diff options
| author | Simo Sorce <ssorce@redhat.com> | 2008-03-27 19:01:38 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2008-03-27 19:01:38 -0400 |
| commit | aac086582aee79ccf72206faf118e997c623170c (patch) | |
| tree | 7c806025ad651531015b62ca806db7a32f55c2a8 /ipa-server/ipaserver/certs.py | |
| parent | b7924139d895c7ebe019fbfc9c85fed3baae642e (diff) | |
| download | freeipa-aac086582aee79ccf72206faf118e997c623170c.tar.gz freeipa-aac086582aee79ccf72206faf118e997c623170c.tar.xz freeipa-aac086582aee79ccf72206faf118e997c623170c.zip | |
Move sysrestore to ipa-python so it can be used by client scripts too.
Change backup format so files are all in a single directory (no dir
hierarchies) and use an index file so we can save also ownership and
permission info for the restore (and eventually other data later on).
Diffstat (limited to 'ipa-server/ipaserver/certs.py')
| -rw-r--r-- | ipa-server/ipaserver/certs.py | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/ipa-server/ipaserver/certs.py b/ipa-server/ipaserver/certs.py index 2ad842c9f..12fb354b9 100644 --- a/ipa-server/ipaserver/certs.py +++ b/ipa-server/ipaserver/certs.py @@ -21,10 +21,11 @@ import os, stat, subprocess, re import sha import errno +from ipa import sysrestore from ipa import ipautil class CertDB(object): - def __init__(self, dir): + def __init__(self, dir, fstore=None): self.secdir = dir self.noise_fname = self.secdir + "/noise.txt" @@ -57,7 +58,12 @@ class CertDB(object): mode = os.stat(self.secdir) self.uid = mode[stat.ST_UID] self.gid = mode[stat.ST_GID] - + + if fstore: + self.fstore = fstore + else: + self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + def set_serial_from_pkcs12(self): """A CA cert was loaded from a PKCS#12 file. Set up our serial file""" @@ -188,7 +194,7 @@ class CertDB(object): return x.group(1) raise RuntimeError("Unable to find serial number") - + def create_server_cert(self, nickname, name, other_certdb=None): cdb = other_certdb if not cdb: @@ -198,7 +204,7 @@ class CertDB(object): self.add_cert(self.certder_fname, nickname) os.unlink(self.certreq_fname) os.unlink(self.certder_fname) - + def create_signing_cert(self, nickname, name, other_certdb=None): cdb = other_certdb if not cdb: @@ -322,7 +328,6 @@ class CertDB(object): server_certs.append((name, flags)) return server_certs - def import_pkcs12(self, pkcs12_fname, passwd_fname=None): args = ["/usr/bin/pk12util", "-d", self.secdir, @@ -369,13 +374,13 @@ class CertDB(object): self.export_ca_cert(False) def backup_files(self): - sysrestore.backup_file(self.noise_fname) - sysrestore.backup_file(self.passwd_fname) - sysrestore.backup_file(self.certdb_fname) - sysrestore.backup_file(self.keydb_fname) - sysrestore.backup_file(self.secmod_fname) - sysrestore.backup_file(self.cacert_fname) - sysrestore.backup_file(self.pk12_fname) - sysrestore.backup_file(self.pin_fname) - sysrestore.backup_file(self.certreq_fname) - sysrestore.backup_file(self.certder_fname) + self.fstore.backup_file(self.noise_fname) + self.fstore.backup_file(self.passwd_fname) + self.fstore.backup_file(self.certdb_fname) + self.fstore.backup_file(self.keydb_fname) + self.fstore.backup_file(self.secmod_fname) + self.fstore.backup_file(self.cacert_fname) + self.fstore.backup_file(self.pk12_fname) + self.fstore.backup_file(self.pin_fname) + self.fstore.backup_file(self.certreq_fname) + self.fstore.backup_file(self.certder_fname) |