1ab8946 /base/server/python/pki/server/deployment/pkihelper.py
parent	c4c28d6f581ba0fa136afaab5651e976f6f79d2c (diff)
download	pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.tar.gz pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.tar.xz pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.zip