diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-10-16 17:37:10 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:56 +0100 |
commit | cf6edf4a92f030aea84187fbf3c1e2407a42b159 (patch) | |
tree | 2bf83f9a26a96f60f5d8809a57d4fe72f71b4231 /install | |
parent | 5bf373b59454340130446a64b862caa368459bbb (diff) | |
download | freeipa-cf6edf4a92f030aea84187fbf3c1e2407a42b159.tar.gz freeipa-cf6edf4a92f030aea84187fbf3c1e2407a42b159.tar.xz freeipa-cf6edf4a92f030aea84187fbf3c1e2407a42b159.zip |
Support exporting CSRs in dogtag-ipa-ca-renew-agent.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install')
-rwxr-xr-x | install/certmonger/dogtag-ipa-ca-renew-agent-submit | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index e39da4a21..57eb4e584 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -244,10 +244,37 @@ def retrieve_cert(): return (ISSUED, cert) +def export_csr(): + """ + This does not actually renew the cert, it just writes the CSR provided + by certmonger to /var/lib/ipa/ca.csr and returns the existing cert. + """ + operation = os.environ.get('CERTMONGER_OPERATION') + if operation != 'SUBMIT': + return (OPERATION_NOT_SUPPORTED_BY_HELPER,) + + csr = os.environ.get('CERTMONGER_CSR') + if not csr: + return (UNCONFIGURED, "Certificate request not provided") + + cert = os.environ.get('CERTMONGER_CERTIFICATE') + if not cert: + return (REJECTED, "New certificate requests not supported") + + csr_file = '/var/lib/ipa/ca.csr' + try: + with open(csr_file, 'wb') as f: + f.write(csr) + except Exception, e: + return (UNREACHABLE, "Failed to write %s: %s" % (csr_file, e)) + + return (ISSUED, cert) + def main(): handlers = { 'ipaStorage': store_cert, 'ipaRetrieval': retrieve_cert, + 'ipaCSRExport': export_csr, } api.bootstrap(context='renew') |