csrgen: Support encrypted private keys

https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-02-08 20:56:37 -05:00
parent 4350dcdea2
commit ada91c2058
2 changed files with 15 additions and 4 deletions
--- a/ipaclient/plugins/cert.py
+++ b/ipaclient/plugins/cert.py
@@ -51,6 +51,11 @@ class cert_request(MethodOverride):
            label=_('Path to private key file'),
            doc=_('Path to PEM file containing a private key'),
        ),
+        Str(
+            'password_file?',
+            label=_(
+                'File containing a password for the private key or database'),
+        ),
        Str(
            'csr_profile_id?',
            label=_('Name of CSR generation profile (if not the same as'
@@ -68,14 +73,19 @@ class cert_request(MethodOverride):
        database = options.pop('database', None)
        private_key = options.pop('private_key', None)
        csr_profile_id = options.pop('csr_profile_id', None)
+        password_file = options.pop('password_file', None)

        if csr is None:
            if database:
                helper = u'certutil'
                helper_args = ['-d', database]
+                if password_file:
+                    helper_args += ['-f', password_file]
            elif private_key:
                helper = u'openssl'
                helper_args = [private_key]
+                if password_file:
+                    helper_args += ['-passin', 'file:%s' % password_file]
            else:
                raise errors.InvocationError(
                    message=u"One of 'database' or 'private_key' is required")