diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-09-22 11:13:15 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:01:38 +0200 |
| commit | f40a0ad325fa2cb1700c264a562350da48ccc066 (patch) | |
| tree | 2f368004af1a96e27c86ed14e74c9ac111651dea /ipa-client/ipaclient | |
| parent | bbf962299d23071f238eadbbec4922100cc7c6e8 (diff) | |
| download | freeipa-f40a0ad325fa2cb1700c264a562350da48ccc066.tar.gz freeipa-f40a0ad325fa2cb1700c264a562350da48ccc066.tar.xz freeipa-f40a0ad325fa2cb1700c264a562350da48ccc066.zip | |
Use /etc/ipa/nssdb to get nicknames of IPA certs installed in /etc/pki/nssdb
Previously a list of nicknames was kept in /etc/pki/nssdb/ipa.txt. The file
is removed now.
https://fedorahosted.org/freeipa/ticket/3259
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipa-client/ipaclient')
| -rw-r--r-- | ipa-client/ipaclient/ipa_certupdate.py | 59 |
1 files changed, 21 insertions, 38 deletions
diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py index f7b0e29ba..8259755b3 100644 --- a/ipa-client/ipaclient/ipa_certupdate.py +++ b/ipa-client/ipaclient/ipa_certupdate.py @@ -70,49 +70,32 @@ class CertUpdate(admintool.AdminTool): def update_client(self, certs): self.update_file(paths.IPA_CA_CRT, certs) - self.update_db(paths.IPA_NSSDB_DIR, certs) + ipa_db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR) sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR) - for nickname in ('IPA CA', 'External CA cert'): - try: - sys_db.delete_cert(nickname) - except ipautil.CalledProcessError, e: - pass - - self.update_db(paths.NSS_DB_DIR, certs) - new_nicknames = set(c[1] for c in certs) - old_nicknames = set() - if ipautil.file_exists(paths.NSSDB_IPA_TXT): - try: - list_file = open(paths.NSSDB_IPA_TXT, 'r') - except IOError, e: - self.log.error("failed to open %s: %s", paths.NSSDB_IPA_TXT, e) - else: + # Remove IPA certs from /etc/pki/nssdb + for nickname, trust_flags in ipa_db.list_certs(): + while sys_db.has_nickname(nickname): try: - lines = list_file.readlines() - except IOError, e: - self.log.error( - "failed to read %s: %s", paths.NSSDB_IPA_TXT, e) - else: - for line in lines: - nickname = line.strip() - if nickname: - old_nicknames.add(nickname) - list_file.close() - if new_nicknames != old_nicknames: - try: - list_file = open(paths.NSSDB_IPA_TXT, 'w') - except IOError, e: - self.log.error("failed to open %s: %s", paths.NSSDB_IPA_TXT, e) - else: + sys_db.delete_cert(nickname) + except ipautil.CalledProcessError, e: + self.log.error("Failed to remove %s from %s: %s", + nickname, sys_db.secdir, e) + break + + # Remove old IPA certs from /etc/ipa/nssdb + for nickname in ('IPA CA', 'External CA cert'): + while ipa_db.has_nickname(nickname): try: - for nickname in new_nicknames: - list_file.write(nickname + '\n') - except IOError, e: - self.log.error( - "failed to write %s: %s", paths.NSSDB_IPA_TXT, e) - list_file.close() + ipa_db.delete_cert(nickname) + except ipautil.CalledProcessError, e: + self.log.error("Failed to remove %s from %s: %s", + nickname, ipa_db.secdir, e) + break + + self.update_db(ipa_db.secdir, certs) + self.update_db(sys_db.secdir, certs) tasks.remove_ca_certs_from_systemwide_ca_store() tasks.insert_ca_certs_into_systemwide_ca_store(certs) |