diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-05-06 13:43:41 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-15 07:13:38 +0200 |
commit | ae6d5b79fbce83e5ded8d8d46108b193c164ac14 (patch) | |
tree | 7159527bc7b09973b3af7b77597067a33a27fbeb | |
parent | 0b0c07858a11d0d5db859b321ba948ea6d0dfd65 (diff) | |
download | freeipa-ae6d5b79fbce83e5ded8d8d46108b193c164ac14.tar.gz freeipa-ae6d5b79fbce83e5ded8d8d46108b193c164ac14.tar.xz freeipa-ae6d5b79fbce83e5ded8d8d46108b193c164ac14.zip |
Update cert-request to allow specifying CA
Add the '--ca' option to the 'ipa cert-request' command, for
specifying the CA to which to direct the request.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
-rw-r--r-- | API.txt | 3 | ||||
-rw-r--r-- | VERSION | 4 | ||||
-rw-r--r-- | ipaserver/plugins/cert.py | 18 |
3 files changed, 19 insertions, 6 deletions
@@ -758,9 +758,10 @@ arg: Str('serial_number') option: Str('version?') output: Output('result') command: cert_request -args: 1,5,1 +args: 1,6,1 arg: File('csr', cli_name='csr_file') option: Flag('add', autofill=True, default=False) +option: Str('cacn?', cli_name='ca') option: Str('principal') option: Str('profile_id?') option: Str('request_type', autofill=True, default=u'pkcs10') @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=182 -# Last change: ftweedal - update caacl plugin for lightweight CAs +IPA_API_VERSION_MINOR=183 +# Last change: ftweedal - add --ca option to cert-request diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 8fccb7629..63a051fab 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -274,7 +274,13 @@ class cert_request(VirtualCommand): Str('profile_id?', validate_profile_id, label=_("Profile ID"), doc=_("Certificate Profile to use"), - ) + ), + Str('cacn?', + cli_name='ca', + query=True, + label=_("CA"), + doc=_("CA to use"), + ), ) has_output_params = ( @@ -321,7 +327,13 @@ class cert_request(VirtualCommand): add = kw.get('add') request_type = kw.get('request_type') profile_id = kw.get('profile_id', self.Backend.ra.DEFAULT_PROFILE) - ca = IPA_CA_CN # hardcoded until --ca option implemented + + # Check that requested authority exists (done before CA ACL + # enforcement so that user gets better error message if + # referencing nonexistant CA) and look up authority ID. + # + ca = kw.get('cacn', IPA_CA_CN) + ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0] """ Access control is partially handled by the ACI titled @@ -499,7 +511,7 @@ class cert_request(VirtualCommand): # Request the certificate result = self.Backend.ra.request_certificate( - csr, profile_id, None, request_type=request_type) + csr, profile_id, ca_id, request_type=request_type) cert = x509.load_certificate(result['certificate']) result['issuer'] = unicode(cert.issuer) result['valid_not_before'] = unicode(cert.valid_not_before_str) |