From c5fe2ba58e011425d56d5edc7823d575e3366b7d Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Tue, 23 Aug 2016 13:59:33 +0200 Subject: [PATCH] cert: include CA name in cert command output Include name of the CA that issued a certificate in cert-request, cert-show and cert-find. This allows the caller to call further commands on the cert without having to call ca-find to find the name of the CA. https://fedorahosted.org/freeipa/ticket/6151 Reviewed-By: Martin Basti --- ipaserver/plugins/cert.py | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index a1166a0d0e5b09586832550c055fc6714c3efe26..67eaeba33610321bf88143dc4ac06a94887427cd 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -262,6 +262,15 @@ def bind_principal_can_manage_cert(cert): class BaseCertObject(Object): takes_params = ( + Str( + 'cacn?', + cli_name='ca', + default=IPA_CA_CN, + autofill=True, + label=_('Issuing CA'), + doc=_('Name of issuing CA'), + flags={'no_create', 'no_update', 'no_search'}, + ), Bytes( 'certificate', validate_certificate, label=_("Certificate"), @@ -336,14 +345,7 @@ class BaseCertObject(Object): class BaseCertMethod(Method): def get_options(self): - yield Str('cacn?', - cli_name='ca', - default=IPA_CA_CN, - autofill=True, - query=True, - label=_('Issuing CA'), - doc=_('Name of issuing CA'), - ) + yield self.obj.params['cacn'].clone(query=True) for option in super(BaseCertMethod, self).get_options(): yield option @@ -432,7 +434,8 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): # referencing nonexistant CA) and look up authority ID. # ca = kw['cacn'] - ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0] + ca_obj = api.Command.ca_show(ca)['result'] + ca_id = ca_obj['ipacaid'][0] """ Access control is partially handled by the ACI titled @@ -623,6 +626,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): if not raw: self.obj._parse(result) result['request_id'] = int(result['request_id']) + result['cacn'] = ca_obj['cn'][0] # Success? Then add it to the principal's entry # (unless the profile tells us not to) @@ -802,6 +806,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand): self.obj._parse(result) result['revoked'] = ('revocation_reason' in result) self.obj._fill_owners(result) + result['cacn'] = ca_obj['cn'][0] return dict(result=result, value=pkey_to_value(serial_number, options)) @@ -1072,11 +1077,19 @@ class cert_find(Search, CertMethod): raise return result, False, complete + ca_objs = self.api.Command.ca_find()['result'] + ca_objs = {DN(ca['ipacasubjectdn'][0]): ca for ca in ca_objs} + ra = self.api.Backend.ra for ra_obj in ra.find(ra_options): issuer = DN(ra_obj['issuer']) serial_number = ra_obj['serial_number'] + try: + ca_obj = ca_objs[issuer] + except KeyError: + continue + if pkey_only: obj = {'serial_number': serial_number} else: @@ -1093,6 +1106,8 @@ class cert_find(Search, CertMethod): ra_obj['certificate'].replace('\r\n', '')) self.obj._parse(obj) + obj['cacn'] = ca_obj['cn'][0] + result[issuer, serial_number] = obj return result, False, complete -- 2.7.4