diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java index 8e832c062e8..68c1b35324d 100644 --- a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java +++ b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java @@ -22,9 +22,11 @@ import org.mozilla.jss.netscape.security.util.Utils; import org.mozilla.jss.netscape.security.x509.RevocationReason; import org.mozilla.jss.netscape.security.x509.X509CertImpl; +import org.mozilla.jss.netscape.security.x509.X500Name import com.netscape.certsrv.ca.CACertClient; import com.netscape.certsrv.ca.CAClient; +import com.netscape.certsrv.ca.AuthorityID import com.netscape.certsrv.cert.CertData; import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.cert.CertRequestInfo; @@ -48,6 +50,8 @@ public class PKIIssuer extends ACMEIssuer { private ClientConfig clientConfig = new ClientConfig(); private String profile; + private AuthorityID authority_id; + private X500Name authority_dn; public String getProfile() { return profile; @@ -108,6 +112,18 @@ public void init() throws Exception { profile = config.getParameter("profile"); logger.info("- profile: " + profile); + + String aid = config.getParameter("authority-id"); + if (aid != null) { + authority_id = new AuthorityID(aid); + logger.info("- authority-id: " + aid); + } + + String adn = config.getParameter("authority-dn"); + if (adn != null) { + authority_dn = (X500Name) adn; + logger.info("- authority-dn: " + adn); + } } @Override @@ -164,7 +180,8 @@ public String issueCertificate(PKCS10 pkcs10) throws Exception { logger.info("Request:\n" + certEnrollmentRequest); - CertRequestInfos infos = certClient.enrollRequest(certEnrollmentRequest, null, null); + CertRequestInfos infos = certClient.enrollRequest( + certEnrollmentRequest, authority_id, authority_dn); logger.info("Responses:"); CertRequestInfo info = infos.getEntries().iterator().next(); diff --git a/base/server/python/pki/server/cli/acme.py b/base/server/python/pki/server/cli/acme.py index 589e1133289..efcbd743dff 100644 --- a/base/server/python/pki/server/cli/acme.py +++ b/base/server/python/pki/server/cli/acme.py @@ -984,6 +984,15 @@ def execute(self, argv): if profile: print(' Certificate Profile: %s' % profile) + authority_id = config.get('authority-id') + if authority_id: + print(' Authority ID: %s' % authority_id) + + authority_dn = config.get('authority-dn') + if authority_dn: + print(' Authority DN: %s' % authority_dn) + + class ACMEIssuerModifyCLI(pki.cli.CLI): @@ -1163,6 +1172,23 @@ def execute(self, argv): profile = pki.util.read_text(' Certificate Profile', default=profile, required=True) pki.util.set_property(config, 'profile', profile) + print() + print('Enter ID of the authority for issuing ACME certificates ' + '(empty for main CA, subCA ID otherwise).') + authority_id = config.get('authority-id') + authority_id = pki.util.read_text(' Authority ID', default=authority_id, required=True) + if authority_id: + pki.util.set_property(config, 'authority-id', authority_id) + + if not authority_id: + print() + print('Enter DN of the authority for issuing ACME certificates ' + '(empty for main CA, subCA DN otherwise).') + authority_dn = config.get('authority-dn') + authority_dn = pki.util.read_text(' Authority ID', default=authority_id, required=True) + if authority_dn: + pki.util.set_property(config, 'authority-dn', authority_dn) + subsystem.update_issuer_config(config)