pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone

Blame SOURCES/0111-cert-include-CA-name-in-cert-command-output.patch

403b09
From c5fe2ba58e011425d56d5edc7823d575e3366b7d Mon Sep 17 00:00:00 2001
403b09
From: Jan Cholasta <jcholast@redhat.com>
403b09
Date: Tue, 23 Aug 2016 13:59:33 +0200
403b09
Subject: [PATCH] cert: include CA name in cert command output
403b09
403b09
Include name of the CA that issued a certificate in cert-request, cert-show
403b09
and cert-find.
403b09
403b09
This allows the caller to call further commands on the cert without having
403b09
to call ca-find to find the name of the CA.
403b09
403b09
https://fedorahosted.org/freeipa/ticket/6151
403b09
403b09
Reviewed-By: Martin Basti <mbasti@redhat.com>
403b09
---
403b09
 ipaserver/plugins/cert.py | 33 ++++++++++++++++++++++++---------
403b09
 1 file changed, 24 insertions(+), 9 deletions(-)
403b09
403b09
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
403b09
index a1166a0d0e5b09586832550c055fc6714c3efe26..67eaeba33610321bf88143dc4ac06a94887427cd 100644
403b09
--- a/ipaserver/plugins/cert.py
403b09
+++ b/ipaserver/plugins/cert.py
403b09
@@ -262,6 +262,15 @@ def bind_principal_can_manage_cert(cert):
403b09
 
403b09
 class BaseCertObject(Object):
403b09
     takes_params = (
403b09
+        Str(
403b09
+            'cacn?',
403b09
+            cli_name='ca',
403b09
+            default=IPA_CA_CN,
403b09
+            autofill=True,
403b09
+            label=_('Issuing CA'),
403b09
+            doc=_('Name of issuing CA'),
403b09
+            flags={'no_create', 'no_update', 'no_search'},
403b09
+        ),
403b09
         Bytes(
403b09
             'certificate', validate_certificate,
403b09
             label=_("Certificate"),
403b09
@@ -336,14 +345,7 @@ class BaseCertObject(Object):
403b09
 
403b09
 class BaseCertMethod(Method):
403b09
     def get_options(self):
403b09
-        yield Str('cacn?',
403b09
-            cli_name='ca',
403b09
-            default=IPA_CA_CN,
403b09
-            autofill=True,
403b09
-            query=True,
403b09
-            label=_('Issuing CA'),
403b09
-            doc=_('Name of issuing CA'),
403b09
-        )
403b09
+        yield self.obj.params['cacn'].clone(query=True)
403b09
 
403b09
         for option in super(BaseCertMethod, self).get_options():
403b09
             yield option
403b09
@@ -432,7 +434,8 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
403b09
         # referencing nonexistant CA) and look up authority ID.
403b09
         #
403b09
         ca = kw['cacn']
403b09
-        ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]
403b09
+        ca_obj = api.Command.ca_show(ca)['result']
403b09
+        ca_id = ca_obj['ipacaid'][0]
403b09
 
403b09
         """
403b09
         Access control is partially handled by the ACI titled
403b09
@@ -623,6 +626,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
403b09
         if not raw:
403b09
             self.obj._parse(result)
403b09
             result['request_id'] = int(result['request_id'])
403b09
+            result['cacn'] = ca_obj['cn'][0]
403b09
 
403b09
         # Success? Then add it to the principal's entry
403b09
         # (unless the profile tells us not to)
403b09
@@ -802,6 +806,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand):
403b09
             self.obj._parse(result)
403b09
             result['revoked'] = ('revocation_reason' in result)
403b09
             self.obj._fill_owners(result)
403b09
+            result['cacn'] = ca_obj['cn'][0]
403b09
 
403b09
         return dict(result=result, value=pkey_to_value(serial_number, options))
403b09
 
403b09
@@ -1072,11 +1077,19 @@ class cert_find(Search, CertMethod):
403b09
                 raise
403b09
             return result, False, complete
403b09
 
403b09
+        ca_objs = self.api.Command.ca_find()['result']
403b09
+        ca_objs = {DN(ca['ipacasubjectdn'][0]): ca for ca in ca_objs}
403b09
+
403b09
         ra = self.api.Backend.ra
403b09
         for ra_obj in ra.find(ra_options):
403b09
             issuer = DN(ra_obj['issuer'])
403b09
             serial_number = ra_obj['serial_number']
403b09
 
403b09
+            try:
403b09
+                ca_obj = ca_objs[issuer]
403b09
+            except KeyError:
403b09
+                continue
403b09
+
403b09
             if pkey_only:
403b09
                 obj = {'serial_number': serial_number}
403b09
             else:
403b09
@@ -1093,6 +1106,8 @@ class cert_find(Search, CertMethod):
403b09
                             ra_obj['certificate'].replace('\r\n', ''))
403b09
                         self.obj._parse(obj)
403b09
 
403b09
+            obj['cacn'] = ca_obj['cn'][0]
403b09
+
403b09
             result[issuer, serial_number] = obj
403b09
 
403b09
         return result, False, complete
403b09
-- 
403b09
2.7.4
403b09