From 6ab16681b03c3deb25d3e088ae6a9d978a3f30c6 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 23 Aug 2016 13:59:33 +0200
Subject: [PATCH] cert: include CA name in cert command output

Include name of the CA that issued a certificate in cert-request, cert-show
and cert-find.

This allows the caller to call further commands on the cert without having
to call ca-find to find the name of the CA.

https://fedorahosted.org/freeipa/ticket/6151
---
 ipaserver/plugins/cert.py | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 6dd9f6f..a95a0ee 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -262,6 +262,15 @@ def bind_principal_can_manage_cert(cert):
 
 class BaseCertObject(Object):
     takes_params = (
+        Str(
+            'cacn?',
+            cli_name='ca',
+            default=IPA_CA_CN,
+            autofill=True,
+            label=_('Issuing CA'),
+            doc=_('Name of issuing CA'),
+            flags={'no_create', 'no_update', 'no_search'},
+        ),
         Bytes(
             'certificate', validate_certificate,
             label=_("Certificate"),
@@ -336,14 +345,7 @@ def _parse(self, obj, full=True):
 
 class BaseCertMethod(Method):
     def get_options(self):
-        yield Str('cacn?',
-            cli_name='ca',
-            default=IPA_CA_CN,
-            autofill=True,
-            query=True,
-            label=_('Issuing CA'),
-            doc=_('Name of issuing CA'),
-        )
+        yield self.obj.params['cacn'].clone(query=True)
 
         for option in super(BaseCertMethod, self).get_options():
             yield option
@@ -432,7 +434,8 @@ def execute(self, csr, all=False, raw=False, **kw):
         # referencing nonexistant CA) and look up authority ID.
         #
         ca = kw['cacn']
-        ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]
+        ca_obj = api.Command.ca_show(ca)['result']
+        ca_id = ca_obj['ipacaid'][0]
 
         """
         Access control is partially handled by the ACI titled
@@ -623,6 +626,7 @@ def execute(self, csr, all=False, raw=False, **kw):
         if not raw:
             self.obj._parse(result)
             result['request_id'] = int(result['request_id'])
+            result['cacn'] = ca_obj['cn'][0]
 
         # Success? Then add it to the principal's entry
         # (unless the profile tells us not to)
@@ -802,6 +806,7 @@ def execute(self, serial_number, all=False, raw=False, no_members=False,
             self.obj._parse(result)
             result['revoked'] = ('revocation_reason' in result)
             self.obj._fill_owners(result)
+            result['cacn'] = ca_obj['cn'][0]
 
         return dict(result=result, value=pkey_to_value(serial_number, options))
 
@@ -1072,6 +1077,9 @@ def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options):
                 raise
             return result, False, complete
 
+        cas = self.api.Command.ca_find()['result']
+        cas = {DN(ca['ipacasubjectdn'][0]): ca['cn'][0] for ca in cas}
+
         ra = self.api.Backend.ra
         for ra_obj in ra.find(ra_options):
             issuer = DN(ra_obj['issuer'])
@@ -1092,6 +1100,11 @@ def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options):
                             ra_obj['certificate'].replace('\r\n', ''))
                         self.obj._parse(obj)
 
+            try:
+                obj['cacn'] = cas[issuer]
+            except KeyError:
+                pass
+
             result[issuer, serial_number] = obj
 
         return result, False, complete