10:54 p.m.
This patch adds an API call to the ProfileService interface to obtain an
enrollment template for a particular profile. The template is simply a
CertEnrollmentRequest with the relevant inputs for the profile filled
in. The user would then need to simply enter the relevant values and
submit the request using the REST API cert-request-submit.
I think that someone who is using this interface would do one of two
things:
1. Manually edit the template to generate the request.
2. Write client code to add the relevant data to the
CertEnrollmentRequest object.
In fact, I plan to submit a patch that will extend the pki CLI to allow
you to enter the data for a request interactively or through command
line arguments.
It would go something like this:
1. pki cert-request-submit --profile caCertUser
2. CLI will contact Profile service and get the relevant template which
is a CertEnrollmentRequest object.
3. CLI will then iterate through the attributes (which are all uniquely
named) and prompt for their value. The descriptor metadata can be used
to help generate the prompt.
4. CLI will take these results, populate the CertEnrollmentRequest and
send to server.
5. CLI can also take an invocation that looks like this perhaps:
pki cert-request-submit --profile caCertUser --profileArgs [--sn_e
alee(a)redhat.com --sn_cn "Ade Lee" ... ] so that you can do it all on the
command line.
Please review.
Ade
12:08 a.m.
As discussed with Endi, moved the new API to /certrequests instead.
The patch now adds /certrequests/profiles
and /certrequests/profiles/{id} which provides enrollment profiles.
/profiles methods will all be restricted to admins and agents in a
subsequent patch.
Acked by Endi. Pushed to master.
On Wed, 2013-08-28 at 23:54 -0400, Ade Lee wrote:
This patch adds an API call to the ProfileService interface to obtain
an
enrollment template for a particular profile. The template is simply a
CertEnrollmentRequest with the relevant inputs for the profile filled
in. The user would then need to simply enter the relevant values and
submit the request using the REST API cert-request-submit.
I think that someone who is using this interface would do one of two
things:
1. Manually edit the template to generate the request.
2. Write client code to add the relevant data to the
CertEnrollmentRequest object.
In fact, I plan to submit a patch that will extend the pki CLI to allow
you to enter the data for a request interactively or through command
line arguments.
It would go something like this:
1. pki cert-request-submit --profile caCertUser
2. CLI will contact Profile service and get the relevant template which
is a CertEnrollmentRequest object.
3. CLI will then iterate through the attributes (which are all uniquely
named) and prompt for their value. The descriptor metadata can be used
to help generate the prompt.
4. CLI will take these results, populate the CertEnrollmentRequest and
send to server.
5. CLI can also take an invocation that looks like this perhaps:
pki cert-request-submit --profile caCertUser --profileArgs [--sn_e
alee(a)redhat.com --sn_cn "Ade Lee" ... ] so that you can do it all on the
command line.
Please review.
Ade
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
4136
days inactive
4141
days old
1 comments
1 participants
participants (1)
-
Ade Lee