diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-05-06 13:43:41 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-15 07:13:38 +0200 |
commit | ae6d5b79fbce83e5ded8d8d46108b193c164ac14 (patch) | |
tree | 7159527bc7b09973b3af7b77597067a33a27fbeb /ipaserver/plugins/cert.py | |
parent | 0b0c07858a11d0d5db859b321ba948ea6d0dfd65 (diff) | |
download | freeipa-ae6d5b79fbce83e5ded8d8d46108b193c164ac14.tar.gz freeipa-ae6d5b79fbce83e5ded8d8d46108b193c164ac14.tar.xz freeipa-ae6d5b79fbce83e5ded8d8d46108b193c164ac14.zip |
Update cert-request to allow specifying CA
Add the '--ca' option to the 'ipa cert-request' command, for
specifying the CA to which to direct the request.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver/plugins/cert.py')
-rw-r--r-- | ipaserver/plugins/cert.py | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 8fccb7629..63a051fab 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -274,7 +274,13 @@ class cert_request(VirtualCommand): Str('profile_id?', validate_profile_id, label=_("Profile ID"), doc=_("Certificate Profile to use"), - ) + ), + Str('cacn?', + cli_name='ca', + query=True, + label=_("CA"), + doc=_("CA to use"), + ), ) has_output_params = ( @@ -321,7 +327,13 @@ class cert_request(VirtualCommand): add = kw.get('add') request_type = kw.get('request_type') profile_id = kw.get('profile_id', self.Backend.ra.DEFAULT_PROFILE) - ca = IPA_CA_CN # hardcoded until --ca option implemented + + # Check that requested authority exists (done before CA ACL + # enforcement so that user gets better error message if + # referencing nonexistant CA) and look up authority ID. + # + ca = kw.get('cacn', IPA_CA_CN) + ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0] """ Access control is partially handled by the ACI titled @@ -499,7 +511,7 @@ class cert_request(VirtualCommand): # Request the certificate result = self.Backend.ra.request_certificate( - csr, profile_id, None, request_type=request_type) + csr, profile_id, ca_id, request_type=request_type) cert = x509.load_certificate(result['certificate']) result['issuer'] = unicode(cert.issuer) result['valid_not_before'] = unicode(cert.valid_not_before_str) |