[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [pki-devel][PATCH] 0039-Ability-to-toggle-profile-usablity-in-Web-vs-CLI-too.patch



[PATCH] Ability to toggle profile usablity in Web vs CLI tools.

Ticket #1442.

This fix gives the command line enrollment commands the ability to enroll a cert against a profile
that has been marked as not visible but "enabled".

With the simple fix the following scenarios tested to work:

The "caUserCert" Profile was marked as not visible, but enabled.

1. pki -c Secret123 client-cert-request --profile caUserCert uid=jmagne
    This is the simplest form of user cert enrollment.

2. pki ca-cert-request-profile-show caUserCert --output testuser.xml
   pki ca-cert-request-submit testuser.xml

    The first command gives us the profile's xml file, which after modification is used to enroll.

3. pki -d ~/.dogtag/pki -c "" -n "PKI Administrator for localdomain" ca-profile-show caUserCert

    This one shows that we can view the contents of a non visible profile. Listing is not allowed.
    We felt this appropiate to allow a command line user to get the details of a non visible profile that
    they know aobut and want to use.
From 14434ac99ae6eaa0affd62d069779fe529eb7556 Mon Sep 17 00:00:00 2001
From: Jack Magne <jmagne localhost localdomain>
Date: Wed, 1 Jul 2015 15:01:45 -0700
Subject: [PATCH] Ability to toggle profile usablity in Web vs CLI tools.

Ticket #1442.

This fix gives the command line enrollment commands the ability to enroll a cert against a profile
that has been marked as not visible but "enabled".

With the simple fix the following scenarios tested to work:

The "caUserCert" Profile was marked as not visible, but enabled.

1. pki -c Secret123 client-cert-request --profile caUserCert uid=jmagne
    This is the simplest form of user cert enrollment.

2. pki ca-cert-request-profile-show caUserCert --output testuser.xml
   pki ca-cert-request-submit testuser.xml

    The first command gives us the profile's xml file, which after modification is used to enroll.

3. pki -d ~/.dogtag/pki -c "" -n "PKI Administrator for localdomain" ca-profile-show caUserCert

    This one shows that we can view the contents of a non visible profile. Listing is not allowed.
    We felt this appropiate to allow a command line user to get the details of a non visible profile that
    they know aobut and want to use.
---
 base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java
index 969cfd1..a11cb47 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java
@@ -336,9 +336,8 @@ public class CertRequestService extends PKIService implements CertRequestResourc
         }
 
         if (! profile.isVisible()) {
-            CMS.debug("getEnrollmentTemplate(): attempt to get enrollment template for non-visible profile");
-            throw new BadRequestException("Cannot provide enrollment template for profile `" + profileId +
-                        "`.  Profile not marked as visible");
+            CMS.debug("getEnrollmentTemplate(): attempt to get enrollment template for non-visible profile. This is ok since command line enrollments should be able to use enabled but non visible profiles.");
+
         }
 
         CertEnrollmentRequest request = new CertEnrollmentRequest();
-- 
2.1.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]