mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Update cert-request to allow specifying CA
Add the '--ca' option to the 'ipa cert-request' command, for specifying the CA to which to direct the request. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
parent
0b0c07858a
commit
ae6d5b79fb
3
API.txt
3
API.txt
@ -758,9 +758,10 @@ arg: Str('serial_number')
|
||||
option: Str('version?')
|
||||
output: Output('result')
|
||||
command: cert_request
|
||||
args: 1,5,1
|
||||
args: 1,6,1
|
||||
arg: File('csr', cli_name='csr_file')
|
||||
option: Flag('add', autofill=True, default=False)
|
||||
option: Str('cacn?', cli_name='ca')
|
||||
option: Str('principal')
|
||||
option: Str('profile_id?')
|
||||
option: Str('request_type', autofill=True, default=u'pkcs10')
|
||||
|
4
VERSION
4
VERSION
@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
|
||||
# #
|
||||
########################################################
|
||||
IPA_API_VERSION_MAJOR=2
|
||||
IPA_API_VERSION_MINOR=182
|
||||
# Last change: ftweedal - update caacl plugin for lightweight CAs
|
||||
IPA_API_VERSION_MINOR=183
|
||||
# Last change: ftweedal - add --ca option to cert-request
|
||||
|
@ -274,7 +274,13 @@ class cert_request(VirtualCommand):
|
||||
Str('profile_id?', validate_profile_id,
|
||||
label=_("Profile ID"),
|
||||
doc=_("Certificate Profile to use"),
|
||||
)
|
||||
),
|
||||
Str('cacn?',
|
||||
cli_name='ca',
|
||||
query=True,
|
||||
label=_("CA"),
|
||||
doc=_("CA to use"),
|
||||
),
|
||||
)
|
||||
|
||||
has_output_params = (
|
||||
@ -321,7 +327,13 @@ class cert_request(VirtualCommand):
|
||||
add = kw.get('add')
|
||||
request_type = kw.get('request_type')
|
||||
profile_id = kw.get('profile_id', self.Backend.ra.DEFAULT_PROFILE)
|
||||
ca = IPA_CA_CN # hardcoded until --ca option implemented
|
||||
|
||||
# Check that requested authority exists (done before CA ACL
|
||||
# enforcement so that user gets better error message if
|
||||
# referencing nonexistant CA) and look up authority ID.
|
||||
#
|
||||
ca = kw.get('cacn', IPA_CA_CN)
|
||||
ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]
|
||||
|
||||
"""
|
||||
Access control is partially handled by the ACI titled
|
||||
@ -499,7 +511,7 @@ class cert_request(VirtualCommand):
|
||||
|
||||
# Request the certificate
|
||||
result = self.Backend.ra.request_certificate(
|
||||
csr, profile_id, None, request_type=request_type)
|
||||
csr, profile_id, ca_id, request_type=request_type)
|
||||
cert = x509.load_certificate(result['certificate'])
|
||||
result['issuer'] = unicode(cert.issuer)
|
||||
result['valid_not_before'] = unicode(cert.valid_not_before_str)
|
||||
|
Loading…
Reference in New Issue
Block a user