Add profile_id parameter to 'request_certificate'

Add the profile_id parameter to the 'request_certificate' function
and update call sites.

Also remove multiple occurrences of the default profile ID
'caIPAserviceCert'.

Part of: https://fedorahosted.org/freeipa/ticket/57

Reviewed-By: Martin Basti <mbasti@redhat.com>

checks/check-ra.py

@@ -90,7 +90,7 @@ def assert_equal(trial, reference):
 
 
 api.log.info('******** Testing ra.request_certificate() ********')
-request_result = ra.request_certificate(csr)
+request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE)
 if verbose: print "request_result=\n%s" % request_result
 assert_equal(request_result,
              {'subject' : subject,

ipalib/plugins/cert.py

@@ -436,7 +436,7 @@ class cert_request(VirtualCommand):
 
         # Request the certificate
         result = self.Backend.ra.request_certificate(
-            csr, request_type=request_type)
+            csr, 'caIPAserviceCert', request_type=request_type)
         cert = x509.load_certificate(result['certificate'])
         result['issuer'] = unicode(cert.issuer)
         result['valid_not_before'] = unicode(cert.valid_not_before_str)

ipapython/dogtag.py

@@ -47,6 +47,8 @@ INCLUDED_PROFILES = {
     (u'caIPAserviceCert', u'Standard profile for network services', True),
     }
 
+DEFAULT_PROFILE = u'caIPAserviceCert'
+
 class Dogtag10Constants(object):
     DOGTAG_VERSION = 10
     UNSECURE_PORT = 8080

ipaserver/install/certs.py

@@ -386,7 +386,7 @@ class CertDB(object):
         # We just want the CSR bits, make sure there is nothing else
         csr = pkcs10.strip_header(csr)
 
-        params = {'profileId': 'caIPAserviceCert',
+        params = {'profileId': dogtag.DEFAULT_PROFILE,
                 'cert_request_type': 'pkcs10',
                 'requestor_name': 'IPA Installer',
                 'cert_request': csr,

ipaserver/plugins/dogtag.py

@@ -1284,6 +1284,8 @@ class ra(rabase.rabase):
     """
     Request Authority backend plugin.
     """
+    DEFAULT_PROFILE = dogtag.DEFAULT_PROFILE
+
     def __init__(self):
         if api.env.in_tree:
             self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
@@ -1541,9 +1543,10 @@ class ra(rabase.rabase):
         return cmd_result
 
 
-    def request_certificate(self, csr, request_type='pkcs10'):
+    def request_certificate(self, csr, profile_id, request_type='pkcs10'):
         """
         :param csr: The certificate signing request.
+        :param profile_id: The profile to use for the request.
         :param request_type: The request type (defaults to ``'pkcs10'``).
 
         Submit certificate signing request.
@@ -1575,7 +1578,7 @@ class ra(rabase.rabase):
         http_status, http_reason_phrase, http_headers, http_body = \
             self._sslget('/ca/eeca/ca/profileSubmitSSLClient',
                          self.env.ca_ee_port,
-                         profileId='caIPAserviceCert',
+                         profileId=profile_id,
                          cert_request_type=request_type,
                          cert_request=csr,
                          xml='true')

ipaserver/plugins/rabase.py

@@ -67,11 +67,12 @@ class rabase(Backend):
         """
         raise errors.NotImplementedError(name='%s.get_certificate' % self.name)
 
-    def request_certificate(self, csr, request_type='pkcs10'):
+    def request_certificate(self, csr, profile_id, request_type='pkcs10'):
         """
         Submit certificate signing request.
 
         :param csr: The certificate signing request.
+        :param profile_id: Profile to use for this request.
         :param request_type: The request type (defaults to ``'pkcs10'``).
         """
         raise errors.NotImplementedError(name='%s.request_certificate' % self.name)