Port ipa-server-certinstall to the admintool framework.

Change the log file path from /var/log/ipa/default.log to admintool's default
path.

https://fedorahosted.org/freeipa/ticket/3641

1 files changed, 4 insertions, 141 deletions

diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall
index 01a7ac097..9bb0ef850 100755
--- a/install/tools/ipa-server-certinstall
+++ b/install/tools/ipa-server-certinstall
@@ -1,7 +1,7 @@
 #! /usr/bin/python -E
-# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+# Authors: Jan Cholasta <jcholast@redhat.com>
 #
-# Copyright (C) 2007  Red Hat
+# Copyright (C) 2013  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -18,143 +18,6 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-import sys
-import os
-import pwd
-import tempfile
+from ipaserver.install.ipa_server_certinstall import ServerCertInstall
 
-import traceback
-
-import krbV
-
-from ipapython.ipautil import user_input
-
-from ipaserver.install import certs, dsinstance, httpinstance, installutils
-from ipalib import api
-from ipapython import admintool
-from ipapython.ipa_log_manager import *
-from ipapython.dn import DN
-from ipaserver.plugins.ldap2 import ldap2
-
-CACERT = "/etc/ipa/ca.crt"
-
-def get_realm_name():
-    c = krbV.default_context()
-    return c.default_realm
-
-def parse_options():
-    from optparse import OptionParser
-    parser = OptionParser()
-
-    parser.add_option("-d", "--dirsrv", dest="dirsrv", action="store_true",
-                      default=False, help="install certificate for the directory server")
-    parser.add_option("-w", "--http", dest="http", action="store_true",
-                      default=False, help="install certificate for the http server")
-    parser.add_option("--dirsrv_pin", dest="dirsrv_pin",
-                      help="The password of the Directory Server PKCS#12 file")
-    parser.add_option("--http_pin", dest="http_pin",
-                      help="The password of the Apache Server PKCS#12 file")
-
-    options, args = parser.parse_args()
-
-    if not options.dirsrv and not options.http:
-        parser.error("you must specify dirsrv and/or http")
-    if ((options.dirsrv and not options.dirsrv_pin) or
-            (options.http and not options.http_pin)):
-        parser.error("you must provide the password for the PKCS#12 file")
-
-    if len(args) != 1:
-        parser.error("you must provide a pkcs12 filename")
-
-    return options, args[0]
-
-def set_ds_cert_name(cert_name, dm_password):
-    conn = ldap2(shared_instance=False, base_dn='')
-    conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password)
-    mod = {'nssslpersonalityssl': cert_name}
-    conn.update_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')), mod)
-    conn.disconnect()
-
-def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password):
-    [pw_fd, pw_name] = tempfile.mkstemp()
-    os.write(pw_fd, pkcs12_passwd)
-    os.close(pw_fd)
-
-    try:
-        server_cert = installutils.check_pkcs12(
-            pkcs12_info=(pkcs12_fname, pw_name),
-            ca_file=CACERT,
-            hostname=api.env.host)
-    except admintool.ScriptError, e:
-        print str(e)
-        sys.exit(1)
-
-    cdb = certs.CertDB(api.env.realm, nssdir=dirname)
-    cdb.create_passwd_file(db_password)
-    cdb.create_certdbs()
-
-    try:
-        try:
-            cdb.nssdb.import_pem_cert('CA', 'CT,CT,', CACERT)
-            cdb.import_pkcs12(pkcs12_fname, pw_name)
-        except RuntimeError, e:
-            print str(e)
-            sys.exit(1)
-    finally:
-        os.remove(pw_name)
-
-    return server_cert
-
-def main():
-    if os.geteuid() != 0:
-        sys.exit("\nYou must be root to run this script.\n")
-
-    installutils.check_server_configuration()
-
-    options, pkcs12_fname = parse_options()
-
-    cfg = dict(in_server=True,)
-
-    standard_logging_setup("/var/log/ipa/default.log")
-
-    api.bootstrap(**cfg)
-    api.finalize()
-
-    try:
-        if options.dirsrv:
-            dm_password = installutils.read_password("Directory Manager",
-                confirm=False, validate=False, retry=False)
-            if dm_password is None:
-                sys.exit("Directory Manager password required")
-            realm = get_realm_name()
-            dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm))
-            fd = open(dirname + "/pwdfile.txt")
-            passwd = fd.read()
-            fd.close()
-
-            server_cert = import_cert(dirname, pkcs12_fname, options.dirsrv_pin, passwd)
-            set_ds_cert_name(server_cert, dm_password)
-
-        if options.http:
-            dirname = certs.NSS_DIR
-            server_cert = import_cert(dirname, pkcs12_fname, options.http_pin, "")
-            installutils.set_directive(httpinstance.NSS_CONF, 'NSSNickname', server_cert)
-
-            # Fix the database permissions
-            os.chmod(dirname + "/cert8.db", 0640)
-            os.chmod(dirname + "/key3.db", 0640)
-            os.chmod(dirname + "/secmod.db", 0640)
-
-            pent = pwd.getpwnam("apache")
-            os.chown(dirname + "/cert8.db", 0, pent.pw_gid )
-            os.chown(dirname + "/key3.db", 0, pent.pw_gid )
-            os.chown(dirname + "/secmod.db", 0, pent.pw_gid )
-
-    except Exception, e:
-        traceback.print_exc(file=sys.stderr)
-        sys.exit("an unexpected error occurred: %s" % str(e))
-
-    return 0
-
-if __name__ == '__main__':
-    installutils.run_script(main, operation_name='ipa-server-certinstall')
+ServerCertInstall.run_cli()