diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-08-08 14:27:20 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-12-12 13:03:15 +0100 |
commit | 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d (patch) | |
tree | 484f57785d6f872f22e118aed13df38d74a2591e /ipaserver/plugins/dogtag.py | |
parent | cc5b88e5d4ac1171374be9ae8e6e60730243dd3d (diff) | |
download | freeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.tar.gz freeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.tar.xz freeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.zip |
Add options to write lightweight CA cert or chain to file
Administrators need a way to retrieve the certificate or certificate
chain of an IPA-managed lightweight CA. Add params to the `ca'
object for carrying the CA certificate and chain (as multiple DER
values). Add the `--chain' flag for including the chain in the
result (chain is also included with `--all'). Add the
`--certificate-out' option for writing the certificate to a file (or
the chain, if `--chain' was given).
Fixes: https://fedorahosted.org/freeipa/ticket/6178
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipaserver/plugins/dogtag.py')
-rw-r--r-- | ipaserver/plugins/dogtag.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 0bdb4daf2..b77b21aa2 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -2125,6 +2125,18 @@ class ra_lightweight_ca(RestClient): except: raise errors.RemoteRetrieveError(reason=_("Response from CA was not valid JSON")) + def read_ca_cert(self, ca_id): + _status, _resp_headers, resp_body = self._ssldo( + 'GET', '{}/cert'.format(ca_id), + headers={'Accept': 'application/pkix-cert'}) + return resp_body + + def read_ca_chain(self, ca_id): + _status, _resp_headers, resp_body = self._ssldo( + 'GET', '{}/chain'.format(ca_id), + headers={'Accept': 'application/pkcs7-mime'}) + return resp_body + def disable_ca(self, ca_id): self._ssldo( 'POST', ca_id + '/disable', |