freeipa/ipaclient/plugins/ca.py

#
# Copyright (C) 2016  FreeIPA Contributors see COPYING for license
#

import base64
from ipaclient.frontend import MethodOverride
from ipalib import errors, util, x509, Str
from ipalib.plugable import Registry
from ipalib.text import _

register = Registry()


class WithCertOutArgs(MethodOverride):

    takes_options = (
        Str(
            'certificate_out?',
            doc=_('Write certificate (chain if --chain used) to file'),
            include='cli',
            cli_metavar='FILE',
        ),
    )

    def forward(self, *keys, **options):
        filename = None
        if 'certificate_out' in options:
            filename = options.pop('certificate_out')
            try:
                util.check_writable_file(filename)
            except errors.FileError as e:
                raise errors.ValidationError(name='certificate-out',
                                             error=str(e))

        result = super(WithCertOutArgs, self).forward(*keys, **options)
        if filename:
            def to_pem(x):
                return x509.make_pem(x)
            if options.get('chain', False):
                ders = result['result']['certificate_chain']
                data = '\n'.join(to_pem(base64.b64encode(der)) for der in ders)
            else:
                data = to_pem(result['result']['certificate'])
            with open(filename, 'wb') as f:
                f.write(data)

        return result


@register(override=True, no_fail=True)
class ca_add(WithCertOutArgs):
    pass


@register(override=True, no_fail=True)
class ca_show(WithCertOutArgs):
    pass