From c5fe2ba58e011425d56d5edc7823d575e3366b7d Mon Sep 17 00:00:00 2001

From: Jan Cholasta <jcholast@redhat.com>

Date: Tue, 23 Aug 2016 13:59:33 +0200

Subject: [PATCH] cert: include CA name in cert command output

Include name of the CA that issued a certificate in cert-request, cert-show

and cert-find.

This allows the caller to call further commands on the cert without having

to call ca-find to find the name of the CA.

https://fedorahosted.org/freeipa/ticket/6151

Reviewed-By: Martin Basti <mbasti@redhat.com>

---

 ipaserver/plugins/cert.py | 33 ++++++++++++++++++++++++---------

 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py

index a1166a0d0e5b09586832550c055fc6714c3efe26..67eaeba33610321bf88143dc4ac06a94887427cd 100644

--- a/ipaserver/plugins/cert.py

+++ b/ipaserver/plugins/cert.py

@@ -262,6 +262,15 @@ def bind_principal_can_manage_cert(cert):

 class BaseCertObject(Object):

     takes_params = (

+        Str(

+            'cacn?',

+            cli_name='ca',

+            default=IPA_CA_CN,

+            autofill=True,

+            label=_('Issuing CA'),

+            doc=_('Name of issuing CA'),

+            flags={'no_create', 'no_update', 'no_search'},

+        ),

         Bytes(

             'certificate', validate_certificate,

             label=_("Certificate"),

@@ -336,14 +345,7 @@ class BaseCertObject(Object):

 class BaseCertMethod(Method):

     def get_options(self):

-        yield Str('cacn?',

-            cli_name='ca',

-            default=IPA_CA_CN,

-            autofill=True,

-            query=True,

-            label=_('Issuing CA'),

-            doc=_('Name of issuing CA'),

-        )

+        yield self.obj.params['cacn'].clone(query=True)

         for option in super(BaseCertMethod, self).get_options():

             yield option

@@ -432,7 +434,8 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):

         # referencing nonexistant CA) and look up authority ID.

         #

         ca = kw['cacn']

-        ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]

+        ca_obj = api.Command.ca_show(ca)['result']

+        ca_id = ca_obj['ipacaid'][0]

         """

         Access control is partially handled by the ACI titled

@@ -623,6 +626,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):

         if not raw:

             self.obj._parse(result)

             result['request_id'] = int(result['request_id'])

+            result['cacn'] = ca_obj['cn'][0]

         # Success? Then add it to the principal's entry

         # (unless the profile tells us not to)

@@ -802,6 +806,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand):

             self.obj._parse(result)

             result['revoked'] = ('revocation_reason' in result)

             self.obj._fill_owners(result)

+            result['cacn'] = ca_obj['cn'][0]

         return dict(result=result, value=pkey_to_value(serial_number, options))

@@ -1072,11 +1077,19 @@ class cert_find(Search, CertMethod):

                 raise

             return result, False, complete

+        ca_objs = self.api.Command.ca_find()['result']

+        ca_objs = {DN(ca['ipacasubjectdn'][0]): ca for ca in ca_objs}

+

         ra = self.api.Backend.ra

         for ra_obj in ra.find(ra_options):

             issuer = DN(ra_obj['issuer'])

             serial_number = ra_obj['serial_number']

+            try:

+                ca_obj = ca_objs[issuer]

+            except KeyError:

+                continue

+

             if pkey_only:

                 obj = {'serial_number': serial_number}

             else:

@@ -1093,6 +1106,8 @@ class cert_find(Search, CertMethod):

                             ra_obj['certificate'].replace('\r\n', ''))

                         self.obj._parse(obj)

+            obj['cacn'] = ca_obj['cn'][0]

+

             result[issuer, serial_number] = obj

         return result, False, complete

-- 

2.7.4