diff options
author | Ben Lipton <blipton@redhat.com> | 2017-02-08 20:56:37 -0500 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-28 09:02:49 +0000 |
commit | ada91c20588046bb147fc701718d3da4d2c080ca (patch) | |
tree | 784918f31817c6bfea59230f1c106a05f7b9c733 /ipaclient/plugins/cert.py | |
parent | 4350dcdea22fd2284836315d0ae7d38733a7620e (diff) | |
download | freeipa-ada91c20588046bb147fc701718d3da4d2c080ca.tar.gz freeipa-ada91c20588046bb147fc701718d3da4d2c080ca.tar.xz freeipa-ada91c20588046bb147fc701718d3da4d2c080ca.zip |
csrgen: Support encrypted private keys
https://fedorahosted.org/freeipa/ticket/4899
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaclient/plugins/cert.py')
-rw-r--r-- | ipaclient/plugins/cert.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipaclient/plugins/cert.py b/ipaclient/plugins/cert.py index 16244e121..348529ca0 100644 --- a/ipaclient/plugins/cert.py +++ b/ipaclient/plugins/cert.py @@ -52,6 +52,11 @@ class cert_request(MethodOverride): doc=_('Path to PEM file containing a private key'), ), Str( + 'password_file?', + label=_( + 'File containing a password for the private key or database'), + ), + Str( 'csr_profile_id?', label=_('Name of CSR generation profile (if not the same as' ' profile_id)'), @@ -68,14 +73,19 @@ class cert_request(MethodOverride): database = options.pop('database', None) private_key = options.pop('private_key', None) csr_profile_id = options.pop('csr_profile_id', None) + password_file = options.pop('password_file', None) if csr is None: if database: helper = u'certutil' helper_args = ['-d', database] + if password_file: + helper_args += ['-f', password_file] elif private_key: helper = u'openssl' helper_args = [private_key] + if password_file: + helper_args += ['-passin', 'file:%s' % password_file] else: raise errors.InvocationError( message=u"One of 'database' or 'private_key' is required") |