diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-05-06 13:26:17 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-15 07:13:38 +0200 |
commit | 0b0c07858a11d0d5db859b321ba948ea6d0dfd65 (patch) | |
tree | 51e3fa4fd38e2d44dca9fbd5475add92119d534a /ipaserver/plugins | |
parent | 9c93015e7877c27a573a5090f7c1c36130bb017b (diff) | |
download | freeipa-0b0c07858a11d0d5db859b321ba948ea6d0dfd65.tar.gz freeipa-0b0c07858a11d0d5db859b321ba948ea6d0dfd65.tar.xz freeipa-0b0c07858a11d0d5db859b321ba948ea6d0dfd65.zip |
Add CA argument to ra.request_certificate
Add the optional 'ca_id' argument to ra.request_certificate(), for
passing an Authority ID to Dogtag.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/cert.py | 2 | ||||
-rw-r--r-- | ipaserver/plugins/dogtag.py | 21 | ||||
-rw-r--r-- | ipaserver/plugins/rabase.py | 4 |
3 files changed, 17 insertions, 10 deletions
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index ef53608ec..8fccb7629 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -499,7 +499,7 @@ class cert_request(VirtualCommand): # Request the certificate result = self.Backend.ra.request_certificate( - csr, profile_id, request_type=request_type) + csr, profile_id, None, request_type=request_type) cert = x509.load_certificate(result['certificate']) result['issuer'] = unicode(cert.issuer) result['valid_not_before'] = unicode(cert.valid_not_before_str) diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 20349b05f..43aab92ff 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1554,10 +1554,12 @@ class ra(rabase.rabase): return cmd_result - def request_certificate(self, csr, profile_id, request_type='pkcs10'): + def request_certificate( + self, csr, profile_id, ca_id, request_type='pkcs10'): """ :param csr: The certificate signing request. :param profile_id: The profile to use for the request. + :param ca_id: The Authority ID to send request to. ``None`` is allowed. :param request_type: The request type (defaults to ``'pkcs10'``). Submit certificate signing request. @@ -1586,13 +1588,16 @@ class ra(rabase.rabase): self.debug('%s.request_certificate()', type(self).__name__) # Call CMS - http_status, http_headers, http_body = \ - self._sslget('/ca/eeca/ca/profileSubmitSSLClient', - self.env.ca_ee_port, - profileId=profile_id, - cert_request_type=request_type, - cert_request=csr, - xml='true') + kw = dict( + profileId=profile_id, + cert_request_type=request_type, + cert_request=csr, + xml='true') + if ca_id: + kw['authorityId'] = ca_id + + http_status, http_headers, http_body = self._sslget( + '/ca/eeca/ca/profileSubmitSSLClient', self.env.ca_ee_port, **kw) # Parse and handle errors if http_status != 200: self.raise_certificate_operation_error('request_certificate', diff --git a/ipaserver/plugins/rabase.py b/ipaserver/plugins/rabase.py index 949f3c37e..736c16698 100644 --- a/ipaserver/plugins/rabase.py +++ b/ipaserver/plugins/rabase.py @@ -65,12 +65,14 @@ class rabase(Backend): """ raise errors.NotImplementedError(name='%s.get_certificate' % self.name) - def request_certificate(self, csr, profile_id, request_type='pkcs10'): + def request_certificate( + self, csr, profile_id, ca_id, request_type='pkcs10'): """ Submit certificate signing request. :param csr: The certificate signing request. :param profile_id: Profile to use for this request. + :param ca_id: The Authority ID to send request to. ``None`` is allowed. :param request_type: The request type (defaults to ``'pkcs10'``). """ raise errors.NotImplementedError(name='%s.request_certificate' % self.name) |