From 840e9b2493ab323fb4e118c8aae6068dcca7e18b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edewata@redhat.com> Date: Mon, 15 Jan 2024 13:33:51 +0700 Subject: [PATCH] Update pki-server ca-cert-request-import The pki-server ca-cert-request-import has been updated to support an absolute bootstrap profile path. --- .../server/ca/cli/CACertRequestImportCLI.java | 16 ++++++++++------ base/server/python/pki/server/cli/ca.py | 8 ++++---- .../python/pki/server/deployment/__init__.py | 2 +- base/server/python/pki/server/subsystem.py | 6 +++--- 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java b/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java index 61ebb1b3eae..26597f16334 100644 --- a/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java +++ b/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java @@ -7,6 +7,7 @@ import java.io.File; import java.nio.file.Files; +import java.nio.file.Path; import java.nio.file.Paths; import java.security.SecureRandom; @@ -68,8 +69,8 @@ public void createOptions() { option.setArgName("type"); options.addOption(option); - option = new Option(null, "profile", true, "Profile ID"); - option.setArgName("ID"); + option = new Option(null, "profile", true, "Bootstrap profile path"); + option.setArgName("path"); options.addOption(option); option = new Option(null, "dns-names", true, "Comma-separated list of DNS names"); @@ -111,7 +112,7 @@ public void execute(CommandLine cmd) throws Exception { } if (!cmd.hasOption("profile")) { - throw new Exception("Missing profile ID"); + throw new Exception("Missing bootstrap profile path"); } String requestPath = cmd.getOptionValue("csr"); @@ -146,11 +147,14 @@ public void execute(CommandLine cmd) throws Exception { CAEngineConfig cs = new CAEngineConfig(storage); cs.load(); - String profileID = cmd.getOptionValue("profile"); - String profilePath = confDir + File.separator + profileID; + // If the bootstrap profile path is relative (e.g. caCert.profile), + // convert it to /var/lib/pki/pki-tomcat/ca/conf/<profile>. + // If the bootstrap profile path is absolute, use it as is. + String profile = cmd.getOptionValue("profile"); + Path profilePath = Paths.get(confDir).resolve(profile); logger.info("Loading " + profilePath); - ConfigStorage profileStorage = new FileConfigStorage(profilePath); + ConfigStorage profileStorage = new FileConfigStorage(profilePath.toString()); ConfigStore profileConfig = new ConfigStore(profileStorage); profileConfig.load(); diff --git a/base/server/python/pki/server/cli/ca.py b/base/server/python/pki/server/cli/ca.py index a77139091cc..8d79680f4fc 100644 --- a/base/server/python/pki/server/cli/ca.py +++ b/base/server/python/pki/server/cli/ca.py @@ -744,7 +744,7 @@ def print_help(self): print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat)') print(' --csr <path> Certificate request path') print(' --format <format> Certificate request format: PEM (default), DER') - print(' --profile <filename> Bootstrap profile filename') + print(' --profile <path> Bootstrap profile path') print(' --request <ID> Certificate request ID') print(' -v, --verbose Run in verbose mode.') print(' --debug Run in debug mode.') @@ -767,7 +767,7 @@ def execute(self, argv): instance_name = 'pki-tomcat' request_path = None request_format = None - profile_id = None + profile_path = None request_id = None for o, a in opts: @@ -781,7 +781,7 @@ def execute(self, argv): request_format = a elif o == '--profile': - profile_id = a + profile_path = a elif o == '--request': request_id = a @@ -816,7 +816,7 @@ def execute(self, argv): result = subsystem.import_cert_request( request_path=request_path, request_format=request_format, - profile_id=profile_id, + profile_path=profile_path, request_id=request_id) request_id = result['requestID'] diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py index 8099b5af20c..310d607c592 100644 --- a/base/server/python/pki/server/deployment/__init__.py +++ b/base/server/python/pki/server/deployment/__init__.py @@ -2754,7 +2754,7 @@ def import_cert_request(self, subsystem, tag, request): request_id=request.systemCert.requestID, request_data=request_pem, request_type=request.systemCert.requestType, - profile_id=request.systemCert.profile, + profile_path=request.systemCert.profile, dns_names=request.systemCert.dnsNames, adjust_validity=request.systemCert.adjustValidity) diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py index bf07ed0b7d2..38089ae3236 100644 --- a/base/server/python/pki/server/subsystem.py +++ b/base/server/python/pki/server/subsystem.py @@ -2418,7 +2418,7 @@ def import_cert_request( request_path=None, request_format=None, request_type=None, - profile_id=None, + profile_path=None, dns_names=None, adjust_validity=None): @@ -2440,8 +2440,8 @@ def import_cert_request( if request_type: cmd.extend(['--type', request_type]) - if profile_id: - cmd.extend(['--profile', profile_id]) + if profile_path: + cmd.extend(['--profile', profile_path]) if dns_names: cmd.extend(['--dns-names', ','.join(dns_names)])