The Identity, Policy and Audit system
CentOS Sources
2016-11-03 403b09ab980c02ef36095973349a13e0181c794a
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
From c5fe2ba58e011425d56d5edc7823d575e3366b7d Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 23 Aug 2016 13:59:33 +0200
Subject: [PATCH] cert: include CA name in cert command output
 
Include name of the CA that issued a certificate in cert-request, cert-show
and cert-find.
 
This allows the caller to call further commands on the cert without having
to call ca-find to find the name of the CA.
 
https://fedorahosted.org/freeipa/ticket/6151
 
Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipaserver/plugins/cert.py | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)
 
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index a1166a0d0e5b09586832550c055fc6714c3efe26..67eaeba33610321bf88143dc4ac06a94887427cd 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -262,6 +262,15 @@ def bind_principal_can_manage_cert(cert):
 
 class BaseCertObject(Object):
     takes_params = (
+        Str(
+            'cacn?',
+            cli_name='ca',
+            default=IPA_CA_CN,
+            autofill=True,
+            label=_('Issuing CA'),
+            doc=_('Name of issuing CA'),
+            flags={'no_create', 'no_update', 'no_search'},
+        ),
         Bytes(
             'certificate', validate_certificate,
             label=_("Certificate"),
@@ -336,14 +345,7 @@ class BaseCertObject(Object):
 
 class BaseCertMethod(Method):
     def get_options(self):
-        yield Str('cacn?',
-            cli_name='ca',
-            default=IPA_CA_CN,
-            autofill=True,
-            query=True,
-            label=_('Issuing CA'),
-            doc=_('Name of issuing CA'),
-        )
+        yield self.obj.params['cacn'].clone(query=True)
 
         for option in super(BaseCertMethod, self).get_options():
             yield option
@@ -432,7 +434,8 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
         # referencing nonexistant CA) and look up authority ID.
         #
         ca = kw['cacn']
-        ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]
+        ca_obj = api.Command.ca_show(ca)['result']
+        ca_id = ca_obj['ipacaid'][0]
 
         """
         Access control is partially handled by the ACI titled
@@ -623,6 +626,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
         if not raw:
             self.obj._parse(result)
             result['request_id'] = int(result['request_id'])
+            result['cacn'] = ca_obj['cn'][0]
 
         # Success? Then add it to the principal's entry
         # (unless the profile tells us not to)
@@ -802,6 +806,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand):
             self.obj._parse(result)
             result['revoked'] = ('revocation_reason' in result)
             self.obj._fill_owners(result)
+            result['cacn'] = ca_obj['cn'][0]
 
         return dict(result=result, value=pkey_to_value(serial_number, options))
 
@@ -1072,11 +1077,19 @@ class cert_find(Search, CertMethod):
                 raise
             return result, False, complete
 
+        ca_objs = self.api.Command.ca_find()['result']
+        ca_objs = {DN(ca['ipacasubjectdn'][0]): ca for ca in ca_objs}
+
         ra = self.api.Backend.ra
         for ra_obj in ra.find(ra_options):
             issuer = DN(ra_obj['issuer'])
             serial_number = ra_obj['serial_number']
 
+            try:
+                ca_obj = ca_objs[issuer]
+            except KeyError:
+                continue
+
             if pkey_only:
                 obj = {'serial_number': serial_number}
             else:
@@ -1093,6 +1106,8 @@ class cert_find(Search, CertMethod):
                             ra_obj['certificate'].replace('\r\n', ''))
                         self.obj._parse(obj)
 
+            obj['cacn'] = ca_obj['cn'][0]
+
             result[issuer, serial_number] = obj
 
         return result, False, complete
-- 
2.7.4