def forward(self, csr=None, **options): database = options.pop('database', None) private_key = options.pop('private_key', None) csr_profile_id = options.pop('csr_profile_id', None) password_file = options.pop('password_file', None) if csr is None: # Deferred import, ipaclient.csrgen is expensive to load. # see https://pagure.io/freeipa/issue/7484 from ipaclient import csrgen if database: adaptor = csrgen.NSSAdaptor(database, password_file) elif private_key: adaptor = csrgen.OpenSSLAdaptor( key_filename=private_key, password_filename=password_file) else: raise errors.InvocationError( message=u"One of 'database' or 'private_key' is required") pubkey_info = adaptor.get_subject_public_key_info() pubkey_info_b64 = base64.b64encode(pubkey_info) # If csr_profile_id is passed, that takes precedence. # Otherwise, use profile_id. If neither are passed, the default # in cert_get_requestdata will be used. profile_id = csr_profile_id if profile_id is None: profile_id = options.get('profile_id') response = self.api.Command.cert_get_requestdata( profile_id=profile_id, principal=options.get('principal'), public_key_info=pubkey_info_b64) req_info_b64 = response['result']['request_info'] req_info = base64.b64decode(req_info_b64) csr = adaptor.sign_csr(req_info) if not csr: raise errors.CertificateOperationError( error=(_('Generated CSR was empty'))) else: if database is not None or private_key is not None: raise errors.MutuallyExclusiveError(reason=_( "Options 'database' and 'private_key' are not compatible" " with 'csr'")) return super(cert_request, self).forward(csr, **options)
def forward(self, csr=None, **options): database = options.pop('database', None) private_key = options.pop('private_key', None) csr_profile_id = options.pop('csr_profile_id', None) password_file = options.pop('password_file', None) if csr is None: if database: adaptor = csrgen.NSSAdaptor(database, password_file) elif private_key: adaptor = csrgen.OpenSSLAdaptor(private_key, password_file) else: raise errors.InvocationError( message=u"One of 'database' or 'private_key' is required") pubkey_info = adaptor.get_subject_public_key_info() pubkey_info_b64 = base64.b64encode(pubkey_info) # If csr_profile_id is passed, that takes precedence. # Otherwise, use profile_id. If neither are passed, the default # in cert_get_requestdata will be used. profile_id = csr_profile_id if profile_id is None: profile_id = options.get('profile_id') response = self.api.Command.cert_get_requestdata( profile_id=profile_id, principal=options.get('principal'), public_key_info=unicode(pubkey_info_b64)) req_info_b64 = response['result']['request_info'] req_info = base64.b64decode(req_info_b64) csr = adaptor.sign_csr(req_info) if not csr: raise errors.CertificateOperationError( error=(_('Generated CSR was empty'))) # cert_request requires the CSR to be base64-encoded (but PEM # header and footer are not required) csr = unicode(base64.b64encode(csr)) else: if database is not None or private_key is not None: raise errors.MutuallyExclusiveError(reason=_( "Options 'database' and 'private_key' are not compatible" " with 'csr'")) return super(cert_request, self).forward(csr, **options)