Update cert-request to allow specifying CA

Add the '--ca' option to the 'ipa cert-request' command, for
specifying the CA to which to direct the request.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Fraser Tweedale 2016-05-06 13:43:41 +10:00 committed by Jan Cholasta
parent 0b0c07858a
commit ae6d5b79fb
3 changed files with 19 additions and 6 deletions

View File

@ -758,9 +758,10 @@ arg: Str('serial_number')
option: Str('version?')
output: Output('result')
command: cert_request
args: 1,5,1
args: 1,6,1
arg: File('csr', cli_name='csr_file')
option: Flag('add', autofill=True, default=False)
option: Str('cacn?', cli_name='ca')
option: Str('principal')
option: Str('profile_id?')
option: Str('request_type', autofill=True, default=u'pkcs10')

View File

@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=182
# Last change: ftweedal - update caacl plugin for lightweight CAs
IPA_API_VERSION_MINOR=183
# Last change: ftweedal - add --ca option to cert-request

View File

@ -274,7 +274,13 @@ class cert_request(VirtualCommand):
Str('profile_id?', validate_profile_id,
label=_("Profile ID"),
doc=_("Certificate Profile to use"),
)
),
Str('cacn?',
cli_name='ca',
query=True,
label=_("CA"),
doc=_("CA to use"),
),
)
has_output_params = (
@ -321,7 +327,13 @@ class cert_request(VirtualCommand):
add = kw.get('add')
request_type = kw.get('request_type')
profile_id = kw.get('profile_id', self.Backend.ra.DEFAULT_PROFILE)
ca = IPA_CA_CN # hardcoded until --ca option implemented
# Check that requested authority exists (done before CA ACL
# enforcement so that user gets better error message if
# referencing nonexistant CA) and look up authority ID.
#
ca = kw.get('cacn', IPA_CA_CN)
ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]
"""
Access control is partially handled by the ACI titled
@ -499,7 +511,7 @@ class cert_request(VirtualCommand):
# Request the certificate
result = self.Backend.ra.request_certificate(
csr, profile_id, None, request_type=request_type)
csr, profile_id, ca_id, request_type=request_type)
cert = x509.load_certificate(result['certificate'])
result['issuer'] = unicode(cert.issuer)
result['valid_not_before'] = unicode(cert.valid_not_before_str)