Add CA argument to ra.request_certificate

Add the optional 'ca_id' argument to ra.request_certificate(), for passing an Authority ID to Dogtag. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2024-12-23 07:33:27 -06:00 · 2016-05-06 13:26:17 +10:00 · 2016-05-06 13:26:17 +10:00 · 0b0c07858a
commit 0b0c07858a
parent 9c93015e78
4 changed files with 18 additions and 11 deletions
--- a/checks/check-ra.py
+++ b/checks/check-ra.py
@ -90,7 +90,7 @@ def assert_equal(trial, reference):


 api.log.info('******** Testing ra.request_certificate() ********')
-request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE)
+request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE, None)
 if verbose: print("request_result=\n%s" % request_result)
 assert_equal(request_result,
             {'subject' : subject,
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@ -499,7 +499,7 @@ class cert_request(VirtualCommand):

        # Request the certificate
        result = self.Backend.ra.request_certificate(
-            csr, profile_id, request_type=request_type)
+            csr, profile_id, None, request_type=request_type)
        cert = x509.load_certificate(result['certificate'])
        result['issuer'] = unicode(cert.issuer)
        result['valid_not_before'] = unicode(cert.valid_not_before_str)
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@ -1554,10 +1554,12 @@ class ra(rabase.rabase):
        return cmd_result


-    def request_certificate(self, csr, profile_id, request_type='pkcs10'):
+    def request_certificate(
+            self, csr, profile_id, ca_id, request_type='pkcs10'):
        """
        :param csr: The certificate signing request.
        :param profile_id: The profile to use for the request.
+        :param ca_id: The Authority ID to send request to. ``None`` is allowed.
        :param request_type: The request type (defaults to ``'pkcs10'``).

        Submit certificate signing request.
@ -1586,13 +1588,16 @@ class ra(rabase.rabase):
        self.debug('%s.request_certificate()', type(self).__name__)

        # Call CMS
-        http_status, http_headers, http_body = \
-            self._sslget('/ca/eeca/ca/profileSubmitSSLClient',
-                         self.env.ca_ee_port,
-                         profileId=profile_id,
-                         cert_request_type=request_type,
-                         cert_request=csr,
-                         xml='true')
+        kw = dict(
+            profileId=profile_id,
+            cert_request_type=request_type,
+            cert_request=csr,
+            xml='true')
+        if ca_id:
+            kw['authorityId'] = ca_id
+
+        http_status, http_headers, http_body = self._sslget(
+            '/ca/eeca/ca/profileSubmitSSLClient', self.env.ca_ee_port, **kw)
        # Parse and handle errors
        if http_status != 200:
            self.raise_certificate_operation_error('request_certificate',
--- a/ipaserver/plugins/rabase.py
+++ b/ipaserver/plugins/rabase.py
@ -65,12 +65,14 @@ class rabase(Backend):
        """
        raise errors.NotImplementedError(name='%s.get_certificate' % self.name)

-    def request_certificate(self, csr, profile_id, request_type='pkcs10'):
+    def request_certificate(
+            self, csr, profile_id, ca_id, request_type='pkcs10'):
        """
        Submit certificate signing request.

        :param csr: The certificate signing request.
        :param profile_id: Profile to use for this request.
+        :param ca_id: The Authority ID to send request to. ``None`` is allowed.
        :param request_type: The request type (defaults to ``'pkcs10'``).
        """
        raise errors.NotImplementedError(name='%s.request_certificate' % self.name)