diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-10-15 17:25:34 +0000 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:54 +0100 |
| commit | 9b3055ca4123062044871a1cc72b4c10cab1eeb5 (patch) | |
| tree | 905372c3fefce38fc2a2fb12095e4849070d9268 | |
| parent | 48539b35d78f8872fc2996e045987bcfa6ab7db7 (diff) | |
| download | freeipa-9b3055ca4123062044871a1cc72b4c10cab1eeb5.tar.gz freeipa-9b3055ca4123062044871a1cc72b4c10cab1eeb5.tar.xz freeipa-9b3055ca4123062044871a1cc72b4c10cab1eeb5.zip | |
Upload CA certificate from DS NSS database in CA-less server install.
Before, the file provided in the --root-ca-file option was used directly for
the upload. However, it is the same file which is imported to the NSS
database, so the second code path is not necessary.
Also removed now unused upload_ca_dercert method of dsinstance.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
| -rwxr-xr-x | install/tools/ipa-server-install | 12 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 13 |
2 files changed, 7 insertions, 18 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 3069ba8d0..288022812 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -68,7 +68,7 @@ from ipapython import sysrestore from ipapython.ipautil import * from ipapython import ipautil from ipapython import dogtag -from ipalib import api, errors, util, x509 +from ipalib import api, errors, util from ipapython.config import IPAOptionParser from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file from ipalib.util import validate_domain_name @@ -1120,14 +1120,8 @@ def main(): # This is done within stopped_service context, which restarts CA ca.enable_client_auth_to_db() - # Upload the CA cert to the directory - ds.upload_ca_cert() - else: - with open(options.root_ca_file) as f: - pem_cert = f.read() - - # Upload the CA cert to the directory - ds.upload_ca_dercert(base64.b64decode(x509.strip_header(pem_cert))) + # Upload the CA cert to the directory + ds.upload_ca_cert() krb = krbinstance.KrbInstance(fstore) if options.pkinit_pkcs12: diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index af7d6fae6..a7e5e0787 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -672,22 +672,17 @@ class DsInstance(service.Service): dsdb = certs.NSSDatabase(nssdir=dirname) dsdb.export_pem_cert(nickname, location) - def upload_ca_cert(self, cacert_name=None): + def upload_ca_cert(self): """ Upload the CA certificate from the NSS database to the LDAP directory. """ dirname = config_dirname(self.serverid) - certdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base) + certdb = certs.CertDB(self.realm, nssdir=dirname, + subject_base=self.subject_base) - if cacert_name is None: - cacert_name = certdb.cacert_name - dercert = certdb.get_cert_from_db(cacert_name, pem=False) - self.upload_ca_dercert(dercert) + dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False) - def upload_ca_dercert(self, dercert): - """Upload the CA DER certificate to the LDAP directory - """ conn = ipaldap.IPAdmin(self.fqdn) conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) |