certmonger

#287 Add the ability to request certificates completely via the IPA API
Merged by rcritten. Opened by rcritten.
rcritten/certmonger issue_284  into  master

This relies on https://github.com/freeipa/freeipa/pull/7645 on the IPA side that adds a cert_request API.

The purpose of this change is to make certmonger less dependent upon the PKI API.

Note that the IPA API is only usable post-installation (chicken-and-egg) so the XML API is used during IPA server bootstrapping.

7 new commits added

  • Pass all=True to certprofile-find to retrieve all profiles
  • Suppress unused arguments to the LDAP SASL interactive callback
  • Fix directive argument is NULL errors (-Wformat-overflow)
  • Fix format-overflow warning when converting time
  • Drop unused cm_submit_d parameters
  • Add tests for the expanded dogtag requests through IPA API
  • Use the IPA API by default for dogtag requests

@rcritten, I'm still testing and reviewing the changes but there seem to be some files missing from tests/Makefile.am - they don't make it into the SRPM and thus RPM build test phase fails. Below is a fixup patch for this PR. I've also created https://pagure.io/certmonger/pull-request/288 which addresses the same issue, but the files were unrelated to this change set.

From adeaa429ef92fa4669b5d36837b56ca460ca484a Mon Sep 17 00:00:00 2001                
From: Fraser Tweedale <ftweedal@redhat.com>                                           
Date: Thu, 6 Feb 2025 09:37:37 -0500                                                  
Subject: [PATCH] fixup                                                                
---                                                                                   
 tests/Makefile.am | 59 +++++++++++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 25 deletions(-)                                                                                                                           
diff --git a/tests/Makefile.am b/tests/Makefile.am                                    
index e20b6d8ff38ed43d5b5da260ed0d64d7f7a9bd31..38b5619e57dbc013325ffb026c9dd1e57b45da80 100644                                                                                               
--- a/tests/Makefile.am                                                               
+++ b/tests/Makefile.am                                                               
@@ -233,31 +233,40 @@ EXTRA_DIST = \                                                  
        018-pembase/run.sh \                                                          
        019-dparse/expected.out \                                                     
        019-dparse/run.sh \                                                           
-       019-dparse/bad.checkRequest.nosuch \                  
-       019-dparse/bad.displayCertFromRequest.incomplete \
-       019-dparse/bad.displayCertFromRequest.no-such-request \
-       019-dparse/bad.displayCertFromRequest.rejected \      
-       019-dparse/bad.profileProcess.bad-property \                
-       019-dparse/bad.profileProcess.no-agent-cert \              
-       019-dparse/bad.profileProcess.no-ca-cert \          
-       019-dparse/bad.profileProcess.no-property \                                   
-       019-dparse/bad.profileProcess.not-pending \                                   
-       019-dparse/bad.profileReview.no-such-request \                                
-       019-dparse/bad.profileReview.unauthorized-cert \                              
-       019-dparse/bad.profileReview.wrong-nssdb \     
-       019-dparse/bad.profileSubmit.csr.empty \          
-       019-dparse/bad.profileSubmit.csr.subject-mismatch \   
-       019-dparse/bad.profileSubmit.serial.empty \                                   
-       019-dparse/bad.profileSubmit.serial.invalid \                                 
-       019-dparse/bad.profileSubmit.serial.out-of-range \                            
-       019-dparse/good.checkRequest.complete \                                       
-       019-dparse/good.checkRequest.pending \                                                                                          
-       019-dparse/good.displayCertFromRequest \                                                                                        
-       019-dparse/good.displayCertFromRequest-extra-line \                           
-       019-dparse/good.profileList \                                                                    
-       019-dparse/good.profileReview \                                                                  
-       019-dparse/good.profileSubmit.issued \                                                           
-       019-dparse/good.profileSubmit.serial.in-range \                                                                                 
+       019-dparse/bad.checkRequest.nosuch.json \                                                                                       
+       019-dparse/bad.checkRequest.nosuch.xml \                                                                                        
+       019-dparse/bad.displayCertFromRequest.incomplete.xml \                                                                          
+       019-dparse/bad.displayCertFromRequest.no-such-request.json \                                                                    
+       019-dparse/bad.displayCertFromRequest.no-such-request.xml \                                                                                           
+       019-dparse/bad.displayCertFromRequest.rejected.xml \                                             
+       019-dparse/bad.profileProcess.bad-property.xml \                                                                                                      
+       019-dparse/bad.profileProcess.no-agent-cert.xml \                                                                               
+       019-dparse/bad.profileProcess.no-ca-cert.xml \                                                                                  
+       019-dparse/bad.profileProcess.no-property.xml \                                                                                 
+       019-dparse/bad.profileProcess.not-pending.xml \                                                                                                       
+       019-dparse/bad.profileReview.no-such-request.xml \                                                                                                    
+       019-dparse/bad.profileReview.unauthorized-cert.xml \                                                                                                  
+       019-dparse/bad.profileReview.wrong-nssdb.xml \                                                                                                        
+       019-dparse/bad.profileSubmit.csr.empty.json \                                          
+       019-dparse/bad.profileSubmit.csr.empty.xml \                                           
+       019-dparse/bad.profileSubmit.csr.invalid.json \                                                                                 
+       019-dparse/bad.profileSubmit.csr.subject-mismatch.xml \                                                                                               
+       019-dparse/bad.profileSubmit.serial.empty.xml \                                                                                                       
+       019-dparse/bad.profileSubmit.serial.invalid.xml \                                                                                                     
+       019-dparse/bad.profileSubmit.serial.out-of-range.xml \                                 
+       019-dparse/good.checkRequest.complete.json \                                           
+       019-dparse/good.checkRequest.complete.xml \                                            
+       019-dparse/good.checkRequest.pending.json \                                            
+       019-dparse/good.checkRequest.pending.xml \                                             
+       019-dparse/good.displayCertFromRequest.json \                                          
+       019-dparse/good.displayCertFromRequest.xml \                                                                                                          
+       019-dparse/good.displayCertFromRequest-extra-line.xml \                                
+       019-dparse/good.profileList.json \                                                     
+       019-dparse/good.profileList.xml \                                                      
+       019-dparse/good.profileReview.xml \                                                    
+       019-dparse/good.profileSubmit.issued.json \                                            
+       019-dparse/good.profileSubmit.issued.xml \                                             
+       019-dparse/good.profileSubmit.serial.in-range.xml \                                    
        020-xparse/certmaster-fault.xml \                                                      
        020-xparse/certmaster-rep1.xml \                                                       
        020-xparse/certmaster-rep2.xml \                                                       
--                                                                                             
2.48.1

rebased onto 1b682f1069a79040ffc6f5de84c27b3160d7a53d

Thanks, I squashed that into the patch that introduced the tests

ACK, we can merge this.

rebased onto a96cf5fc20b264080f43bbc71917fa550c8de84e

Pull-Request has been merged by rcritten
Metadata
None
No Tags
Changes Summary 49
+25 -11
file changed
src/Makefile.am
+891 -466
file changed
src/dogtag.c
+5 -272
file changed
src/ipa.c
+2 -2
file changed
src/scep.c
+3 -3
file changed
src/store-gen.c
+1 -1
file changed
src/store.h
+413 -38
file changed
src/submit-d.c
+27 -20
file changed
src/submit-d.h
+329
file added
src/util-ipa.c
+28
file added
src/util-ipa.h
+14
file added
tests/019-dparse/bad.checkRequest.nosuch.json
+0 -0
file renamed
tests/019-dparse/bad.checkRequest.nosuch
tests/019-dparse/bad.checkRequest.nosuch.xml
+0 -0
file renamed
tests/019-dparse/bad.displayCertFromRequest.incomplete
tests/019-dparse/bad.displayCertFromRequest.incomplete.xml
+14
file added
tests/019-dparse/bad.displayCertFromRequest.no-such-request.json
+0 -0
file renamed
tests/019-dparse/bad.displayCertFromRequest.no-such-request
tests/019-dparse/bad.displayCertFromRequest.no-such-request.xml
+0 -0
file renamed
tests/019-dparse/bad.displayCertFromRequest.rejected
tests/019-dparse/bad.displayCertFromRequest.rejected.xml
+0 -0
file renamed
tests/019-dparse/bad.profileProcess.bad-property
tests/019-dparse/bad.profileProcess.bad-property.xml
+0 -0
file renamed
tests/019-dparse/bad.profileProcess.no-agent-cert
tests/019-dparse/bad.profileProcess.no-agent-cert.xml
+0 -0
file renamed
tests/019-dparse/bad.profileProcess.no-ca-cert
tests/019-dparse/bad.profileProcess.no-ca-cert.xml
+0 -0
file renamed
tests/019-dparse/bad.profileProcess.no-property
tests/019-dparse/bad.profileProcess.no-property.xml
+0 -0
file renamed
tests/019-dparse/bad.profileProcess.not-pending
tests/019-dparse/bad.profileProcess.not-pending.xml
+0 -0
file renamed
tests/019-dparse/bad.profileReview.no-such-request
tests/019-dparse/bad.profileReview.no-such-request.xml
+0 -0
file renamed
tests/019-dparse/bad.profileReview.unauthorized-cert
tests/019-dparse/bad.profileReview.unauthorized-cert.xml
+0 -0
file renamed
tests/019-dparse/bad.profileReview.wrong-nssdb
tests/019-dparse/bad.profileReview.wrong-nssdb.xml
+14
file added
tests/019-dparse/bad.profileSubmit.csr.empty.json
+0 -0
file renamed
tests/019-dparse/bad.profileSubmit.csr.empty
tests/019-dparse/bad.profileSubmit.csr.empty.xml
+14
file added
tests/019-dparse/bad.profileSubmit.csr.invalid.json
+0 -0
file renamed
tests/019-dparse/bad.profileSubmit.csr.subject-mismatch
tests/019-dparse/bad.profileSubmit.csr.subject-mismatch.xml
+0 -0
file renamed
tests/019-dparse/bad.profileSubmit.serial.empty
tests/019-dparse/bad.profileSubmit.serial.empty.xml
+0 -0
file renamed
tests/019-dparse/bad.profileSubmit.serial.invalid
tests/019-dparse/bad.profileSubmit.serial.invalid.xml
+0 -0
file renamed
tests/019-dparse/bad.profileSubmit.serial.out-of-range
tests/019-dparse/bad.profileSubmit.serial.out-of-range.xml
+232 -51
file changed
tests/019-dparse/expected.out
+15
file added
tests/019-dparse/good.checkRequest.complete.json
+0 -0
file renamed
tests/019-dparse/good.checkRequest.complete
tests/019-dparse/good.checkRequest.complete.xml
+15
file added
tests/019-dparse/good.checkRequest.pending.json
+0 -0
file renamed
tests/019-dparse/good.checkRequest.pending
tests/019-dparse/good.checkRequest.pending.xml
+0 -0
file renamed
tests/019-dparse/good.displayCertFromRequest-extra-line
tests/019-dparse/good.displayCertFromRequest-extra-line.xml
+26
file added
tests/019-dparse/good.displayCertFromRequest.json
+0 -0
file renamed
tests/019-dparse/good.displayCertFromRequest
tests/019-dparse/good.displayCertFromRequest.xml
+1140
file added
tests/019-dparse/good.profileList.json
+0 -0
file renamed
tests/019-dparse/good.profileList
tests/019-dparse/good.profileList.xml
+0 -0
file renamed
tests/019-dparse/good.profileReview
tests/019-dparse/good.profileReview.xml
+33
file added
tests/019-dparse/good.profileSubmit.issued.json
+0 -0
file renamed
tests/019-dparse/good.profileSubmit.issued
tests/019-dparse/good.profileSubmit.issued.xml
+0 -0
file renamed
tests/019-dparse/good.profileSubmit.serial.in-range
tests/019-dparse/good.profileSubmit.serial.in-range.xml
+38 -7
file changed
tests/019-dparse/run.sh
+34 -25
file changed
tests/Makefile.am
+1 -1
file changed
tests/tools/Makefile.am
+71 -37
file changed
tests/tools/dparse.c
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.