From 8ed891cb619abd2efd428f767edf760ebf5eec5d Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Fri, 10 Mar 2017 09:22:42 +0000
Subject: cert: include certificate chain in cert command output

Include the full certificate chain in the output of cert-request, cert-show
and cert-find if --chain or --all is specified.

If output file is specified in the CLI together with --chain, the full
certificate chain is written to the file.

https://pagure.io/freeipa/issue/6547

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 ipaclient/plugins/cert.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ipaclient/plugins')

diff --git a/ipaclient/plugins/cert.py b/ipaclient/plugins/cert.py
index 62171e92f..9ec6970b1 100644
--- a/ipaclient/plugins/cert.py
+++ b/ipaclient/plugins/cert.py
@@ -57,7 +57,10 @@ class CertRetrieveOverride(MethodOverride):
         result = super(CertRetrieveOverride, self).forward(*args, **options)
 
         if certificate_out is not None:
-            certs = [result['result']['certificate']]
+            if options.get('chain', False):
+                certs = result['result']['certificate_chain']
+            else:
+                certs = [result['result']['certificate']]
             certs = (x509.normalize_certificate(cert) for cert in certs)
             certs = (x509.make_pem(base64.b64encode(cert)) for cert in certs)
             with open(certificate_out, 'w') as f:
-- 
cgit