From 91ac959fe5df817e2322428acff392d735fa414e Mon Sep 17 00:00:00 2001
From: Pavel Vomacka <pvomacka@redhat.com>
Date: Mon, 25 Apr 2016 09:38:30 +0200
Subject: [PATCH] Extend the certificate request dialog

The command for requesting certificate for hosts and services is extended.
There is added how to add DNS name as subjectAltName.

https://fedorahosted.org/freeipa/ticket/5645

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
---
 install/ui/src/freeipa/certificate.js | 9 +++++++++
 install/ui/test/data/ipa_init.json    | 3 ++-
 ipaserver/plugins/internal.py         | 3 ++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js
index ec653a0a4..d03be2056 100755
--- a/install/ui/src/freeipa/certificate.js
+++ b/install/ui/src/freeipa/certificate.js
@@ -716,10 +716,19 @@ IPA.cert.request_action = function(spec) {
         }
 
         var request_message = text.get('@i18n:objects.cert.request_message');
+        var ext;
+        if (facet.entity.name === 'service' || facet.entity.name === 'host') {
+            ext = text.get('@i18n:objects.cert.request_message_san');
+        }
+        else {
+            ext = '';
+        }
+        request_message = request_message.replace(/\$\{san\}/g, ext);
         request_message = request_message.replace(/\$\{cn_name\}/g, cn_name);
         request_message = request_message.replace(/\$\{cn\}/g, cn);
         request_message = request_message.replace(/\$\{realm\}/g, IPA.env.realm);
 
+
         var dialog = IPA.cert.request_dialog({
             title: title,
             message: request_message,
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 6fbf4c06d..e04e9f9b9 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -269,7 +269,8 @@
                             "remove_certificate_hold_simple": "Remove Certificate Hold",
                             "remove_certificate_hold_confirmation": "To confirm your intention to remove the certificate hold, click the \"Remove hold\" button.",
                             "remove_from_crl": "Remove from CRL",
-                            "request_message": "<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>",
+                            "request_message": "<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'${san}</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>",
+                            "request_message_san": " -8 '${cn}'",
                             "requested": "Certificate requested",
                             "revocation_reason": "Revocation reason",
                             "revoke_certificate": "Revoke Certificate for ${entity} ${primary_key}",
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
index 850156c34..053c47174 100644
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@@ -406,7 +406,8 @@ class i18n_messages(Command):
                 "remove_certificate_hold_simple": _("Remove Certificate Hold"),
                 "remove_certificate_hold_confirmation": _("To confirm your intention to remove the certificate hold, click the \"Remove hold\" button."),
                 "remove_from_crl": _("Remove from CRL"),
-                "request_message": _("<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>"),
+                "request_message": _("<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'${san}</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>"),
+                "request_message_san": _(" -8 '${cn}'"),
                 "requested": _("Certificate requested"),
                 "revocation_reason": _("Revocation reason"),
                 "revoke_certificate": _("Revoke Certificate for ${entity} ${primary_key}"),