Use NSSDatabase instead of direct certutil calls in client code

https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-09-18 12:00:15 +0200
committer: Martin Kosek <mkosek@redhat.com> 2014-09-30 10:01:38 +0200
commit: bbf962299d23071f238eadbbec4922100cc7c6e8 (patch)
tree: 585090ef42039643782765c581bc97c7d818d79c /ipa-client/ipaclient
parent: b764e9d3e6fcd380c9420c2d442293fdd12ec5dc (diff)
download: freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.tar.gz
freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.tar.xz
freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.zip
1 files changed, 5 insertions, 9 deletions
diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py
index 57dbf200b..f7b0e29ba 100644
--- a/ipa-client/ipaclient/ipa_certupdate.py
+++ b/ipa-client/ipaclient/ipa_certupdate.py
@@ -22,7 +22,7 @@ import tempfile
 import shutil
 
 from ipapython import (admintool, ipautil, ipaldap, sysrestore, dogtag,
-                       certmonger)
+                       certmonger, certdb)
 from ipaplatform import services
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks
@@ -72,11 +72,10 @@ class CertUpdate(admintool.AdminTool):
         self.update_file(paths.IPA_CA_CRT, certs)
         self.update_db(paths.IPA_NSSDB_DIR, certs)
 
+        sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR)
         for nickname in ('IPA CA', 'External CA cert'):
             try:
-                ipautil.run([paths.CERTUTIL, '-D',
-                             '-d', paths.NSS_DB_DIR,
-                             '-n', nickname])
+                sys_db.delete_cert(nickname)
             except ipautil.CalledProcessError, e:
                 pass
 
@@ -165,15 +164,12 @@ class CertUpdate(admintool.AdminTool):
             self.log.error("failed to update %s: %s", filename, e)
 
     def update_db(self, path, certs):
+        db = certdb.NSSDatabase(path)
         for cert, nickname, trusted, eku in certs:
             trust_flags = certstore.key_policy_to_trust_flags(
                 trusted, True, eku)
             try:
-                ipautil.run([paths.CERTUTIL, '-A',
-                             '-d', path,
-                             '-n', nickname,
-                             '-t', trust_flags],
-                             stdin=cert)
+                db.add_cert(cert, nickname, trust_flags)
             except ipautil.CalledProcessError, e:
                 self.log.error(
                     "failed to update %s in %s: %s", nickname, path, e)
author	Jan Cholasta <jcholast@redhat.com>	2014-09-18 12:00:15 +0200
committer	Martin Kosek <mkosek@redhat.com>	2014-09-30 10:01:38 +0200
commit	bbf962299d23071f238eadbbec4922100cc7c6e8 (patch)
tree	585090ef42039643782765c581bc97c7d818d79c /ipa-client/ipaclient
parent	b764e9d3e6fcd380c9420c2d442293fdd12ec5dc (diff)
download	freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.tar.gz freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.tar.xz freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.zip