From c7df9cd14122cd0925b27e227dcf0cc377f72bfa Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Apr 14 2015 17:02:55 +0000 Subject: Retrieve the list of profiles from Dogtag CAs Add support for retrieving the list of available profiles from Dogtag CAs. For now, that's just so that we can track them. Later on, we'll teach getcert to warn about an unsupported value when the CA has some vlaues, but it's been given a profile name that isn't among them. --- diff --git a/src/certmonger-dogtag-submit.8.in b/src/certmonger-dogtag-submit.8.in index 247c4cd..daa64f9 100644 --- a/src/certmonger-dogtag-submit.8.in +++ b/src/certmonger-dogtag-submit.8.in @@ -104,6 +104,10 @@ Instead, attempt to obtain a new certificate using the signing request. \fB-R\fR Negates the effect of the \fB-N\fR flag. .TP +\fB-t\fR +Instead of attempting to obtain a new certificate, query the server for a list +of the enabled enrollment profiles. +.TP \fB-v\fR Increases the logging level. Use twice for more logging. This option is mainly useful for troubleshooting. diff --git a/src/dogtag.c b/src/dogtag.c index 1274df9..9fb3930 100644 --- a/src/dogtag.c +++ b/src/dogtag.c @@ -78,9 +78,10 @@ help(const char *cmd) "\t[-S state]\n" "\t[-T profile]\n" "\t[-O param=value]\n" - "\t[-v]\n" "\t[-N | -R]\n" "\t[-V dogtag_version]\n" + "\t[-t]\n" + "\t[-v]\n" "\t[csrfile]\n", strchr(cmd, '/') ? strrchr(cmd, '/') + 1 : cmd); } @@ -158,7 +159,7 @@ main(int argc, char **argv) const char *host = NULL, *dogtag_version = NULL; int eeport, agentport; #endif - enum { op_none, op_submit, op_check, op_approve, op_retrieve } op = op_none; + enum { op_none, op_submit, op_check, op_approve, op_retrieve, op_profiles } op = op_submit; dbus_bool_t can_agent, use_agent, missing_args = FALSE; struct dogtag_default **defaults; enum cm_external_status ret; @@ -173,6 +174,9 @@ main(int argc, char **argv) (strcasecmp(mode, CM_OP_POLL) == 0)) { /* fall through */ } else + if (strcasecmp(mode, CM_OP_FETCH_PROFILES) == 0) { + op = op_profiles; + } else if (strcasecmp(mode, CM_OP_IDENTIFY) == 0) { #ifdef DOGTAG_IPA_RENEW_AGENT printf("Dogtag (IPA,renew,agent) (%s %s)\n", PACKAGE_NAME, @@ -192,7 +196,7 @@ main(int argc, char **argv) savedstate = getenv(CM_SUBMIT_COOKIE_ENV); - while ((c = getopt(argc, argv, "E:A:d:n:i:C:c:k:p:P:s:D:S:T:O:vV:NR")) != -1) { + while ((c = getopt(argc, argv, "E:A:d:n:i:C:c:k:p:P:s:D:S:T:O:vV:NRt")) != -1) { switch (c) { case 'E': eeurl = optarg; @@ -256,6 +260,9 @@ main(int argc, char **argv) p[i] = '\0'; options[num_options - 1].value = p + i + 1; break; + case 't': + op = op_profiles; + break; case 'v': verbose++; break; @@ -426,7 +433,6 @@ main(int argc, char **argv) } /* Figure out where we are in the multi-step process. */ - op = op_none; if ((savedstate != NULL) && ((p = statevar(savedstate, "state")) != NULL) && ((q = statevar(savedstate, "requestId")) != NULL)) { @@ -443,7 +449,6 @@ main(int argc, char **argv) } params = talloc_asprintf(ctx, "requestId=%s", q); } else { - op = op_submit; params = ""; } @@ -537,6 +542,18 @@ main(int argc, char **argv) "xml=true", params); use_agent = FALSE; + case op_profiles: + /* Retrieving the list of profiles. */ + url = talloc_asprintf(ctx, "%s/profileList", eeurl); + if (strlen(params) > 0) { + params = talloc_asprintf(ctx, + "%s&" + "xml=true", + params); + } else { + params = "xml=true"; + } + use_agent_approval = FALSE; break; } @@ -630,6 +647,7 @@ main(int argc, char **argv) case op_submit: case op_check: case op_retrieve: + case op_profiles: /* No second form for these. */ break; } @@ -651,16 +669,19 @@ main(int argc, char **argv) cm_submit_h_result_code(hctx), lasturl); } + talloc_free(ctx); return CM_SUBMIT_STATUS_UNREACHABLE; } if (results == NULL) { printf(_("Internal error: no response to \"%s?%s\".\n"), lasturl, lastparams); + talloc_free(ctx); return CM_SUBMIT_STATUS_REJECTED; } switch (op) { case op_none: printf(_("Internal error: unknown state.\n")); + talloc_free(ctx); return CM_SUBMIT_STATUS_UNCONFIGURED; break; case op_submit: @@ -672,6 +693,7 @@ main(int argc, char **argv) if (q != NULL) { fprintf(stderr, "%s", q); } + talloc_free(ctx); return ret; break; case op_check: @@ -683,6 +705,7 @@ main(int argc, char **argv) if (q != NULL) { fprintf(stderr, "%s", q); } + talloc_free(ctx); return ret; break; case op_approve: @@ -695,6 +718,7 @@ main(int argc, char **argv) if (q != NULL) { fprintf(stderr, "%s", q); } + talloc_free(ctx); return ret; } else { ret = cm_submit_d_review_eval(ctx, results, lasturl, @@ -705,6 +729,7 @@ main(int argc, char **argv) if (q != NULL) { fprintf(stderr, "%s", q); } + talloc_free(ctx); return ret; } break; @@ -717,8 +742,22 @@ main(int argc, char **argv) if (q != NULL) { fprintf(stderr, "%s", q); } + talloc_free(ctx); + return ret; + break; + case op_profiles: + ret = cm_submit_d_profiles_eval(ctx, results, lasturl, + can_agent, &p, &q); + if (p != NULL) { + fprintf(stdout, "%s", p); + } + if (q != NULL) { + fprintf(stderr, "%s", q); + } + talloc_free(ctx); return ret; break; } + talloc_free(ctx); return CM_SUBMIT_STATUS_UNCONFIGURED; } diff --git a/src/submit-d.c b/src/submit-d.c index 93a443a..5592bad 100644 --- a/src/submit-d.c +++ b/src/submit-d.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010,2011,2012,2013 Red Hat, Inc. + * Copyright (C) 2010,2011,2012,2013,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -217,6 +217,7 @@ cm_submit_d_xml_defaults(void *parent, const char *xml) } ret[j] = NULL; } + xmlXPathFreeObject(obj); xmlXPathFreeContext(xpctx); } xmlFreeDoc(doc); @@ -274,6 +275,152 @@ cm_submit_d_xml_value(void *parent, const char *xml, const char *path) } ret = talloc_strndup(parent, content, i + 1); } + xmlXPathFreeObject(obj); + xmlXPathFreeContext(xpctx); + } + xmlFreeDoc(doc); + } + return ret; +} + +static char * +cm_submit_d_text_node(void *parent, xmlXPathObjectPtr obj) +{ + xmlNodePtr node = NULL; + const char *content; + int i; + + if ((obj != NULL) && + (obj->nodesetval != NULL) && + (obj->nodesetval->nodeNr > 0)) { + for (i = 0; + (i < obj->nodesetval->nodeNr) && + (node == NULL); + i++) { + node = obj->nodesetval->nodeTab[i]->children; + while (node != NULL) { + if (node->type == XML_TEXT_NODE) { + break; + } + node = node->next; + } + } + } + if (node != NULL) { + content = (const char *) node->content; + content = content + strspn(content, "\n"); + i = strlen(content) - 1; + while ((i > 0) && + (strchr("\n", content[i]) != NULL)) { + i--; + } + return talloc_strndup(parent, content, i + 1); + } + return NULL; +} + +static char * +cm_submit_d_xml_value_if(void *parent, xmlXPathContextPtr xpctx, + xmlNodePtr node, + const char *value_path, const char *boolean_path1, + const char *boolean_path2) +{ + xmlChar *vpath, *bpath1, *bpath2; + xmlXPathObjectPtr vobj, bobj1, bobj2; + char *v, *b1, *b2; + + vpath = xmlCharStrdup(value_path); + bpath1 = xmlCharStrdup(boolean_path1); + bpath2 = xmlCharStrdup(boolean_path2); + vobj = NULL; + if (vpath != NULL) { + vobj = xmlXPathNodeEval(node, vpath, xpctx); + xmlFree(vpath); + } + v = cm_submit_d_text_node(parent, vobj); + xmlXPathFreeObject(vobj); + if ((v == NULL) || (strlen(v) == 0)) { + return NULL; + } + bobj1 = NULL; + if (bpath1 != NULL) { + bobj1 = xmlXPathNodeEval(node, bpath1, xpctx); + xmlFree(bpath1); + } + bobj2 = NULL; + if (bpath2 != NULL) { + bobj2 = xmlXPathNodeEval(node, bpath2, xpctx); + xmlFree(bpath2); + } + if (bobj1 != NULL) { + b1 = cm_submit_d_text_node(parent, bobj1); + if (strcasecmp(b1, "true") != 0) { + v = NULL; + } + xmlXPathFreeObject(bobj1); + } + if (bobj2 != NULL) { + b2 = cm_submit_d_text_node(parent, bobj2); + if (strcasecmp(b2, "true") != 0) { + v = NULL; + } + xmlXPathFreeObject(bobj2); + } + return (v != NULL) ? talloc_strdup(parent, v) : NULL; +} + +static char ** +cm_submit_d_xml_profiles(void *parent, const char *xml) +{ + xmlXPathContextPtr xpctx; + xmlXPathObjectPtr obj; + xmlDocPtr doc; + xmlNodePtr node; + xmlChar *xpath; + char **ret = NULL, **tmp, *profile; + int i, n = 0; + + doc = xmlParseMemory(xml, strlen(xml)); + if (doc != NULL) { + xpctx = xmlXPathNewContext(doc); + if (xpctx != NULL) { + xpath = xmlCharStrdup("/xml/output/set/record/list/*"); + obj = NULL; + if (xpath != NULL) { + obj = xmlXPathEval(xpath, xpctx); + xmlFree(xpath); + } + node = NULL; + if ((obj != NULL) && + (obj->nodesetval != NULL) && + (obj->nodesetval->nodeNr > 0)) { + for (i = 0; + (i < obj->nodesetval->nodeNr); + i++) { + node = obj->nodesetval->nodeTab[i]; + if ((node->type == XML_ELEMENT_NODE) && + (strcmp((const char *) node->name, + "record") == 0)) { + profile = cm_submit_d_xml_value_if(parent, xpctx, node, + "set/profileId", + "set/profileIsEnable", + "set/profileIsVisible"); + if (profile != NULL) { + tmp = talloc_zero_array(parent, char *, n + 2); + if (tmp != NULL) { + if (n > 0) { + memcpy(tmp, ret, sizeof(char *) * n); + } + tmp[n] = profile; + n++; + tmp[n] = NULL; + ret = tmp; + } + } + } + } + } + xmlXPathFreeObject(obj); xmlXPathFreeContext(xpctx); } xmlFreeDoc(doc); @@ -403,6 +550,20 @@ cm_submit_d_fetch_result(void *parent, const char *xml, return 0; } +int +cm_submit_d_profiles_result(void *parent, const char *xml, + char **error_code, char **error_reason, + char **error, char **status, + char ***profiles) +{ + *error_code = cm_submit_d_xml_value(parent, xml, + "/xml/output/set/errorCode"); + *error_reason = cm_submit_d_xml_value(parent, xml, + "/xml/output/set/errorReason"); + *profiles = cm_submit_d_xml_profiles(parent, xml); + return 0; +} + enum cm_external_status cm_submit_d_submit_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) @@ -635,6 +796,31 @@ cm_submit_d_fetch_eval(void *parent, const char *xml, const char *url, return CM_SUBMIT_STATUS_REJECTED; } +enum cm_external_status +cm_submit_d_profiles_eval(void *parent, const char *xml, const char *url, + dbus_bool_t can_agent, char **out, char **err) +{ + char *error_code = NULL, *error_reason = NULL, *status = NULL; + char **profiles = NULL; + int i; + + *out = NULL; + *err = NULL; + cm_submit_d_profiles_result(parent, xml, &error_code, &error_reason, + err, &status, &profiles); + if (profiles != NULL) { + for (i = 0; profiles[i] != NULL; i++) { + if (*out != NULL) { + *out = talloc_asprintf(parent, "%s%s\n", *out, profiles[i]); + } else { + *out = talloc_asprintf(parent, "%s\n", profiles[i]); + } + } + return CM_SUBMIT_STATUS_ISSUED; + } + return CM_SUBMIT_STATUS_REJECTED; +} + #ifdef CM_SUBMIT_D_MAIN static void usage(void) diff --git a/src/submit-d.h b/src/submit-d.h index 581cce7..e9dcbb4 100644 --- a/src/submit-d.h +++ b/src/submit-d.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010,2012 Red Hat, Inc. + * Copyright (C) 2010,2012,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -42,6 +42,10 @@ int cm_submit_d_fetch_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId, char **cert); +int cm_submit_d_profiles_result(void *parent, const char *xml, + char **error_code, char **error_reason, + char **error, char **status, + char ***profiles); enum cm_external_status cm_submit_d_submit_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, @@ -66,6 +70,10 @@ enum cm_external_status cm_submit_d_fetch_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err); +enum cm_external_status cm_submit_d_profiles_eval(void *parent, const char *xml, + const char *url, + dbus_bool_t can_agent, + char **out, char **err); struct dogtag_default { enum { diff --git a/tests/019-dparse/expected.out b/tests/019-dparse/expected.out index fa69458..360b82c 100644 --- a/tests/019-dparse/expected.out +++ b/tests/019-dparse/expected.out @@ -40,6 +40,32 @@ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- +[profiles-as-agent(good.profileList) = ISSUED] +error_code="0",error_reason="" +caUserCert +caUserSMIMEcapCert +caDualCert +caSignedLogCert +caTPSCert +caServerCert +caOtherCert +caCACert +caInstallCACert +caRACert +caOCSPCert +caTransportCert +caDirUserCert +caAgentServerCert +caAgentFileSigning +caCMCUserCert +DomainController +caDualRAuserCert +caRAagentCert +caRAserverCert +caSSLClientSelfRenewal +caDirUserRenewal +caManualRenewal + [submit-as-agent(bad.profileSubmit.csr.empty) = REJECTED] error="Invalid Request",status="1" Server at "SUBMIT" replied: Invalid Request @@ -126,6 +152,32 @@ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- +[profiles-as-end-entity(good.profileList) = ISSUED] +error_code="0",error_reason="" +caUserCert +caUserSMIMEcapCert +caDualCert +caSignedLogCert +caTPSCert +caServerCert +caOtherCert +caCACert +caInstallCACert +caRACert +caOCSPCert +caTransportCert +caDirUserCert +caAgentServerCert +caAgentFileSigning +caCMCUserCert +DomainController +caDualRAuserCert +caRAagentCert +caRAserverCert +caSSLClientSelfRenewal +caDirUserRenewal +caManualRenewal + [submit-as-end-entity(bad.profileSubmit.csr.empty) = REJECTED] error="Invalid Request",status="1" Server at "SUBMIT" replied: Invalid Request @@ -172,4 +224,4 @@ Server at "FETCH" replied: Request ID 19 was not found in the request queue. [fetch-as-end-entity(bad.displayCertFromRequest.rejected) = REJECTED] error="Request ID 17 was not completed.",status="7" Server at "FETCH" replied: Request ID 17 was not completed. -44 samples. +46 samples. diff --git a/tests/019-dparse/good.profileList b/tests/019-dparse/good.profileList new file mode 100644 index 0000000..1597770 --- /dev/null +++ b/tests/019-dparse/good.profileList @@ -0,0 +1,1028 @@ + + + + + + + + + + + +This certificate profile is for enrolling user certificates. + + +true + + +Manual User Dual-Use Certificate Enrollment + + +admin + + +caUserCert + + +true + + + + + + +This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15 + + +true + + +Manual User Dual-Use S/MIME capabilities Certificate Enrollment + + +admin + + +caUserSMIMEcapCert + + +true + + + + + + +This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later. + + +true + + +Manual User Signing & Encryption Certificates Enrollment + + +admin + + +caDualCert + + +true + + + + + + +This profile is for enrolling audit log signing certificates + + +true + + +Manual Log Signing Certificate Enrollment + + +admin + + +caSignedLogCert + + +true + + + + + + +This certificate profile is for enrolling TPS server certificates. + + +true + + +Manual TPS Server Certificate Enrollment + + +admin + + +caTPSCert + + +true + + + + + + +This certificate profile is for enrolling router certificates. + + +true + + +RA Agent-Authenticated Router Certificate Enrollment + + +admin + + +caRARouterCert + + +false + + + + + + +This certificate profile is for enrolling router certificates. + + +true + + +One Time Pin Router Certificate Enrollment + + +admin + + +caRouterCert + + +false + + + + + + +This certificate profile is for enrolling server certificates. + + +true + + +Manual Server Certificate Enrollment + + +admin + + +caServerCert + + +true + + + + + + +This certificate profile is for enrolling other certificates. + + +true + + +Other Certificate Enrollment + + +admin + + +caOtherCert + + +true + + + + + + +This certificate profile is for enrolling Certificate Authority certificates. + + +true + + +Manual Certificate Manager Signing Certificate Enrollment + + +admin + + +caCACert + + +true + + + + + + +This certificate profile is for enrolling Security Domain Certificate Authority certificates. + + +true + + +Manual Security Domain Certificate Authority Signing Certificate Enrollment + + +admin + + +caInstallCACert + + +true + + + + + + +This certificate profile is for enrolling Registration Manager certificates. + + +true + + +Manual Registration Manager Signing Certificate Enrollment + + +admin + + +caRACert + + +true + + + + + + +This certificate profile is for enrolling OCSP Manager certificates. + + +true + + +Manual OCSP Manager Signing Certificate Enrollment + + +admin + + +caOCSPCert + + +true + + + + + + +This certificate profile is for enrolling Data Recovery Manager transport certificates. + + +true + + +Manual Data Recovery Manager Transport Certificate Enrollment + + +admin + + +caTransportCert + + +true + + + + + + +This certificate profile is for enrolling user certificates with directory-based authentication. + + +true + + +Directory-Authenticated User Dual-Use Certificate Enrollment + + +admin + + +caDirUserCert + + +true + + + + + + +This certificate profile is for enrolling server certificates with agent authentication. + + +true + + +Agent-Authenticated Server Certificate Enrollment + + +admin + + +caAgentServerCert + + +true + + + + + + +This certificate profile is for getting file signing certificate with agent authentication. + + +true + + +Agent-Authenticated File Signing + + +admin + + +caAgentFileSigning + + +true + + + + + + +This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. + + +true + + +Signed CMC-Authenticated User Certificate Enrollment + + +admin + + +caCMCUserCert + + +true + + + + + + +This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. + + +true + + +Signed CMC-Authenticated User Certificate Enrollment + + +admin + + +caFullCMCUserCert + + +false + + + + + + +This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. + + +true + + +Simple CMC Enrollment Request for User Certificate + + +admin + + +caSimpleCMCUserCert + + +false + + + + + + +This profile is for enrolling token device keys + + +true + + +Token Device Key Enrollment + + +admin + + +caTokenDeviceKeyEnrollment + + +false + + + + + + +This profile is for enrolling Token Encryption key + + +true + + +Token User Encryption Certificate Enrollment + + +admin + + +caTokenUserEncryptionKeyEnrollment + + +false + + + + + + +This profile is for enrolling Token Signing key + + +true + + +Token User Signing Certificate Enrollment + + +admin + + +caTokenUserSigningKeyEnrollment + + +false + + + + + + +This profile is for enrolling token device keys + + +true + + +Temporary Device Certificate Enrollment + + +admin + + +caTempTokenDeviceKeyEnrollment + + +false + + + + + + +This profile is for enrolling Token Encryption key + + +true + + +Temporary Token User Encryption Certificate Enrollment + + +admin + + +caTempTokenUserEncryptionKeyEnrollment + + +false + + + + + + +This profile is for enrolling Token Signing key + + +true + + +Temporary Token User Signing Certificate Enrollment + + +admin + + +caTempTokenUserSigningKeyEnrollment + + +false + + + + + + +This certificate profile is for enrolling Security Domain administrator's certificates with LDAP authentication against the internal LDAP database. + + +true + + +Security Domain Administrator Certificate Enrollment + + +admin + + +caAdminCert + + +false + + + + + + +This certificate profile is for enrolling Security Domain server certificates. + + +true + + +Security Domain Server Certificate Enrollment + + +admin + + +caInternalAuthServerCert + + +false + + + + + + +This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates. + + +true + + +Security Domain Data Recovery Manager Transport Certificate Enrollment + + +admin + + +caInternalAuthTransportCert + + +false + + + + + + +This certificate profile is for enrolling Security Domain DRM storage certificates + + +true + + +Security Domain DRM storage Certificate Enrollment + + +admin + + +caInternalAuthDRMstorageCert + + +false + + + + + + +This certificate profile is for enrolling Security Domain subsystem certificates. + + +true + + +Security Domain Subsysem Certificate Enrollment + + +admin + + +caInternalAuthSubsystemCert + + +false + + + + + + +This certificate profile is for enrolling Security Domain OCSP Manager certificates. + + +true + + +Security Domain OCSP Manager Signing Certificate Enrollment + + +admin + + +caInternalAuthOCSPCert + + +false + + + + + + +This certificate profile is for enrolling audit signing certificates. + + +true + + +Audit Signing Certificate Enrollment + + +admin + + +caInternalAuthAuditSigningCert + + +false + + + + + + +This profile is for enrolling Domain Controller Certificate + + +true + + +Domain Controller + + +admin + + +DomainController + + +true + + + + + + +This certificate profile is for enrolling user certificates with RA agent authentication. + + +true + + +RA Agent-Authenticated User Certificate Enrollment + + +admin + + +caDualRAuserCert + + +true + + + + + + +This certificate profile is for enrolling RA agent user certificates with RA agent authentication. + + +true + + +RA Agent-Authenticated Agent User Certificate Enrollment + + +admin + + +caRAagentCert + + +true + + + + + + +This certificate profile is for enrolling server certificates with RA agent authentication. + + +true + + +RA Agent-Authenticated Server Certificate Enrollment + + +admin + + +caRAserverCert + + +true + + + + + + +This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension + + +false + + +Manual device Dual-Use Certificate Enrollment to contain UUID in SAN + + + + + +caUUIDdeviceCert + + +true + + + + + + +This certificate profile is for renewing SSL client certificates. + + +true + + +Renewal: Self-renew user SSL client certificates + + +admin + + +caSSLClientSelfRenewal + + +true + + + + + + +This certificate profile is for renewing a certificate by serial number by using directory based authentication. + + +true + + +Renewal: Directory-Authenticated User Certificate Self-Renew profile + + +admin + + +caDirUserRenewal + + +true + + + + + + +This certificate profile is for renewing certificates to be approved manually by agents. + + +true + + +Renewal: Renew certificate to be manually approved by agents + + +admin + + +caManualRenewal + + +true + + + + + + +This profile is for enrolling MS Login Certificate + + +true + + +Token User MS Login Certificate Enrollment + + +admin + + +caTokenMSLoginEnrollment + + +false + + + + + + +This certificate profile is for renewing a token certificate + + +true + + +smart card token signing cert renewal profile + + +admin + + +caTokenUserSigningKeyRenewal + + +false + + + + + + +This certificate profile is for renewing a token encryption certificate + + +true + + +smart card token signing cert renewal profile + + +admin + + +caTokenUserEncryptionKeyRenewal + + +false + + + + + + +This is an IPA profile for enrolling Jar Signing certificates. + + +true + + +Manual Jar Signing Certificate Enrollment + + +admin + + +caJarSigningCert + + +false + + + + + + +This certificate profile is for enrolling server certificates with IPA-RA agent authentication. + + +true + + +IPA-RA Agent-Authenticated Server Certificate Enrollment + + +admin + + +caIPAserviceCert + + +false + + + + + + +0 + + + + diff --git a/tests/019-dparse/run.sh b/tests/019-dparse/run.sh index a0e28cb..3fc0f95 100755 --- a/tests/019-dparse/run.sh +++ b/tests/019-dparse/run.sh @@ -17,6 +17,10 @@ for good in good.displayCertFromRequest* ; do $toolsdir/dparse fetch $role $good count=`expr $count + 1` done +for good in good.profileList* ; do + $toolsdir/dparse profiles $role $good + count=`expr $count + 1` +done for bad in bad.profileSubmit* ; do $toolsdir/dparse submit $role $bad count=`expr $count + 1` diff --git a/tests/tools/dparse.c b/tests/tools/dparse.c index 1e0c9a5..ceeea9b 100644 --- a/tests/tools/dparse.c +++ b/tests/tools/dparse.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Red Hat, Inc. + * Copyright (C) 2012,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -38,13 +38,13 @@ main(int argc, char **argv) const char *mode, *role, *filename; char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL, *cert = NULL; - char *xml, *out = NULL, *err = NULL; + char *xml, *out = NULL, *err = NULL, **profiles = NULL; dbus_bool_t can_agent; int i, vars; if (argc < 4) { printf("usage: dparse " - "{submit|check|review|reject|approve|fetch} " + "{submit|check|review|reject|approve|fetch|profiles} " "{agent|ee} " "reply.xml\n"); return 0; @@ -101,6 +101,13 @@ main(int argc, char **argv) &status, &requestId, &cert); i = cm_submit_d_fetch_eval(NULL, xml, "FETCH", can_agent, &out, &err); + } else + if (strcmp(mode, "profiles") == 0) { + cm_submit_d_profiles_result(NULL, xml, + &error_code, &error_reason, &error, + &status, &profiles); + i = cm_submit_d_profiles_eval(NULL, xml, "PROFILES", + can_agent, &out, &err); } else { fprintf(stderr, "unknown mode \"%s\"\n", mode); return -1;