mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Update cert-request to allow specifying CA
Add the '--ca' option to the 'ipa cert-request' command, for specifying the CA to which to direct the request. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
parent
0b0c07858a
commit
ae6d5b79fb
3
API.txt
3
API.txt
@ -758,9 +758,10 @@ arg: Str('serial_number')
|
|||||||
option: Str('version?')
|
option: Str('version?')
|
||||||
output: Output('result')
|
output: Output('result')
|
||||||
command: cert_request
|
command: cert_request
|
||||||
args: 1,5,1
|
args: 1,6,1
|
||||||
arg: File('csr', cli_name='csr_file')
|
arg: File('csr', cli_name='csr_file')
|
||||||
option: Flag('add', autofill=True, default=False)
|
option: Flag('add', autofill=True, default=False)
|
||||||
|
option: Str('cacn?', cli_name='ca')
|
||||||
option: Str('principal')
|
option: Str('principal')
|
||||||
option: Str('profile_id?')
|
option: Str('profile_id?')
|
||||||
option: Str('request_type', autofill=True, default=u'pkcs10')
|
option: Str('request_type', autofill=True, default=u'pkcs10')
|
||||||
|
4
VERSION
4
VERSION
@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
|
|||||||
# #
|
# #
|
||||||
########################################################
|
########################################################
|
||||||
IPA_API_VERSION_MAJOR=2
|
IPA_API_VERSION_MAJOR=2
|
||||||
IPA_API_VERSION_MINOR=182
|
IPA_API_VERSION_MINOR=183
|
||||||
# Last change: ftweedal - update caacl plugin for lightweight CAs
|
# Last change: ftweedal - add --ca option to cert-request
|
||||||
|
@ -274,7 +274,13 @@ class cert_request(VirtualCommand):
|
|||||||
Str('profile_id?', validate_profile_id,
|
Str('profile_id?', validate_profile_id,
|
||||||
label=_("Profile ID"),
|
label=_("Profile ID"),
|
||||||
doc=_("Certificate Profile to use"),
|
doc=_("Certificate Profile to use"),
|
||||||
)
|
),
|
||||||
|
Str('cacn?',
|
||||||
|
cli_name='ca',
|
||||||
|
query=True,
|
||||||
|
label=_("CA"),
|
||||||
|
doc=_("CA to use"),
|
||||||
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
has_output_params = (
|
has_output_params = (
|
||||||
@ -321,7 +327,13 @@ class cert_request(VirtualCommand):
|
|||||||
add = kw.get('add')
|
add = kw.get('add')
|
||||||
request_type = kw.get('request_type')
|
request_type = kw.get('request_type')
|
||||||
profile_id = kw.get('profile_id', self.Backend.ra.DEFAULT_PROFILE)
|
profile_id = kw.get('profile_id', self.Backend.ra.DEFAULT_PROFILE)
|
||||||
ca = IPA_CA_CN # hardcoded until --ca option implemented
|
|
||||||
|
# Check that requested authority exists (done before CA ACL
|
||||||
|
# enforcement so that user gets better error message if
|
||||||
|
# referencing nonexistant CA) and look up authority ID.
|
||||||
|
#
|
||||||
|
ca = kw.get('cacn', IPA_CA_CN)
|
||||||
|
ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]
|
||||||
|
|
||||||
"""
|
"""
|
||||||
Access control is partially handled by the ACI titled
|
Access control is partially handled by the ACI titled
|
||||||
@ -499,7 +511,7 @@ class cert_request(VirtualCommand):
|
|||||||
|
|
||||||
# Request the certificate
|
# Request the certificate
|
||||||
result = self.Backend.ra.request_certificate(
|
result = self.Backend.ra.request_certificate(
|
||||||
csr, profile_id, None, request_type=request_type)
|
csr, profile_id, ca_id, request_type=request_type)
|
||||||
cert = x509.load_certificate(result['certificate'])
|
cert = x509.load_certificate(result['certificate'])
|
||||||
result['issuer'] = unicode(cert.issuer)
|
result['issuer'] = unicode(cert.issuer)
|
||||||
result['valid_not_before'] = unicode(cert.valid_not_before_str)
|
result['valid_not_before'] = unicode(cert.valid_not_before_str)
|
||||||
|
Loading…
Reference in New Issue
Block a user