From c5fe2ba58e011425d56d5edc7823d575e3366b7d Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 23 Aug 2016 13:59:33 +0200
Subject: [PATCH] cert: include CA name in cert command output
Include name of the CA that issued a certificate in cert-request, cert-show
and cert-find.
This allows the caller to call further commands on the cert without having
to call ca-find to find the name of the CA.
https://fedorahosted.org/freeipa/ticket/6151
Reviewed-By: Martin Basti <mbasti@redhat.com>
---
ipaserver/plugins/cert.py | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index a1166a0d0e5b09586832550c055fc6714c3efe26..67eaeba33610321bf88143dc4ac06a94887427cd 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -262,6 +262,15 @@ def bind_principal_can_manage_cert(cert):
class BaseCertObject(Object):
takes_params = (
+ Str(
+ 'cacn?',
+ cli_name='ca',
+ default=IPA_CA_CN,
+ autofill=True,
+ label=_('Issuing CA'),
+ doc=_('Name of issuing CA'),
+ flags={'no_create', 'no_update', 'no_search'},
+ ),
Bytes(
'certificate', validate_certificate,
label=_("Certificate"),
@@ -336,14 +345,7 @@ class BaseCertObject(Object):
class BaseCertMethod(Method):
def get_options(self):
- yield Str('cacn?',
- cli_name='ca',
- default=IPA_CA_CN,
- autofill=True,
- query=True,
- label=_('Issuing CA'),
- doc=_('Name of issuing CA'),
- )
+ yield self.obj.params['cacn'].clone(query=True)
for option in super(BaseCertMethod, self).get_options():
yield option
@@ -432,7 +434,8 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
# referencing nonexistant CA) and look up authority ID.
#
ca = kw['cacn']
- ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]
+ ca_obj = api.Command.ca_show(ca)['result']
+ ca_id = ca_obj['ipacaid'][0]
"""
Access control is partially handled by the ACI titled
@@ -623,6 +626,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
if not raw:
self.obj._parse(result)
result['request_id'] = int(result['request_id'])
+ result['cacn'] = ca_obj['cn'][0]
# Success? Then add it to the principal's entry
# (unless the profile tells us not to)
@@ -802,6 +806,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand):
self.obj._parse(result)
result['revoked'] = ('revocation_reason' in result)
self.obj._fill_owners(result)
+ result['cacn'] = ca_obj['cn'][0]
return dict(result=result, value=pkey_to_value(serial_number, options))
@@ -1072,11 +1077,19 @@ class cert_find(Search, CertMethod):
raise
return result, False, complete
+ ca_objs = self.api.Command.ca_find()['result']
+ ca_objs = {DN(ca['ipacasubjectdn'][0]): ca for ca in ca_objs}
+
ra = self.api.Backend.ra
for ra_obj in ra.find(ra_options):
issuer = DN(ra_obj['issuer'])
serial_number = ra_obj['serial_number']
+ try:
+ ca_obj = ca_objs[issuer]
+ except KeyError:
+ continue
+
if pkey_only:
obj = {'serial_number': serial_number}
else:
@@ -1093,6 +1106,8 @@ class cert_find(Search, CertMethod):
ra_obj['certificate'].replace('\r\n', ''))
self.obj._parse(obj)
+ obj['cacn'] = ca_obj['cn'][0]
+
result[issuer, serial_number] = obj
return result, False, complete
--
2.7.4