From 0b0c07858a11d0d5db859b321ba948ea6d0dfd65 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Fri, 6 May 2016 13:26:17 +1000 Subject: [PATCH] Add CA argument to ra.request_certificate Add the optional 'ca_id' argument to ra.request_certificate(), for passing an Authority ID to Dogtag. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta Reviewed-By: Martin Babinsky --- checks/check-ra.py | 2 +- ipaserver/plugins/cert.py | 2 +- ipaserver/plugins/dogtag.py | 21 +++++++++++++-------- ipaserver/plugins/rabase.py | 4 +++- 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/checks/check-ra.py b/checks/check-ra.py index bc9cc215b..6942804a4 100755 --- a/checks/check-ra.py +++ b/checks/check-ra.py @@ -90,7 +90,7 @@ def assert_equal(trial, reference): api.log.info('******** Testing ra.request_certificate() ********') -request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE) +request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE, None) if verbose: print("request_result=\n%s" % request_result) assert_equal(request_result, {'subject' : subject, diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index ef53608ec..8fccb7629 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -499,7 +499,7 @@ class cert_request(VirtualCommand): # Request the certificate result = self.Backend.ra.request_certificate( - csr, profile_id, request_type=request_type) + csr, profile_id, None, request_type=request_type) cert = x509.load_certificate(result['certificate']) result['issuer'] = unicode(cert.issuer) result['valid_not_before'] = unicode(cert.valid_not_before_str) diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 20349b05f..43aab92ff 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1554,10 +1554,12 @@ class ra(rabase.rabase): return cmd_result - def request_certificate(self, csr, profile_id, request_type='pkcs10'): + def request_certificate( + self, csr, profile_id, ca_id, request_type='pkcs10'): """ :param csr: The certificate signing request. :param profile_id: The profile to use for the request. + :param ca_id: The Authority ID to send request to. ``None`` is allowed. :param request_type: The request type (defaults to ``'pkcs10'``). Submit certificate signing request. @@ -1586,13 +1588,16 @@ class ra(rabase.rabase): self.debug('%s.request_certificate()', type(self).__name__) # Call CMS - http_status, http_headers, http_body = \ - self._sslget('/ca/eeca/ca/profileSubmitSSLClient', - self.env.ca_ee_port, - profileId=profile_id, - cert_request_type=request_type, - cert_request=csr, - xml='true') + kw = dict( + profileId=profile_id, + cert_request_type=request_type, + cert_request=csr, + xml='true') + if ca_id: + kw['authorityId'] = ca_id + + http_status, http_headers, http_body = self._sslget( + '/ca/eeca/ca/profileSubmitSSLClient', self.env.ca_ee_port, **kw) # Parse and handle errors if http_status != 200: self.raise_certificate_operation_error('request_certificate', diff --git a/ipaserver/plugins/rabase.py b/ipaserver/plugins/rabase.py index 949f3c37e..736c16698 100644 --- a/ipaserver/plugins/rabase.py +++ b/ipaserver/plugins/rabase.py @@ -65,12 +65,14 @@ class rabase(Backend): """ raise errors.NotImplementedError(name='%s.get_certificate' % self.name) - def request_certificate(self, csr, profile_id, request_type='pkcs10'): + def request_certificate( + self, csr, profile_id, ca_id, request_type='pkcs10'): """ Submit certificate signing request. :param csr: The certificate signing request. :param profile_id: Profile to use for this request. + :param ca_id: The Authority ID to send request to. ``None`` is allowed. :param request_type: The request type (defaults to ``'pkcs10'``). """ raise errors.NotImplementedError(name='%s.request_certificate' % self.name)