#1331 Creating/updating cert profile configuration without a file
Closed: migrated a year ago by dmoluguw. Opened 6 years ago by edewata.

Currently to create or update a certificate profile configuration the admin is required to use a file and be familiar with the file format, which is not very user-friendly:

  • pki ca-profile-add: create profile from file
  • pki ca-profile-show: download profile configuration into file
  • pki ca-profile-mod: update profile configuration from file
  • pki ca-profile-edit: edit profile configuration with file editor

It would be nice to provide a set of CLIs that can be used to manage different aspects of the profile configuration without having to deal with files or learn about the file format. The CLIs may look as follows:

Profile inputs:

$ pki ca-profile-input-find caUserCert
-----------------
3 entries matched
-----------------
  Input name: Key Generation
  Class: keyGenInputImpl

  Input name: Subject Name
  Class: subjectNameInputImpl

  Input name: Requestor Information
  Class: submitterInfoInputImpl
----------------------------
Number of entries returned 3
----------------------------

Profile input attributes:

$ pki ca-profile-input-attribute-find caUserCert "Key Generation"
-----------------
2 entries matched
-----------------
  Attribute Name: cert_request_type
  Description: Key Generation Request Type
  Syntax: keygen_request_type

  Attribute Name: cert_request
  Description: Key Generation Request
  Syntax: keygen_request
----------------------------
Number of entries returned 2
----------------------------

Profile outputs:

$ pki ca-profile-output-find caUserCert
-----------------
1 entries matched
-----------------
  Output name: Certificate Output
  Class: certOutputImpl
----------------------------
Number of entries returned 1
----------------------------

Profile output attributes:

$ pki ca-profile-output-attribute-find caUserCert "Certificate Output"
-----------------
2 entries matched
-----------------
  Attribute Name: pretty_cert
  Description: Certificate Pretty Print
  Syntax: pretty_print

  Attribute Name: b64_cert
  Description: Certificate Base-64 Encoded
  Syntax: pretty_print
----------------------------
Number of entries returned 2
----------------------------

Profile policies:

$ pki ca-profile-policy-find caUserCert
-----------------
1 entries matched
-----------------
  Policy name: userCertSet
----------------------------
Number of entries returned 1
----------------------------

Profile policy constraints:

$ pki ca-profile-policy-constraint-find caUserCert userCertSet
------------------
10 entries matched
------------------
  Constraint name: Subject Name Constraint
  Constraint class: subjectNameConstraintImpl
  Constraint parameters accept: true
  Constraint parameters pattern: UID=.*
  Default name: Subject Name Default
  Default class: userSubjectNameDefaultImpl

  ...
-----------------------------
Number of entries returned 10
-----------------------------

There should be the corresponding -add, -show, -mod, and -del for each component above. With these CLIs the admin should be able to add a blank profile, then add each component one-by-one without using a file. The admin should also be able to manage a certain aspect of a profile without having to download the whole configuration and find the parameter to change in the file.

Proposed milestone: 10.3


Per CS/DS Meeting of 04/13/2015: 10.3

Metadata Update from @edewata:
- Issue set to the milestone: UNTRIAGED

4 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1893

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata