From 7030bea15b8fa95179ff28d89906181831e72db3 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Tue, 9 Feb 2021 12:10:11 -0600
Subject: [PATCH] Add PKIDeployer.create_admin_csr()

The code that generates the admin CSR has been moved
to PKIDeployer.create_admin_csr().
---
 .../python/pki/server/deployment/__init__.py  | 26 +++++++++++--------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
index 9d20a20802e..00364e12eda 100644
--- a/base/server/python/pki/server/deployment/__init__.py
+++ b/base/server/python/pki/server/deployment/__init__.py
@@ -754,19 +754,11 @@ def load_admin_cert(self, subsystem):
 
         return b64cert
 
-    def create_admin_cert(self, client):
+    def create_admin_csr(self):
 
         if self.mdict['pki_admin_cert_request_type'] != 'pkcs10':
             raise Exception(log.PKI_CONFIG_PKCS10_SUPPORT_ONLY)
 
-        request = pki.system.AdminSetupRequest()
-        request.pin = self.mdict['pki_one_time_pin']
-        request.installToken = self.install_token
-        request.adminKeyType = self.mdict['pki_admin_key_type']
-        request.adminProfileID = self.mdict['pki_admin_profile_id']
-        request.adminSubjectDN = self.mdict['pki_admin_subject_dn']
-        request.adminCertRequestType = self.mdict['pki_admin_cert_request_type']
-
         noise_file = os.path.join(self.mdict['pki_client_database_dir'], 'noise')
         output_file = os.path.join(self.mdict['pki_client_database_dir'], 'admin_pkcs10.bin')
 
@@ -815,7 +807,18 @@ def create_admin_cert(self, client):
         with open(output_file + '.asc', 'r') as f:
             b64csr = f.read().replace('\n', '')
 
-        request.adminCertRequest = b64csr
+        return b64csr
+
+    def create_admin_cert(self, client, csr):
+
+        request = pki.system.AdminSetupRequest()
+        request.pin = self.mdict['pki_one_time_pin']
+        request.installToken = self.install_token
+        request.adminKeyType = self.mdict['pki_admin_key_type']
+        request.adminProfileID = self.mdict['pki_admin_profile_id']
+        request.adminSubjectDN = self.mdict['pki_admin_subject_dn']
+        request.adminCertRequestType = self.mdict['pki_admin_cert_request_type']
+        request.adminCertRequest = csr
 
         response = client.setupAdmin(request)
         return response['adminCert']['cert']
@@ -825,7 +828,8 @@ def get_admin_cert(self, subsystem, client):
         if config.str2bool(self.mdict['pki_import_admin_cert']):
             b64cert = self.load_admin_cert(subsystem)
         else:
-            b64cert = self.create_admin_cert(client)
+            b64csr = self.create_admin_csr()
+            b64cert = self.create_admin_cert(client, b64csr)
 
         logger.info('Admin cert: %s', b64cert)