From 840e9b2493ab323fb4e118c8aae6068dcca7e18b Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 15 Jan 2024 13:33:51 +0700
Subject: [PATCH] Update pki-server ca-cert-request-import

The pki-server ca-cert-request-import has been updated to
support an absolute bootstrap profile path.
---
 .../server/ca/cli/CACertRequestImportCLI.java    | 16 ++++++++++------
 base/server/python/pki/server/cli/ca.py          |  8 ++++----
 .../python/pki/server/deployment/__init__.py     |  2 +-
 base/server/python/pki/server/subsystem.py       |  6 +++---
 4 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java b/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java
index 61ebb1b3eae..26597f16334 100644
--- a/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java
+++ b/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java
@@ -7,6 +7,7 @@
 
 import java.io.File;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.SecureRandom;
 
@@ -68,8 +69,8 @@ public void createOptions() {
         option.setArgName("type");
         options.addOption(option);
 
-        option = new Option(null, "profile", true, "Profile ID");
-        option.setArgName("ID");
+        option = new Option(null, "profile", true, "Bootstrap profile path");
+        option.setArgName("path");
         options.addOption(option);
 
         option = new Option(null, "dns-names", true, "Comma-separated list of DNS names");
@@ -111,7 +112,7 @@ public void execute(CommandLine cmd) throws Exception {
         }
 
         if (!cmd.hasOption("profile")) {
-            throw new Exception("Missing profile ID");
+            throw new Exception("Missing bootstrap profile path");
         }
 
         String requestPath = cmd.getOptionValue("csr");
@@ -146,11 +147,14 @@ public void execute(CommandLine cmd) throws Exception {
         CAEngineConfig cs = new CAEngineConfig(storage);
         cs.load();
 
-        String profileID = cmd.getOptionValue("profile");
-        String profilePath = confDir + File.separator + profileID;
+        // If the bootstrap profile path is relative (e.g. caCert.profile),
+        // convert it to /var/lib/pki/pki-tomcat/ca/conf/<profile>.
+        // If the bootstrap profile path is absolute, use it as is.
+        String profile = cmd.getOptionValue("profile");
+        Path profilePath = Paths.get(confDir).resolve(profile);
 
         logger.info("Loading " + profilePath);
-        ConfigStorage profileStorage = new FileConfigStorage(profilePath);
+        ConfigStorage profileStorage = new FileConfigStorage(profilePath.toString());
         ConfigStore profileConfig = new ConfigStore(profileStorage);
         profileConfig.load();
 
diff --git a/base/server/python/pki/server/cli/ca.py b/base/server/python/pki/server/cli/ca.py
index a77139091cc..8d79680f4fc 100644
--- a/base/server/python/pki/server/cli/ca.py
+++ b/base/server/python/pki/server/cli/ca.py
@@ -744,7 +744,7 @@ def print_help(self):
         print('  -i, --instance <instance ID>     Instance ID (default: pki-tomcat)')
         print('      --csr <path>                 Certificate request path')
         print('      --format <format>            Certificate request format: PEM (default), DER')
-        print('      --profile <filename>         Bootstrap profile filename')
+        print('      --profile <path>             Bootstrap profile path')
         print('      --request <ID>               Certificate request ID')
         print('  -v, --verbose                    Run in verbose mode.')
         print('      --debug                      Run in debug mode.')
@@ -767,7 +767,7 @@ def execute(self, argv):
         instance_name = 'pki-tomcat'
         request_path = None
         request_format = None
-        profile_id = None
+        profile_path = None
         request_id = None
 
         for o, a in opts:
@@ -781,7 +781,7 @@ def execute(self, argv):
                 request_format = a
 
             elif o == '--profile':
-                profile_id = a
+                profile_path = a
 
             elif o == '--request':
                 request_id = a
@@ -816,7 +816,7 @@ def execute(self, argv):
         result = subsystem.import_cert_request(
             request_path=request_path,
             request_format=request_format,
-            profile_id=profile_id,
+            profile_path=profile_path,
             request_id=request_id)
 
         request_id = result['requestID']
diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
index 8099b5af20c..310d607c592 100644
--- a/base/server/python/pki/server/deployment/__init__.py
+++ b/base/server/python/pki/server/deployment/__init__.py
@@ -2754,7 +2754,7 @@ def import_cert_request(self, subsystem, tag, request):
             request_id=request.systemCert.requestID,
             request_data=request_pem,
             request_type=request.systemCert.requestType,
-            profile_id=request.systemCert.profile,
+            profile_path=request.systemCert.profile,
             dns_names=request.systemCert.dnsNames,
             adjust_validity=request.systemCert.adjustValidity)
 
diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py
index bf07ed0b7d2..38089ae3236 100644
--- a/base/server/python/pki/server/subsystem.py
+++ b/base/server/python/pki/server/subsystem.py
@@ -2418,7 +2418,7 @@ def import_cert_request(
             request_path=None,
             request_format=None,
             request_type=None,
-            profile_id=None,
+            profile_path=None,
             dns_names=None,
             adjust_validity=None):
 
@@ -2440,8 +2440,8 @@ def import_cert_request(
         if request_type:
             cmd.extend(['--type', request_type])
 
-        if profile_id:
-            cmd.extend(['--profile', profile_id])
+        if profile_path:
+            cmd.extend(['--profile', profile_path])
 
         if dns_names:
             cmd.extend(['--dns-names', ','.join(dns_names)])