Issue

In certprofile-import if the config file contains two profileId directives with different
values, the profile can be imported under an incorrect ID.

e.g. if profile config contains:

profileId=test1
profileId=test2

And you import the profile into FreeIPA as test1, i.e. ipa certprofile-import test1 ...,
then the profile will be imported into Dogtag as test2. The actual certprofile-import operation fails:

# ipa certprofile-import test1 --file test1.cfg --store 1 --desc test1
ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500. 

And no IPA entry for the profile has been created (either as test1 or test2):

# ipa certprofile-show test1
ipa: ERROR: test1: Certificate Profile not found
# ipa certprofile-show test2
ipa: ERROR: test2: Certificate Profile not found

But the profile HAS been imported into Dogtag, as test2

# ldapsearch -D cn=directory\ manager -w secret123 -b 'ou=certificateProfiles,ou=ca,o=ipaca' 1.1 |grep test
# test2, certificateProfiles, ca, ipaca
dn: cn=test2,ou=certificateProfiles,ou=ca,o=ipaca

A subsequent attempt to issue a cert using profile test1 fails:

# ipa cert-request --principal alice --profile test1 alice.csr                                                   
ipa: ERROR: Request failed with status 400: Non-2xx response from CA REST API: 400. Profile test1 Not Found

This operation against Dogtag should probably not even have been attempted, since no
IPA object for the profile was created.

Similarly, attempting to issue using test2 also fails, because that profile has not been
enabled yet:

# ipa cert-request --principal alice --profile test2 alice.csr                                                   
ipa: ERROR: Request failed with status 400: Non-2xx response from CA REST API: 400. Profile test2 not enabled

And again, it should probably not have even been attempted.

Expected behavior

The presense of two profileId directives in the profile configuration should be detected by FreeIPA, and the configuration rejected.