From 8186f0348716c8af6cffc4d5319f5ae0582b620b Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 23 Aug 2016 13:59:33 +0200
Subject: [PATCH] cert: include CA name in cert command output

Include name of the CA that issued a certificate in cert-request, cert-show
and cert-find.

This allows the caller to call further commands on the cert without having
to call ca-find to find the name of the CA.

https://fedorahosted.org/freeipa/ticket/6151
---
 ipaserver/plugins/cert.py | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 5267e38..2e8aa94 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -263,6 +263,15 @@ def bind_principal_can_manage_cert(cert):
 
 class BaseCertObject(Object):
     takes_params = (
+        Str(
+            'cacn?',
+            cli_name='ca',
+            default=IPA_CA_CN,
+            autofill=True,
+            label=_('Issuing CA'),
+            doc=_('Name of issuing CA'),
+            flags={'no_create', 'no_update', 'no_search'},
+        ),
         Bytes(
             'certificate', validate_certificate,
             label=_("Certificate"),
@@ -459,14 +468,7 @@ def _add_san_attribute(
 
 class BaseCertMethod(Method):
     def get_options(self):
-        yield Str('cacn?',
-            cli_name='ca',
-            default=IPA_CA_CN,
-            autofill=True,
-            query=True,
-            label=_('Issuing CA'),
-            doc=_('Name of issuing CA'),
-        )
+        yield self.obj.params['cacn'].clone(query=True)
 
         for option in super(BaseCertMethod, self).get_options():
             yield option
@@ -555,7 +557,8 @@ def execute(self, csr, all=False, raw=False, **kw):
         # referencing nonexistant CA) and look up authority ID.
         #
         ca = kw['cacn']
-        ca_id = api.Command.ca_show(ca)['result']['ipacaid'][0]
+        ca_obj = api.Command.ca_show(ca)['result']
+        ca_id = ca_obj['ipacaid'][0]
 
         """
         Access control is partially handled by the ACI titled
@@ -747,6 +750,7 @@ def execute(self, csr, all=False, raw=False, **kw):
         if not raw:
             self.obj._parse(result, all)
             result['request_id'] = int(result['request_id'])
+            result['cacn'] = ca_obj['cn'][0]
 
         # Success? Then add it to the principal's entry
         # (unless the profile tells us not to)
@@ -926,6 +930,7 @@ def execute(self, serial_number, all=False, raw=False, no_members=False,
             self.obj._parse(result, all)
             result['revoked'] = ('revocation_reason' in result)
             self.obj._fill_owners(result)
+            result['cacn'] = ca_obj['cn'][0]
 
         return dict(result=result, value=pkey_to_value(serial_number, options))
 
@@ -1196,11 +1201,19 @@ def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options):
                 raise
             return result, False, complete
 
+        ca_objs = self.api.Command.ca_find()['result']
+        ca_objs = {DN(ca['ipacasubjectdn'][0]): ca for ca in ca_objs}
+
         ra = self.api.Backend.ra
         for ra_obj in ra.find(ra_options):
             issuer = DN(ra_obj['issuer'])
             serial_number = ra_obj['serial_number']
 
+            try:
+                ca_obj = ca_objs[issuer]
+            except KeyError:
+                continue
+
             if pkey_only:
                 obj = {'serial_number': serial_number}
             else:
@@ -1217,6 +1230,8 @@ def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options):
                             ra_obj['certificate'].replace('\r\n', ''))
                         self.obj._parse(obj)
 
+            obj['cacn'] = ca_obj['cn'][0]
+
             result[issuer, serial_number] = obj
 
         return result, False, complete