Update pki-server ca-cert-import

The pki-server ca-cert-import has been updated to support
an absolute bootstrap profile path.

base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertImportCLI.java

@@ -7,6 +7,7 @@
 
 import java.io.File;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.SecureRandom;
 
@@ -65,11 +66,11 @@ public void createOptions() {
         option.setArgName("format");
         options.addOption(option);
 
-        option = new Option(null, "request", true, "Request ID");
-        option.setArgName("ID");
+        option = new Option(null, "profile", true, "Bootstrap profile path");
+        option.setArgName("path");
         options.addOption(option);
 
-        option = new Option(null, "profile", true, "Profile ID");
+        option = new Option(null, "request", true, "Request ID");
         option.setArgName("ID");
         options.addOption(option);
 
@@ -95,17 +96,13 @@ public void execute(CommandLine cmd) throws Exception {
         String certPath = cmd.getOptionValue("cert");
         String certFormat = cmd.getOptionValue("format");
 
-        if (!cmd.hasOption("request")) {
-            throw new Exception("Missing request ID");
-        }
-
-        RequestId requestID = new RequestId(cmd.getOptionValue("request"));
-
         if (!cmd.hasOption("profile")) {
-            throw new Exception("Missing profile ID");
+            throw new Exception("Missing bootstrap profile path");
         }
 
-        String profileID = cmd.getOptionValue("profile");
+        if (!cmd.hasOption("request")) {
+            throw new Exception("Missing request ID");
+        }
 
         // initialize JSS in pki-server CLI
         TomcatJSS tomcatjss = TomcatJSS.getInstance();
@@ -147,10 +144,14 @@ public void execute(CommandLine cmd) throws Exception {
         CAEngineConfig cs = new CAEngineConfig(storage);
         cs.load();
 
-        String profilePath = confDir + File.separator + profileID;
+        // If the bootstrap profile path is relative (e.g. caCert.profile),
+        // convert it to /var/lib/pki/pki-tomcat/ca/conf/<profile>.
+        // If the bootstrap profile path is absolute, use it as is.
+        String profile = cmd.getOptionValue("profile");
+        Path profilePath = Paths.get(confDir).resolve(profile);
 
         logger.info("Loading " + profilePath);
-        ConfigStorage profileStorage = new FileConfigStorage(profilePath);
+        ConfigStorage profileStorage = new FileConfigStorage(profilePath.toString());
         ConfigStore profileConfig = new ConfigStore(profileStorage);
         profileConfig.load();
 
@@ -172,6 +173,8 @@ public void execute(CommandLine cmd) throws Exception {
         dbSubsystem.setEngineConfig(cs);
         dbSubsystem.init(dbConfig, ldapConfig, socketConfig, passwordStore);
 
+        RequestId requestID = new RequestId(cmd.getOptionValue("request"));
+
         try {
             CertificateRepository certificateRepository = new CertificateRepository(secureRandom, dbSubsystem);
             certificateRepository.init();

base/server/python/pki/server/cli/ca.py

@@ -301,7 +301,7 @@ def print_help(self):
         print('  -i, --instance <instance ID>       Instance ID (default: pki-tomcat)')
         print('      --cert <path>                  Certificate path')
         print('      --format <format>              Certificate format: PEM (default), DER')
-        print('      --profile <filename>           Bootstrap profile filename')
+        print('      --profile <path>               Bootstrap profile path')
         print('      --request <ID>                 Request ID')
         print('  -v, --verbose                      Run in verbose mode.')
         print('      --debug                        Run in debug mode.')
@@ -324,7 +324,7 @@ def execute(self, argv):
         instance_name = 'pki-tomcat'
         cert_path = None
         cert_format = None
-        profile_id = None
+        profile_path = None
         request_id = None
 
         for o, a in opts:
@@ -338,7 +338,7 @@ def execute(self, argv):
                 cert_format = a
 
             elif o == '--profile':
-                profile_id = a
+                profile_path = a
 
             elif o == '--request':
                 request_id = a
@@ -373,7 +373,7 @@ def execute(self, argv):
         subsystem.import_cert(
             cert_path=cert_path,
             cert_format=cert_format,
-            profile_id=profile_id,
+            profile_path=profile_path,
             request_id=request_id)
 
 

base/server/python/pki/server/deployment/__init__.py

@@ -3242,8 +3242,8 @@ def import_cert(self, subsystem, tag, request, cert_data):
         subsystem.import_cert(
             cert_data=pem_cert,
             cert_format='PEM',
-            request_id=request.systemCert.requestID,
-            profile_id=request.systemCert.profile)
+            profile_path=request.systemCert.profile,
+            request_id=request.systemCert.requestID)
 
     def setup_system_cert(self, nssdb, subsystem, tag, system_cert, request):
 

base/server/python/pki/server/subsystem.py

@@ -2333,8 +2333,8 @@ def import_cert(
             cert_data=None,
             cert_path=None,
             cert_format=None,
-            request_id=None,
-            profile_id=None):
+            profile_path=None,
+            request_id=None):
 
         tmpdir = tempfile.mkdtemp()
 
@@ -2361,8 +2361,8 @@ def import_cert(
             if request_id:
                 cmd.extend(['--request', request_id])
 
-            if profile_id:
-                cmd.extend(['--profile', profile_id])
+            if profile_path:
+                cmd.extend(['--profile', profile_path])
 
             # run as current user so it can read the input file
             self.run(cmd, as_current_user=True)